6afa836d11a920200cda47c67178f6cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6afa836d11a920200cda47c67178f6cd_JaffaCakes118
Size

8.8MB
MD5

6afa836d11a920200cda47c67178f6cd
SHA1

5d886e48151d8db3826bb874b36bb05384c74394
SHA256

50416c85ca30fc651faeb87dfae905519c6257e57d41bca669f5100ecbe817e4
SHA512

4a59f2b8b03d1ac8d5b0f2f4b630227f1a62a29ce6e9097158c72eca4cd38fcea774df4717e86fb7d9fd0e6cb3b22a5e9c621ecf07c3e4feeb8f9ebe2c015b01
SSDEEP

196608:LPQGw/LNkxvcSEJtRCik9BU44E34GCKAY0RJkmP7j37cG:LPQGwJkR0PRCik9KE3fB0YmPz3

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/BcNsisHelper.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/InstallOptionsEx.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsisunz.dll

Files

6afa836d11a920200cda47c67178f6cd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:78:c9:53:c7:47:e7:04:96:5b:7b:46:3b:93:1e:1f:0a:0e:df:c9
Signer

Actual PE Digest

e8:78:c9:53:c7:47:e7:04:96:5b:7b:46:3b:93:1e:1f:0a:0e:df:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 868KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/extensions/staged-xpis/{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}/bitcomet_extension_signed.xpi
.zip
BitComet Extension.txt
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
chrome/content/bc_context_menu.js
.js
chrome/content/bc_context_menu.xul
.xml
chrome/content/bc_media_capture.js
.js
chrome/content/bc_media_capture.xul
.xml
chrome/content/unknownContentTypeSaveAs.js
.js
chrome/content/unknownContentTypeSaveAs.xul
chrome/locale/en-US/bc_context_menu.dtd
chrome/locale/en-US/bc_media_capture.dtd
chrome/locale/en-US/bc_media_capture.properties
chrome/locale/zh-CN/bc_context_menu.dtd
chrome/locale/zh-CN/bc_media_capture.dtd
chrome/locale/zh-CN/bc_media_capture.properties
chrome/skin/download_all.png
.png
chrome/skin/download_link.png
.png
chrome/skin/download_media.png
.png
chrome/skin/icon.png
.png
components/IBitCometExtension.dll
.dll windows:5 windows x86 arch:x86

98e27fcd0c2a4e01ac568f9c42837b00

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:92:2d:eb:d4:b9:75:bc:a0:8d:59:b1:c3:2e:42:a5:b8:11:ab:62
Signer

Actual PE Digest

53:92:2d:eb:d4:b9:75:bc:a0:8d:59:b1:c3:2e:42:a5:b8:11:ab:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometExtension_Firefox\app\Release_unicode\BitCometExtension_Firefox.pdb

Imports

xpcom

NS_GetServiceManager
NS_GetComponentManager
NS_StringContainerFinish
NS_StringContainerInit
NS_CStringSetData
NS_CStringGetData
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringSetData

kernel32

MoveFileW
DeleteFileW
SetConsoleMode
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
MultiByteToWideChar
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetLastError
RaiseException
RtlUnwind
HeapFree
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
SetConsoleCtrlHandler
VirtualAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
GetVersionExW
GetProcessHeap
WaitForSingleObject
GetSystemInfo
LoadLibraryW
lstrcpyW
OutputDebugStringW
FileTimeToLocalFileTime
GetModuleFileNameW
CreateFileW
CreateProcessW
lstrcpynW
GetModuleHandleA
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ResetEvent
ExpandEnvironmentStringsW
DebugBreak
GetEnvironmentVariableW
GetDriveTypeW
ReleaseMutex
ReleaseSemaphore
FormatMessageW
GetFileAttributesW
FindClose
FindFirstFileW
FileTimeToSystemTime
GetTempPathW
GetTempFileNameW
ReadFile
WaitForMultipleObjects
PeekNamedPipe
SetCurrentDirectoryW
CopyFileW
ReadConsoleInputA
OpenEventA
AreFileApisANSI
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEndOfFile
GetFileInformationByHandle
SetEvent
CloseHandle
CreateEventA
CreateMutexA
DeviceIoControl
FindFirstFileA
SetEnvironmentVariableA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

DestroyWindow
UnregisterClassW
MessageBoxW
GetWindowTextW
EnumThreadWindows
MessageBoxA
DdeFreeStringHandle
DdeUninitialize
DdeQueryStringW
DdeCreateDataHandle
DdeFreeDataHandle
DdeGetData
DdeGetLastError
DdeInitializeW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
DdeDisconnect
DdePostAdvise
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction

advapi32

RegQueryValueExW
RegOpenKeyExW
GetUserNameW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc

ole32

CoCreateGuid
CoCreateInstance

Exports

Exports

NSModule

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/IBitCometExtension.xpt
defaults/preferences/bc_context_menu.js
install.rdf
readme.txt
$0/fav/HowTo-AddYourSite.txt
$0/fav/download-complete.wav
$0/fav/fav_en_us.xml
.xml
$0/fav/fav_ja.xml
.xml
$0/fav/fav_zh_cn.xml
$0/fav/fav_zh_tw.xml
.xml
$0/fav/passport_info_en_us.mht
.eml .js polyglot
- http://blog.bitcomet.com/?login
- http://blog.bitcomet.com/bcmedia/albums/?login
- http://www.apphit.com/?login
- http://www.atcomet.com/?login
- http://www.mcomet.com/?login
- http://www.playcomet.com/?login
attachment-10
.gif
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
attachment-8
.gif
attachment-9
.gif
email-html-1.txt
.js
$0/fav/passport_info_zh_cn.mht
.eml .js polyglot
- http://hero.txwy.com/?login
- http://tf.txwy.com/?login
- http://ww2.txwy.com/?login
- http://www.cometbbs.com/?login
- http://www.txwy.com/?login
- http://www.txwybbs.com/?login
attachment-10
.gif
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
attachment-8
.gif
attachment-9
.gif
email-html-1.txt
.js
$0/fav/passport_info_zh_tw.mht
.eml .js polyglot
- http://ao.txwy.tw/?login
- http://bbs.txwy.tw/?login
- http://m.txwy.tw/?login
- http://tf.txwy.tw/?login
- http://ww2.txwy.tw/?login
- http://www.txwy.tw/?login
attachment-10
.gif
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
attachment-8
.gif
attachment-9
.gif
email-html-1.txt
.js
$0/fav/passport_login_en_us.mht
.eml
- http://blog.bitcomet.com/?login
- http://blog.bitcomet.com/bcmedia/albums/?login
- http://www.apphit.com/?login
- http://www.atcomet.com/?login
- http://www.cometid.com/passport/register?login
- http://www.mcomet.com/?login
- http://www.playcomet.com/?login
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
email-html-1.txt
$0/fav/passport_login_zh_cn.mht
.eml
- http://blog.mdbchina.com/?login
- http://game.didai.com/?login
- http://m.didai.com/?login
- http://mp3.didai.com/?login
- http://my.mdbchina.com/?login
- http://www.cometpass.com/passport/register?login
- http://www.mdbchina.cn/?login
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
email-html-1.txt
$0/fav/passport_login_zh_tw.mht
.eml
- http://ao.txwy.tw/?login
- http://bbs.txwy.tw/?login
- http://m.txwy.tw/?login
- http://tf.txwy.tw/?login
- http://ww2.txwy.tw/?login
- http://www.cometpassport.com/passport/register?login
- http://www.txwy.tw/?login
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
email-html-1.txt
$PLUGINSDIR/BcNsisHelper.dll
.dll windows:5 windows x86 arch:x86

f8ae1b5e812aeebf8b05f5035b07c398

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
HeapCreate
HeapDestroy
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetEnvironmentVariableA
GetCommandLineA
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcessHeap
GetDriveTypeA
SetEnvironmentVariableW
FormatMessageA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetTempFileNameW
GetTempPathW
OutputDebugStringW
GetEnvironmentVariableW
DebugBreak
InterlockedCompareExchange
HeapFree
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
MoveFileW
FileTimeToSystemTime
lstrlenA
GlobalFlags
GetModuleHandleA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetThreadLocale
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
FreeResource
InterlockedIncrement
GetCurrentProcessId
GlobalAddAtomW
SetEvent
RaiseException
InterlockedDecrement
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
SetLastError
GlobalFree
CopyFileW
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
MulDiv
GetModuleHandleW
GetVersionExW
GetCurrentProcess
WaitForMultipleObjects
OpenProcess
GetPrivateProfileSectionNamesW
WideCharToMultiByte
ExpandEnvironmentStringsW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
WaitForSingleObject
MultiByteToWideChar
CloseHandle
GetLastError
RtlUnwind
CreateMutexW

user32

PostThreadMessageW
DestroyMenu
GetNextDlgGroupItem
RegisterClipboardFormatW
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetSysColorBrush
UnregisterClassW
LoadIconW
SendDlgItemMessageA
RegisterWindowMessageW
IsWindow
FindWindowW
SendMessageW
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
CharNextW
GetWindowLongW
GetWindowTextLengthW
DdePostAdvise
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeInitializeW
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeQueryStringW
DdeUninitialize
DdeFreeStringHandle
GetWindowTextW
EnumWindows
GetWindowThreadProcessId
GetShellWindow
GetClientRect
EnableWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageW
UnhookWindowsHookEx
MessageBeep
CheckMenuItem
EnableMenuItem
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
ReleaseCapture
SetFocus
SetWindowPos
GetDesktopWindow
SetCapture
InvalidateRgn
InvalidateRect
ModifyMenuW
GetParent
GetFocus
ReleaseDC
GetDC
GetWindowRect
EqualRect
IntersectRect
OffsetRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CopyRect
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW

gdi32

GetMapMode
SetWindowExtEx
DeleteDC
ExtSelectClipRgn
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
GetDeviceCaps
CreateBitmap
CreateRectRgnIndirect
GetRgnBox
GetClipBox
SetTextColor
SetBkColor
GetObjectW
GetStockObject
GetBkColor
GetTextColor
SaveDC
RestoreDC
SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
ScaleWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

GetUserNameW
RegCreateKeyW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleIsCurrentClipboard
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleFlushClipboard
StgOpenStorageOnILockBytes
CoRegisterMessageFilter

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysAllocStringLen
DispCallFunc
LoadRegTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate

userenv

UnloadUserProfile
LoadUserProfileW

Exports

Exports

AddToWindowsFirewall
CheckToolbarCompatibility
ExecElevatedAndWait
ExecNonElevated
FixInstallerCompatibleWarning
GetBrowserPath
GetCurrentDateString
GetElevationInfo
GetEmuleConfigPath
GetFavFolderPath
GetFirefoxCurrentProfilePath
GetUserLanguagePath
InstallBCService
IsDateLaterThanSomeMonths
IsHomePageAlreadySet
IsRunningElevated
IsSystemVista
IsToSuggestWM9Codecs
NavigateInBrowser
NavigateWebPageHide
SendBCCloseMessage
SendCometPlayerCloseMessage
SendMpcStarCloseMessage
SetBrowserHomePage
UpgradeFirefoxPlugin
WriteMaxthonINI

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BitCometService.exe
.exe windows:5 windows x86 arch:x86

466bdf11c9b849fd09036efcb887877c

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:f0:be:2b:91:d0:9f:5b:66:98:77:65:90:24:15:c6:79:96:94:9b
Signer

Actual PE Digest

ca:f0:be:2b:91:d0:9f:5b:66:98:77:65:90:24:15:c6:79:96:94:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Develop_Server\Service_BCHelper\app\Release_unicode\Service_BCHelper.pdb

Imports

kernel32

QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FindNextFileW
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
VirtualAlloc
VirtualFree
HeapCreate
GetModuleFileNameA
GetStdHandle
HeapSize
CreateThread
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
GetVersion
CreateProcessW
GlobalMemoryStatusEx
lstrcatW
VirtualQuery
FileTimeToDosDateTime
OutputDebugStringW
GetFileInformationByHandle
GetDiskFreeSpaceW
GetLocalTime
OpenFileMappingW
CreateFileMappingW
GetLongPathNameW
GlobalMemoryStatus
GetSystemDefaultLangID
lstrcpyW
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
InterlockedCompareExchange
LoadLibraryExW
CreateSemaphoreA
GetSystemTime
SetFilePointerEx
RemoveDirectoryA
CreateDirectoryA
DeleteFileA
MapViewOfFileEx
CreateFileMappingA
ReleaseSemaphore
FindNextFileA
FindFirstFileA
FormatMessageA
GetSystemInfo
CreateMutexW
WaitForMultipleObjects
TerminateThread
MapViewOfFile
UnmapViewOfFile
OpenEventW
ResetEvent
ReleaseMutex
OutputDebugStringA
SetConsoleTextAttribute
GetStartupInfoW
ExitProcess
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetCurrentThread
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
CreateFileW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryW
LoadLibraryA
lstrcmpW
GetVersionExA
SystemTimeToFileTime
lstrlenA
lstrcmpA
CompareStringW
InterlockedIncrement
CreateEventW
WaitForSingleObject
GetCurrentThreadId
AreFileApisANSI
ResumeThread
SetThreadPriority
MultiByteToWideChar
FormatMessageW
lstrlenW
WideCharToMultiByte
GetCurrentProcessId
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
SetLastError
HeapAlloc
GetCurrentProcess
TerminateProcess
HeapFree
GetProcessHeap
LocalFree
GetLastError
SetEvent
CloseHandle
CreateEventA

user32

LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetDesktopWindow
RegisterWindowMessageW
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId
UnhookWindowsHookEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
PostQuitMessage
MessageBoxW
SetWindowTextW
ClientToScreen
GetForegroundWindow
GetMenuState
ValidateRect
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
wvsprintfW
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW

gdi32

PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
ExtTextOutW
SaveDC
RestoreDC
SetMapMode

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

DeleteService
RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetUserNameW
AdjustTokenPrivileges
OpenProcessToken
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ControlService
StartServiceW
ChangeServiceConfig2W
CreateServiceW
SetServiceStatus
QueryServiceStatusEx
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
SetServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
CloseServiceHandle
OpenServiceW
OpenSCManagerW

ole32

CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 841KB - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BitComet_stats.exe
.exe windows:4 windows x86 arch:x86

85c5153892863e50749ae0b816c52411

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:b6:d3:9b:ba:c2:eb:6f:38:1d:43:f8:7a:70:8f:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/09/2007, 00:00

Not After

12/11/2009, 23:59

Subject

CN=Comet Network Technology Co Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comet Network Technology Co Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:1e:ac:27:23:77:fb:dd:f8:7f:07:6e:2e:03:1b:7a:69:37:b2:b1
Signer

Actual PE Digest

c5:1e:ac:27:23:77:fb:dd:f8:7f:07:6e:2e:03:1b:7a:69:37:b2:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalHandle
LockResource
LoadResource
MultiByteToWideChar
lstrlenA
FreeLibrary
SizeofResource
LoadLibraryExW
GetModuleHandleW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GlobalFree
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcmpiW
FindResourceW
DebugBreak
GetModuleHandleA
HeapReAlloc
GetStartupInfoW
ExitProcess
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetLastError
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetLastError
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
HeapSize
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
RaiseException

user32

GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetParent
IsChild
GetFocus
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
CharNextW
GetSysColor
RegisterWindowMessageW
IsWindow
CreateAcceleratorTableW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CreateDialogIndirectParamW
MapDialogRect
MessageBoxExW
SetWindowContextHelpId
SetCapture
SendDlgItemMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DefWindowProcW
SendMessageW
IsDialogMessageW
GetDlgItem
KillTimer
SetTimer
GetWindowLongW
SetWindowLongW
DestroyWindow
PostQuitMessage
CreateWindowExW
UnregisterClassA

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject

advapi32

RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen
DispCallFunc

comctl32

InitCommonControlsEx

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GoogleToolbarInstaller_download_signed.exe
.exe windows:4 windows x86 arch:x86

d331e73067491aab91a567bb47d7dfb4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/02/2010, 00:00

Not After

22/02/2012, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:15:3f:02:b0:75:13:56:f1:e6:35:8d:4c:10:f9:55:5f:32:cb:ea
Signer

Actual PE Digest

28:15:3f:02:b0:75:13:56:f1:e6:35:8d:4c:10:f9:55:5f:32:cb:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

version

GetFileVersionInfoSizeW

user32

BeginPaint

advapi32

GetSecurityDescriptorOwner

ole32

CoInitialize

shell32

SHGetFolderPathW

oleaut32

VariantInit

shlwapi

PathAppendW

gdi32

CreateRectRgn

urlmon

CreateAsyncBindCtx

userenv

UnloadUserProfile

crypt32

CertVerifyCertificateChainPolicy

wininet

InternetReadFile

wintrust

WinVerifyTrust

Sections

.text
Size: 160KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptionsEx.dll
.dll windows:5 windows x86 arch:x86

ab3b1d3db589546acc42bafee62fc2a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\useful\nsis\src\InstallOptionsEx_unicode\Plugins\release\InstallOptionsEx.pdb

Imports

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy

shlwapi

PathFindExtensionW
PathFileExistsW

kernel32

lstrcmpiW
lstrcatW
CloseHandle
GetSystemTime
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
SetFilePointer
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
HeapReAlloc
VirtualAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
SetCurrentDirectoryW
GlobalFree
GetCurrentDirectoryW
GlobalUnlock
WritePrivateProfileStringW
lstrlenW
lstrcmpW
CreateFileW
ReadFile
MulDiv
GetTimeFormatW
lstrcpynW
LoadLibraryW
GlobalAlloc
GetPrivateProfileStringW
GetTickCount
GetModuleHandleW
GlobalLock
SetErrorMode
FindFirstFileW
GetFileSize
GetDateFormatW
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
CreateFileA
GetStdHandle
SetHandleCount
ExitProcess
Sleep
HeapFree
InterlockedDecrement
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError

user32

GetDC
DestroyWindow
SetCursor
GetWindowTextLengthW
SetWindowRgn
GetSystemMenu
SetTimer
ScreenToClient
GetWindowRect
MapDialogRect
GetMessageW
CharNextW
LoadImageW
PostMessageW
DrawTextW
KillTimer
GetKeyState
CopyImage
LoadCursorW
DispatchMessageW
GetClientRect
wsprintfW
GetIconInfo
IsWindowEnabled
DrawFocusRect
TranslateMessage
IsDialogMessageW
GetWindowLongW
GetWindowTextW
ReleaseDC
EnableMenuItem
GetDlgItem
SetWindowLongW
DestroyCursor
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
CreateDialogParamW
CreateWindowExW
MessageBoxW
SendMessageW
MapWindowPoints
UpdateWindow
EnableWindow
GetDlgCtrlID
SetWindowTextW
DestroyIcon
CallWindowProcW

gdi32

PatBlt
SetTextColor
GetBkMode
CreateFontIndirectW
GetDeviceCaps
GetDIBits
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
CreateBrushIndirect
GetBkColor
GetObjectW
CreateRectRgn
GetTextColor
CreateSolidBrush

comdlg32

CommDlgExtendedError
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

shell32

ShellExecuteW
SHGetDesktopFolder
ExtractIconExW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Exports

Exports

dialog
initDialog
setFocus
show
skipValidation

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetHomePage.ini
$PLUGINSDIR/SetHomePage_cn.gif
.gif
$PLUGINSDIR/SetHomePage_en.gif
.gif
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bitcomet_extension_signed.xpi
.zip
BitComet Extension.txt
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
chrome/content/bc_context_menu.js
.js
chrome/content/bc_context_menu.xul
.xml
chrome/content/bc_media_capture.js
.js
chrome/content/bc_media_capture.xul
.xml
chrome/content/unknownContentTypeSaveAs.js
.js
chrome/content/unknownContentTypeSaveAs.xul
chrome/locale/en-US/bc_context_menu.dtd
chrome/locale/en-US/bc_media_capture.dtd
chrome/locale/en-US/bc_media_capture.properties
chrome/locale/zh-CN/bc_context_menu.dtd
chrome/locale/zh-CN/bc_media_capture.dtd
chrome/locale/zh-CN/bc_media_capture.properties
chrome/skin/download_all.png
.png
chrome/skin/download_link.png
.png
chrome/skin/download_media.png
.png
chrome/skin/icon.png
.png
components/IBitCometExtension.dll
.dll windows:5 windows x86 arch:x86

98e27fcd0c2a4e01ac568f9c42837b00

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:92:2d:eb:d4:b9:75:bc:a0:8d:59:b1:c3:2e:42:a5:b8:11:ab:62
Signer

Actual PE Digest

53:92:2d:eb:d4:b9:75:bc:a0:8d:59:b1:c3:2e:42:a5:b8:11:ab:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometExtension_Firefox\app\Release_unicode\BitCometExtension_Firefox.pdb

Imports

xpcom

NS_GetServiceManager
NS_GetComponentManager
NS_StringContainerFinish
NS_StringContainerInit
NS_CStringSetData
NS_CStringGetData
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringSetData

kernel32

MoveFileW
DeleteFileW
SetConsoleMode
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
MultiByteToWideChar
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetLastError
RaiseException
RtlUnwind
HeapFree
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
SetConsoleCtrlHandler
VirtualAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
GetVersionExW
GetProcessHeap
WaitForSingleObject
GetSystemInfo
LoadLibraryW
lstrcpyW
OutputDebugStringW
FileTimeToLocalFileTime
GetModuleFileNameW
CreateFileW
CreateProcessW
lstrcpynW
GetModuleHandleA
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ResetEvent
ExpandEnvironmentStringsW
DebugBreak
GetEnvironmentVariableW
GetDriveTypeW
ReleaseMutex
ReleaseSemaphore
FormatMessageW
GetFileAttributesW
FindClose
FindFirstFileW
FileTimeToSystemTime
GetTempPathW
GetTempFileNameW
ReadFile
WaitForMultipleObjects
PeekNamedPipe
SetCurrentDirectoryW
CopyFileW
ReadConsoleInputA
OpenEventA
AreFileApisANSI
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEndOfFile
GetFileInformationByHandle
SetEvent
CloseHandle
CreateEventA
CreateMutexA
DeviceIoControl
FindFirstFileA
SetEnvironmentVariableA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

DestroyWindow
UnregisterClassW
MessageBoxW
GetWindowTextW
EnumThreadWindows
MessageBoxA
DdeFreeStringHandle
DdeUninitialize
DdeQueryStringW
DdeCreateDataHandle
DdeFreeDataHandle
DdeGetData
DdeGetLastError
DdeInitializeW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
DdeDisconnect
DdePostAdvise
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction

advapi32

RegQueryValueExW
RegOpenKeyExW
GetUserNameW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc

ole32

CoCreateGuid
CoCreateInstance

Exports

Exports

NSModule

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/IBitCometExtension.xpt
defaults/preferences/bc_context_menu.js
install.rdf
readme.txt
$PLUGINSDIR/firefoxextension.ini
$PLUGINSDIR/gtapi.dll
.dll windows:4 windows x86 arch:x86

a1cddef184beba696e690091795eacfd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/06/2007, 00:00

Not After

18/06/2010, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:d4:89:1c:dc:a0:67:a5:0d:5f:31:70:c9:f5:1a:18:ad:f2:70:25
Signer

Actual PE Digest

5a:d4:89:1c:dc:a0:67:a5:0d:5f:31:70:c9:f5:1a:18:ad:f2:70:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gtapi.pdb

Imports

kernel32

GetCurrentProcessId
GetModuleHandleW
LocalFree
OpenProcess
lstrcmpA
GetLocalTime
LoadLibraryW
LoadLibraryA
LocalAlloc
lstrlenA
FreeLibrary
GetFileAttributesW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetVersion
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetProcAddress
lstrcmpiA
CloseHandle
SetLastError
GetLastError
GetVersionExA
TerminateProcess
OutputDebugStringA

user32

CharUpperA
CharNextA

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

CancelToolbarInstall
GetToolbarInstallerProgress
ToolbarCompatibilityCheck

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/gtbinstallcomplete.ini
$PLUGINSDIR/http_Downloader.exe
.exe windows:5 windows x86 arch:x86

4b161acaa1489c6720ad22ccec2a5b74

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:e2:46:37:9b:06:39:46:a6:55:ff:13:77:6d:85:0d:91:e4:af:c6
Signer

Actual PE Digest

0c:e2:46:37:9b:06:39:46:a6:55:ff:13:77:6d:85:0d:91:e4:af:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
DeleteFileW
RemoveDirectoryW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
FormatMessageA
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
SetConsoleCtrlHandler
GetTimeFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
WaitForSingleObject
GetProcessHeap
GetFileAttributesW
GetShortPathNameW
GetVersionExW
GetSystemInfo
GlobalMemoryStatus
GetTempPathW
GetTempFileNameW
SystemTimeToFileTime
GetSystemTime
GetLocalTime
lstrcpyW
SetThreadPriority
CreateFileW
ReadFile
SetEndOfFile
GetFileSize
lstrlenW
OutputDebugStringW
FileTimeToLocalFileTime
FileTimeToDosDateTime
VirtualQuery
lstrcatW
CreateProcessW
GetModuleHandleA
GetVersion
GetVersionExA
FlushConsoleInputBuffer
GetFileAttributesExW
ResetEvent
ResumeThread
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
ReadConsoleInputA
SetConsoleMode
ExitThread
GetCommandLineW
GetLastError
CreateMutexW
GetProcAddress
LoadLibraryW
GetSystemDefaultLangID
SetEvent
CloseHandle
GetDateFormatA
CreateEventA
CreateThread

user32

DestroyMenu
MessageBoxW
RegisterWindowMessageW
SetTimer
KillTimer
PostMessageW
MessageBoxExW
LoadIconW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
wvsprintfW
GetMessageW
DestroyWindow
TranslateMessage
DispatchMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
PostQuitMessage
TrackPopupMenu
GetMessagePos
SetForegroundWindow
AppendMenuW
CreatePopupMenu
DefWindowProcW
ShowWindow

shell32

Shell_NotifyIconW
ShellExecuteExW

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetUserNameW
AdjustTokenPrivileges
OpenProcessToken

wininet

HttpOpenRequestA
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA

Sections

.text
Size: 745KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/installgtb.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisunz.dll
.dll windows:5 windows x86 arch:x86

1b37562e8104552588ae892e11fcdff2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
lstrcpyW
GetVersion
lstrlenW
lstrcatW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
lstrcmpiW
lstrcmpW
GlobalFree
GlobalAlloc
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
SetEndOfFile
GetProcessHeap
GetLocaleInfoA

user32

MessageBoxW
CharPrevW
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
GetDlgItem
SendMessageW
wsprintfW

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/toolbarinstalled_cn.gif
.gif
$PLUGINSDIR/toolbarinstalled_en.gif
.gif
$PLUGINSDIR/toolbarpreview_cn.gif
.gif
$PLUGINSDIR/toolbarpreview_en.gif
.gif
$_6_/components/nsIBitCometAgent.xpt
$_6_/plugins/npBitCometAgent.dll
.dll windows:5 windows x86 arch:x86

94e8c208eb6ddd6a7b3a1c4c8e2ce01b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

85:09:76:c5:d3:8f:5a:f8:e3:c3:a0:48:04:ef:af:80:98:03:e1:1a
Signer

Actual PE Digest

85:09:76:c5:d3:8f:5a:f8:e3:c3:a0:48:04:ef:af:80:98:03:e1:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometAgent_FireFox\app\Release_unicode\BitCometAgent_FirefoxPlugin.pdb

Imports

kernel32

LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
LoadLibraryW
OutputDebugStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
Thread32First
Thread32Next
CreateEventW
MapViewOfFile
UnmapViewOfFile
ResetEvent
WaitForSingleObject
ExpandEnvironmentStringsW
DebugBreak
FormatMessageW
InitializeCriticalSection
ReleaseMutex
ReleaseSemaphore
GetSystemInfo
CreateFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
GetTempFileNameW
GetTempPathW
FindFirstFileW
FindClose
GetEnvironmentVariableW
GetModuleFileNameW
CopyFileW
SetCurrentDirectoryW
GetModuleHandleA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
lstrcpyW
lstrcpynW
GetFileInformationByHandle
SetEndOfFile
GetCurrentDirectoryA
SetEnvironmentVariableW
GetFullPathNameA
GetDriveTypeA
GetFullPathNameW
MoveFileW
DeleteFileW
OpenEventA
GetProcessHeap
AreFileApisANSI
GetVersionExA
CreateMutexA
DeviceIoControl
FindFirstFileA
SetEvent
CloseHandle
CreateFileMappingW
CreateEventA
InterlockedCompareExchange
GetDriveTypeW

user32

DdeCreateDataHandle
DdePostAdvise
DdeFreeDataHandle
DdeGetData
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeNameService
DdeUninitialize
DdeInitializeW
DestroyWindow
DdeCreateStringHandleW
MessageBoxW
GetWindowTextW
EnumThreadWindows
DefWindowProcW
EndPaint
wsprintfW
DdeQueryStringW
DdeFreeStringHandle
DdeGetLastError
SetWindowLongW
BeginPaint
GetClientRect
FrameRect
GetWindowLongW
DrawTextA
UnregisterClassW

gdi32

GetStockObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateGuid
CoCreateInstance

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitComet.exe
.exe windows:5 windows x86 arch:x86

2c35abaae750276119c0833f62aeb059

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:b3:a7:1e:56:ce:97:57:85:5b:d9:db:eb:dd:04:d5:97:14:c4:34
Signer

Actual PE Digest

b1:b3:a7:1e:56:ce:97:57:85:5b:d9:db:eb:dd:04:d5:97:14:c4:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\develop\BitComet.1.31\app\Release_unicode\GUI_BitComet_WX.pdb

Imports

kernel32

GetVersionExA
FlushConsoleInputBuffer
CreateMutexA
GetStringTypeExA
ReadConsoleInputA
SetConsoleMode
FindFirstFileA
GetACP
GetLocalTime
GetWindowsDirectoryW
GetPrivateProfileStringW
lstrcmpiW
lstrcmpW
GetVersion
SetThreadExecutionState
GetSystemPowerStatus
TerminateProcess
GetCurrentProcess
GetCommandLineW
GetOEMCP
IsValidCodePage
GetSystemInfo
ReleaseSemaphore
GetVersionExW
GlobalAlloc
GetCurrentProcessId
GlobalUnlock
GlobalLock
LoadLibraryExW
GetLongPathNameW
Sleep
GetTickCount
CreateMutexW
FormatMessageW
MoveFileW
GetConsoleOutputCP
GetDriveTypeA
SetEnvironmentVariableW
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
EnumSystemLocalesA
SetConsoleCtrlHandler
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
SetStdHandle
ExitThread
GetTimeZoneInformation
GetCurrentDirectoryA
CompareStringA
GetStringTypeW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetProcessHeap
WaitForMultipleObjects
CreateEventW
GetProcAddress
FreeLibrary
LoadLibraryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
DeleteFileW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentThreadId
WaitForSingleObject
SetEvent
CreateEventA
CloseHandle
GetModuleHandleW
GetLastError
LCMapStringA
RtlUnwind
GetDateFormatA
GetTimeFormatA
HeapReAlloc
GetStartupInfoA
GetCommandLineA
UnhandledExceptionFilter
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
IsBadStringPtrA
IsBadReadPtr
PeekNamedPipe
GetFileType
FileTimeToSystemTime
GetModuleHandleA
GetCPInfo
GetEnvironmentVariableW
SetThreadLocale
IsValidLocale
GetUserDefaultLCID
TlsAlloc
TlsFree
TlsGetValue
ResumeThread
ExitProcess
TlsSetValue
ExpandEnvironmentStringsW
DebugBreak
SetFileAttributesW
DuplicateHandle
CreateSemaphoreA
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteCriticalSection
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
ReleaseMutex
ResetEvent
OpenEventW
TerminateThread
CreateThread
LocalAlloc
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
SetLastError
GetShortPathNameW
GetSystemDefaultLangID
GetUserDefaultLangID
GlobalMemoryStatus
GetModuleFileNameW
GetTempFileNameW
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
SetProcessWorkingSetSize
SetSystemPowerState
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetCurrentThread
SetThreadPriority
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
IsDebuggerPresent
lstrcpyW
SetUnhandledExceptionFilter
GetFileInformationByHandle
QueryPerformanceFrequency
lstrlenW
OutputDebugStringW
RaiseException
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileTime
VirtualQuery
lstrcatW
GlobalMemoryStatusEx
CreateProcessW
lstrcpynW
GetSystemDirectoryW
MoveFileExW
CopyFileExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateRemoteThread
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
MulDiv
InterlockedExchange
GetLocaleInfoA
GlobalFree
FreeConsole
ReadConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetStdHandle
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
SetErrorMode
HeapSize
GlobalSize
SetCurrentDirectoryW

user32

SetFocus
IsIconic
ShowWindow
GetWindow
GetFocus
GetSysColor
MessageBoxW
GetClassNameA
IsChild
DrawTextW
SetRectEmpty
CopyRect
SendMessageW
CreateCaret
DestroyCaret
DdeClientTransaction
LoadBitmapW
AdjustWindowRectEx
OffsetRect
CreateWindowExW
DestroyWindow
GetWindowTextW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
RegisterClassExW
DefWindowProcW
wvsprintfW
wsprintfW
RegisterClipboardFormatW
GetComboBoxInfo
GetIconInfo
CreateIconIndirect
PeekMessageW
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
SetScrollInfo
EnableScrollBar
ScrollWindow
GetMessageTime
GetActiveWindow
UnhookWindowsHookEx
CallNextHookEx
GetCapture
TrackPopupMenu
IsDialogMessageW
CallWindowProcW
SetWindowTextW
SetCursorPos
DeferWindowPos
GetUpdateRgn
MapWindowPoints
EndDeferWindowPos
BeginDeferWindowPos
GetMenuItemCount
SetWindowsHookExW
CreateDialogParamW
GetDlgItem
GetDialogBaseUnits
IsZoomed
FlashWindow
CreateDialogIndirectParamW
DrawMenuBar
EnableMenuItem
GetMenu
SetWindowRgn
UnregisterClassW
RegisterClassW
GetWindowTextLengthW
GetMenuState
DestroyMenu
GetSubMenu
CreatePopupMenu
InsertMenuW
RemoveMenu
AppendMenuW
CreateMenu
DestroyCursor
ShowCursor
GetClassInfoW
HideCaret
ShowCaret
keybd_event
ChildWindowFromPoint
SetMenu
MsgWaitForMultipleObjects
GetSysColorBrush
CheckMenuItem
CheckMenuRadioItem
DrawStateW
DrawEdge
ValidateRgn
GetClipboardFormatNameW
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
FindWindowExW
ChangeDisplaySettingsW
EnumDisplaySettingsW
MessageBeep
DdeUninitialize
DdeQueryStringW
DdeCreateDataHandle
DdeGetLastError
DdeDisconnect
SetCaretPos
DdeCreateStringHandleW
DdeConnect
DdePostAdvise
GetUserObjectInformationW
GetProcessWindowStation
LoadStringA
ValidateRect
DrawFocusRect
FrameRect
RedrawWindow
SetParent
DrawAnimatedRects
EnumChildWindows
FindWindowW
GetClassNameW
DestroyIcon
IsRectEmpty
SetRect
EndPaint
BeginPaint
SystemParametersInfoW
SetWindowPlacement
UnionRect
PostQuitMessage
RegisterHotKey
UnregisterHotKey
GetMenuItemInfoW
SetMenuItemInfoW
InsertMenuItemW
ModifyMenuW
DeleteMenu
SetActiveWindow
GetSystemMenu
DdeFreeDataHandle
DdeGetData
SendMessageTimeoutW
GetMessagePos
DdeFreeStringHandle
DdeNameService
DdeCreateStringHandleA
DdeInitializeW
MessageBoxA
ExitWindowsEx
ReleaseCapture
SetCapture
LoadCursorW
SetCursor
InflateRect
GetDoubleClickTime
ReleaseDC
GetWindowDC
InvalidateRect
EnableWindow
GetWindowRect
MoveWindow
ClientToScreen
GetDesktopWindow
DrawIcon
UpdateWindow
GetDC
FillRect
DrawFrameControl
DrawIconEx
GetKeyState
SetWindowLongW
AnimateWindow
KillTimer
SetTimer
PtInRect
ScreenToClient
GetClientRect
WindowFromPoint
GetCursorPos
IsWindow
EndMenu
GetWindowLongW
SetWindowPos
BringWindowToTop
IsWindowEnabled
EnumWindows
GetParent
GetWindowPlacement
SetClipboardData
EmptyClipboard
GetWindowThreadProcessId
GetClipboardOwner
CloseClipboard
GetClipboardData
LoadIconW
GetScrollInfo
GetSystemMetrics
LoadImageW
OpenClipboard
IsClipboardFormatAvailable
ChangeClipboardChain
SetClipboardViewer
RegisterWindowMessageW
EnumThreadWindows
SetForegroundWindow
IsWindowVisible
PostMessageW

gdi32

SetStretchBltMode
StretchBlt
CreateDIBSection
BitBlt
MoveToEx
LineTo
CreateBitmap
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetDeviceCaps
CreatePen
GetDIBits
GetTextMetricsW
CloseEnhMetaFile
PlayEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
DeleteEnhMetaFile
GetEnhMetaFileW
CreateDCW
EndPage
StartPage
EndDoc
StartDocW
SetAbortProc
GetSystemPaletteEntries
GetDIBColorTable
CreateDIBitmap
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
RestoreDC
SaveDC
ExtCreatePen
CreateHatchBrush
PtInRegion
EqualRgn
GetRgnBox
CreateICW
SetTextAlign
RectInRegion
CombineRgn
CreatePatternBrush
StretchDIBits
MaskBlt
GetStockObject
Ellipse
RoundRect
Rectangle
PolyPolygon
SetPolyFillMode
Pie
Arc
GetTextExtentExPointW
GetCharABCWidthsW
ExtFloodFill
ExtSelectClipRgn
GetBkColor
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
PolyBezier
GetPixel
SetViewportOrgEx
SetROP2
Polyline
GetClipBox
GetRegionData
ExtCreateRegion
OffsetRgn
ExcludeClipRect
SetBrushOrgEx
CreateRectRgn
GdiFlush
SelectPalette
RealizePalette
GetOutlineTextMetricsW
SetMapMode
DPtoLP
EnumFontFamiliesExW
Polygon
SelectClipRgn
CreateRectRgnIndirect
SetPixel
GetTextExtentPoint32W
SetTextColor
SetBkMode
DeleteObject
SelectObject
CreatePenIndirect
CreateFontIndirectW
SetBkColor
ExtTextOutW
GetObjectW
GetCurrentObject

advapi32

RegDeleteKeyW
CryptReleaseContext
CryptAcquireContextA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteValueW
RegEnumKeyW
RegCreateKeyExW
GetTokenInformation
RegSetValueExW
GetUserNameW
RegCreateKeyW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
StartServiceW
ControlService
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptGenRandom

shell32

SHAppBarMessage
Shell_NotifyIconW
SHGetFileInfoW
ord680
SHChangeNotify
SHFileOperationW
SHGetFolderPathW
SHGetFolderLocation
ShellExecuteW
DragQueryFileW
DragQueryPoint
SHBindToParent
DragAcceptFiles
ExtractIconExW
ExtractIconW
ord16
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ord155
DragFinish

ole32

OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
ReleaseStgMedium
CoLockObjectExternal
CoUninitialize
CoTaskMemAlloc
RevokeDragDrop
OleUninitialize
CoGetMalloc
OleInitialize
OleLockRunning
OleSetContainedObject
OleRun
CoCreateGuid
PropVariantClear
OleSetClipboard
CoCreateInstance
CoInitialize
CoTaskMemFree
RegisterDragDrop

oleaut32

VariantChangeType
SysStringLen
VariantInit
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
VarR8FromDec
VarDecFromR8
SysAllocString
SysFreeString

winmm

sndPlaySoundW

comctl32

ImageList_GetImageCount
ImageList_DrawEx
ImageList_Draw
_TrackMouseEvent
ord17
ImageList_DragShowNolock
ImageList_Destroy
ImageList_GetIcon
ImageList_Create
ImageList_Add
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragMove
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ord16
ImageList_GetIconSize

rpcrt4

UuidToStringW
RpcStringFreeW

wsock32

WSAStartup
WSACleanup
WSASetLastError
inet_addr
ntohs
socket
htonl
htons
inet_ntoa
accept
listen
shutdown
getsockname
getpeername
connect
WSAAsyncGetHostByName
send
recv
WSACancelAsyncRequest
WSAAsyncSelect
setsockopt
WSAGetLastError
sendto
gethostbyname
recvfrom
ioctlsocket
bind
closesocket

shlwapi

StrRetToBufW
SHStrDupW
PathIsUNCW
AssocQueryStringW

ws2_32

WSAEventSelect

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

CommDlgExtendedError
GetSaveFileNameW
ChooseFontW
ChooseColorW
PrintDlgW
PageSetupDlgW
GetOpenFileNameW

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 775KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 777KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChangeLog.txt
ChangeLog_Chinese.txt
CrashReport.exe
.exe windows:5 windows x86 arch:x86

35414ce505fdb2a89822b4da72ed4561

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:e2:f9:b2:f8:f5:c3:4e:c7:19:ab:14:de:4b:f1:50:b4:96:de:9f
Signer

Actual PE Digest

c4:e2:f9:b2:f8:f5:c3:4e:c7:19:ab:14:de:4b:f1:50:b4:96:de:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Develop_1\CrashReport\CrashReport\src\CrashReport\app\release\CrashReport.pdb

Imports

kernel32

LocalReAlloc
TlsFree
InterlockedIncrement
GetFileAttributesA
GetFileSizeEx
GetFileTime
SetErrorMode
GetModuleHandleW
GetCPInfo
GetOEMCP
GetTickCount
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwind
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetStdHandle
TlsSetValue
InitializeCriticalSectionAndSpinCount
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
WritePrivateProfileStringA
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FormatMessageA
LocalFree
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
FindFirstFileA
FileTimeToLocalFileTime
FindNextFileA
FindClose
lstrlenA
GlobalUnlock
FreeResource
GlobalFree
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
FindActCtxSectionStringA
LoadLibraryExA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
GetProcAddress
SystemTimeToFileTime
GetLocalTime
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
FileTimeToDosDateTime
SetFilePointer
GetFileInformationByHandle
GetFileType
FileTimeToSystemTime
GetFileSize
ReadFile
WriteFile
CreateFileA
WaitForMultipleObjects
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
SetEvent
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
MultiByteToWideChar
SetLastError
GetLastError
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
MulDiv
Sleep
CopyFileA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateProcessA
GetModuleFileNameA
GetACP
GetUserDefaultLangID

user32

RegisterClipboardFormatA
PostThreadMessageA
SetCapture
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcA
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
CharUpperA
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
UnregisterClassA
GetSysColorBrush
GetNextDlgGroupItem
InvalidateRgn
GetWindowThreadProcessId
GetWindowLongA
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
GetLastActivePopup
IsWindowEnabled
MessageBoxA
FillRect
PostMessageA
CopyIcon
LoadCursorA
InflateRect
ReleaseDC
GetDC
GetSysColor
IsWindow
RedrawWindow
GetParent
GetWindowRect
SetCursor
PtInRect
ScreenToClient
GetMessagePos
InvalidateRect
MessageBeep
SetWindowLongA
DispatchMessageA
TranslateMessage
PostQuitMessage
PeekMessageA
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
SendMessageA
AppendMenuA
GetSystemMenu
LoadIconA
EnableWindow
CallWindowProcA

gdi32

ExtSelectClipRgn
ScaleWindowExtEx
CreateSolidBrush
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
SetWindowExtEx
DeleteObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
ExtTextOutA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteDC
GetDeviceCaps
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString

wsock32

WSAStartup
WSACleanup
WSASetLastError

wininet

InternetSetStatusCallback
InternetReadFile
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpSendRequestA
InternetSetCookieA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
InternetAttemptConnect
InternetConnectA
InternetOpenA

Sections

.text
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
License.txt
License_Chinese.txt
ReadMe.txt
ReadMe_Chinese.txt
lang/HowTo-Translate.txt
lang/bitcomet-ar.mo
lang/bitcomet-bg.mo
lang/bitcomet-bs.mo
lang/bitcomet-ca.mo
lang/bitcomet-cs.mo
lang/bitcomet-da.mo
lang/bitcomet-de.mo
lang/bitcomet-el.mo
lang/bitcomet-en_US.mo
.eml
lang/bitcomet-es.mo
lang/bitcomet-et.mo
lang/bitcomet-eu.mo
lang/bitcomet-fa.mo
lang/bitcomet-fi.mo
lang/bitcomet-fr.mo
lang/bitcomet-gl.mo
lang/bitcomet-he.mo
lang/bitcomet-hr.mo
lang/bitcomet-hu.mo
lang/bitcomet-hy.mo
lang/bitcomet-id.mo
lang/bitcomet-it.mo
lang/bitcomet-ja.mo
lang/bitcomet-kk.mo
lang/bitcomet-kn.mo
lang/bitcomet-ko.mo
lang/bitcomet-lt.mo
lang/bitcomet-lv.mo
lang/bitcomet-mk.mo
lang/bitcomet-ms.mo
lang/bitcomet-nb.mo
lang/bitcomet-ne.mo
lang/bitcomet-nl.mo
lang/bitcomet-pl.mo
lang/bitcomet-pt.mo
lang/bitcomet-pt_BR.mo
lang/bitcomet-ro.mo
lang/bitcomet-ru.mo
lang/bitcomet-sk.mo
lang/bitcomet-sl.mo
lang/bitcomet-sq.mo
lang/bitcomet-sr.mo
lang/bitcomet-sv.mo
lang/bitcomet-ta.mo
lang/bitcomet-th.mo
lang/bitcomet-tr.mo
lang/bitcomet-ug.mo
lang/bitcomet-uk.mo
lang/bitcomet-ur.mo
lang/bitcomet-vi.mo
lang/bitcomet-zh_CN.mo
lang/bitcomet-zh_TW.mo
rules/tracker.dat
tools/BitCometAgent_1.5.4.11.dll
.dll regsvr32 windows:5 windows x86 arch:x86

2dcd855383d3fdd58d70e00bc913c6e1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

32:e9:cf:c4:fb:e8:c4:c0:62:d0:d3:16:39:1e:8b:68:df:ef:f5:c9
Signer

Actual PE Digest

32:e9:cf:c4:fb:e8:c4:c0:62:d0:d3:16:39:1e:8b:68:df:ef:f5:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometAgent_ActiveX\app\Release_Unicode\BitCometAgent_ActiveX.pdb

Imports

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayGetVartype
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
UnRegisterTypeLi
RegisterTypeLi
SafeArrayGetLBound

kernel32

DeviceIoControl
CreateMutexA
GetVersionExA
lstrcpyW
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
lstrcmpiW
LoadLibraryExW
FreeLibrary
CreateEventA
SetEvent
CloseHandle
GetThreadLocale
SetThreadLocale
LocalFree
lstrcpynW
GetFileInformationByHandle
AreFileApisANSI
OpenEventA
FindFirstFileA
LeaveCriticalSection
LoadLibraryW
OutputDebugStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
Thread32First
Thread32Next
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
ResetEvent
WaitForSingleObject
GetCurrentProcess
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
ExpandEnvironmentStringsW
DebugBreak
GetVersionExW
CompareStringW
GetSystemInfo
GetCurrentThreadId
ReleaseMutex
TlsSetValue
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
FormatMessageW
GetFileAttributesW
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempPathW
GetTempFileNameW
FindClose
FindFirstFileW
GetEnvironmentVariableW
GetCurrentProcessId
GetCPInfo
IsValidCodePage
TerminateProcess
GetACP
GetLocaleInfoW
GetUserDefaultLCID
IsValidLocale
GetFileType
SetCurrentDirectoryW
CopyFileW
GetModuleHandleA
ReadFile
WriteFile
WaitForMultipleObjects
PeekNamedPipe
GetDriveTypeW
FormatMessageA
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
GetStringTypeW
LCMapStringA
LCMapStringW
GetSystemTimeAsFileTime
HeapReAlloc
DeleteFileW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
MoveFileW
GetFullPathNameW
GetTimeZoneInformation
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetLastError
HeapSize
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeFormatA
GetDateFormatA
GetOEMCP
GetLocaleInfoA
EnumSystemLocalesA
GetStringTypeA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEndOfFile
GetProcessHeap
CompareStringA

user32

DdeFreeStringHandle
DdeUninitialize
DdeQueryStringW
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
DdeGetLastError
DdeInitializeW
DdeClientTransaction
DdeCreateStringHandleW
DdeNameService
DdeConnect
DdePostAdvise
wsprintfW
MessageBoxW
GetWindowTextW
EnumThreadWindows
DestroyWindow
UnregisterClassW
DdeDisconnect
CharNextW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/BitCometBHO_1.5.4.11.dll
.dll regsvr32 windows:5 windows x86 arch:x86

04ab723258615f472b614e44dcc9ef56

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:8c:21:49:1f:a5:42:06:15:1a:67:63:d6:cb:41:2f:f1:13:de:d6
Signer

Actual PE Digest

a0:8c:21:49:1f:a5:42:06:15:1a:67:63:d6:cb:41:2f:f1:13:de:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop\BitCometExtension_IE\app\release_unicode\BitCometBHO.pdb

Imports

kernel32

SetEvent
WaitForSingleObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Thread32First
Thread32Next
GetTickCount
Sleep
ResetEvent
CreateEventW
CreateProcessW
GetCurrentProcess
FlushInstructionCache
CreateEventA
lstrcpynW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
CreateFileA
PeekNamedPipe
CloseHandle
GetConsoleMode
GetConsoleCP
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiW
OpenEventA
AreFileApisANSI
FindFirstFileW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
SetThreadLocale
GetThreadLocale
GetACP
GetFullPathNameA
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetFullPathNameW
DeviceIoControl
FindClose
LocalAlloc
CreateMutexA
GetVersionExA
GetFileInformationByHandle
SetEndOfFile
SetFilePointer
FlushFileBuffers
ReadFile
CreateFileW
lstrlenW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
GetProcAddress
lstrcpyW
GetFileAttributesW
ReleaseMutex
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
LocalFree
FormatMessageA
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetStringTypeW
GetCPInfo
LCMapStringA
LCMapStringW
SetLastError
HeapSize
ExitProcess
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
GetSystemInfo
SetStdHandle

user32

wsprintfW
ReleaseDC
GetDC
EnumThreadWindows
CallWindowProcW
GetWindowTextW
LoadImageW
IsWindow
FillRect
CharNextW
InsertMenuItemW
CreatePopupMenu
SetMenuInfo
GetMenuInfo
GetMenuItemCount
DeleteMenu
GetMenuItemInfoW
SetMenuItemInfoW
SetWindowLongW
GetSysColor
LoadBitmapW
GetCursorPos
CallNextHookEx
SetRect
GetSystemMetrics
DrawTextW
SetWindowsHookExW
UnhookWindowsHookEx
EnableMenuItem
GetWindowThreadProcessId
ScreenToClient
PostMessageW
AppendMenuW

gdi32

SetTextColor
GetObjectW
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
SetBkMode

advapi32

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi

shlwapi

SHDeleteKeyW

comctl32

ImageList_DrawEx
ImageList_Create
ImageList_GetIconSize
ImageList_AddMasked

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 579KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/UPNP.exe
.exe windows:4 windows x86 arch:x86

5056ac97ed837319137f03ec281bcc42

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:b6:d3:9b:ba:c2:eb:6f:38:1d:43:f8:7a:70:8f:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/09/2007, 00:00

Not After

12/11/2009, 23:59

Subject

CN=Comet Network Technology Co Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comet Network Technology Co Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:e3:d0:e8:de:b0:2e:f6:65:d2:04:ba:ee:ed:de:94:29:f8:c5:ef
Signer

Actual PE Digest

62:e3:d0:e8:de:b0:2e:f6:65:d2:04:ba:ee:ed:de:94:29:f8:c5:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Develop\UPnp\app\Release\GUI_UPNP.pdb

Imports

kernel32

GetOEMCP
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCPInfo
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileMappingA
CreateFileA
OpenEventA
TerminateThread
MapViewOfFile
UnmapViewOfFile
FileTimeToDosDateTime
CreateProcessA
lstrcatA
OutputDebugStringA
GlobalMemoryStatus
lstrcpyA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
FreeResource
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
Sleep
GetModuleHandleA
GetProcAddress
ReleaseSemaphore
GetCurrentProcess
DuplicateHandle
GetCurrentThreadId
WaitForSingleObject
GetTickCount
GetSystemTimeAsFileTime
SetEvent
GetSystemTime
CreateSemaphoreA
HeapFree
GetProcessHeap
HeapAlloc
CreateEventA
FindResourceA
LoadResource
LockResource
SizeofResource
CloseHandle
GetACP
GetUserDefaultLangID
CreateMutexA
GetVersion
CompareStringA
CompareStringW
GetLastError
WideCharToMultiByte
lstrlenA
InterlockedExchange
OpenFileMappingA
MultiByteToWideChar
QueryPerformanceCounter

user32

EndPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
CharUpperA
BeginPaint
wsprintfA
wvsprintfA
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
PostThreadMessageA
GetMenuItemID
AdjustWindowRectEx
RegisterClipboardFormatA
MessageBoxA
RegisterWindowMessageA
LoadIconA
IsIconic
SendMessageA
GetSystemMetrics
EnableWindow
GetClientRect
GetWindowTextA
PostMessageA
GetSubMenu
GetMenuItemCount
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
DefWindowProcA
DestroyMenu

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ScaleWindowExtEx
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CoRevokeClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoFreeUnusedLibraries
CoInitializeSecurity
CoUninitialize
CoInitialize
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoCreateGuid
CreateILockBytesOnHGlobal

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
VariantChangeType
SafeArrayGetElement
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
VariantCopy

ws2_32

inet_addr
gethostname

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/Updater.exe
.exe windows:5 windows x86 arch:x86

8d8af1500e6ecdf813361d73c45370a3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:6b:7d:3c:cc:fa:c8:cc:b4:66:5e:40:0d:60:9e:2d:56:ef:ca:3f
Signer

Actual PE Digest

3a:6b:7d:3c:cc:fa:c8:cc:b4:66:5e:40:0d:60:9e:2d:56:ef:ca:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
DeleteFileW
RemoveDirectoryW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetSystemTime
WaitForSingleObject
GetProcessHeap
GetFileAttributesW
GetVersionExW
GetSystemInfo
GlobalMemoryStatus
GetTempPathW
GetTempFileNameW
GetLocalTime
SetThreadPriority
CreateFileW
ReadFile
SetEndOfFile
GetFileSize
lstrlenW
OutputDebugStringW
FileTimeToLocalFileTime
FileTimeToDosDateTime
VirtualQuery
lstrcpyW
lstrcatW
CreateProcessW
GetVersion
GetVersionExA
ReleaseMutex
CreateMutexA
ResetEvent
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
ExitThread
CreateThread
GetCommandLineW
GetLastError
CreateMutexW
GetProcAddress
LoadLibraryW
GetSystemDefaultLangID
SetEvent
CloseHandle
CreateEventA
GetFileAttributesExW
GetModuleHandleA

user32

DestroyMenu
MessageBoxW
RegisterWindowMessageW
SetTimer
KillTimer
PostMessageW
MessageBoxExW
LoadIconW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
wvsprintfW
GetMessageW
DestroyWindow
TranslateMessage
DispatchMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
PostQuitMessage
TrackPopupMenu
GetMessagePos
SetForegroundWindow
AppendMenuW
CreatePopupMenu
DefWindowProcW
ShowWindow

shell32

Shell_NotifyIconW
ShellExecuteExW

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetUserNameW
AdjustTokenPrivileges
OpenProcessToken

wininet

HttpSendRequestA
InternetOpenA
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tools/VideoSnapshot.exe
.exe windows:5 windows x86 arch:x86

3fc59050d2eed1ebff01f0fc1914b44c

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:91:da:a4:32:56:92:6f:c9:04:93:16:95:67:ff:ff:6e:2f:bf:3f
Signer

Actual PE Digest

30:91:da:a4:32:56:92:6f:c9:04:93:16:95:67:ff:ff:6e:2f:bf:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetThreadLocale
FileTimeToSystemTime
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
GetModuleHandleA
GetStringTypeExW
lstrcmpiW
LockFile
UnlockFile
FindClose
FindFirstFileW
GetVolumeInformationW
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
GetStartupInfoW
UnhandledExceptionFilter
GetTimeFormatA
GetDateFormatA
HeapReAlloc
RtlUnwind
ExitProcess
ExitThread
CreateThread
HeapSize
VirtualProtect
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
lstrlenA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
ResumeThread
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FreeResource
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
InterlockedDecrement
GlobalGetAtomNameW
GlobalAddAtomW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualQuery
GetFileTime
FileTimeToLocalFileTime
RaiseException
lstrlenW
SetUnhandledExceptionFilter
FindNextFileW
CreateDirectoryW
AreFileApisANSI
FormatMessageA
OpenEventA
ResetEvent
GetVersion
FlushConsoleInputBuffer
CreateMutexA
ReleaseMutex
ReadConsoleInputA
SetConsoleMode
GetDriveTypeA
FindFirstFileA
GetDriveTypeW
GetFullPathNameA
PeekNamedPipe
GetCurrentDirectoryA
IsDebuggerPresent
TerminateProcess
DuplicateHandle
Sleep
GetCurrentThread
GetCurrentProcessId
GetLocalTime
GetSystemTimeAsFileTime
lstrcpyW
lstrcpynW
GetFileSize
SetEndOfFile
SetFilePointer
FlushFileBuffers
WriteFile
ReadFile
GetLastError
WideCharToMultiByte
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
GetCurrentThreadId
VirtualFree
VirtualAlloc
GetLongPathNameW
GlobalMemoryStatus
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
FormatMessageW
LocalFree
GetCurrentProcess
GetCommandLineW
SetPriorityClass
MulDiv
GetTickCount
WaitForSingleObject
GetModuleHandleW
UnmapViewOfFile
SetCurrentDirectoryW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
CreateFileW
GetACP
MultiByteToWideChar
GetModuleFileNameW
GetFullPathNameW
GetFileAttributesW
CloseHandle
SetEvent
CreateEventA
InterlockedCompareExchange

user32

DeleteMenu
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
ClientToScreen
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
ShowOwnedPopups
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
UnregisterClassW
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
SetRect
InvalidateRgn
SetCapture
GetNextDlgGroupItem
MessageBeep
GetClientRect
CreateWindowExW
CharUpperW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
DeferWindowPos
CallWindowProcW
PtInRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
UnhookWindowsHookEx
GetClassNameW
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
WinHelpW
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
EqualRect
GetDlgItem
SetWindowLongW
GetDlgCtrlID
GetKeyState
SetCursor
PeekMessageW
GetCapture
ReleaseCapture
LoadAcceleratorsW
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
IsIconic
InsertMenuItemW
CreatePopupMenu
GetClassInfoW
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetMenu
GetLastActivePopup
BringWindowToTop
SetMenu
GetDesktopWindow
GetWindow
ShowWindow
GetWindowLongW
IsWindow
TranslateAcceleratorW
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
wsprintfW
SetForegroundWindow
EnableWindow
UpdateWindow
SendMessageW
PostMessageW
LoadIconW
DefWindowProcW
MessageBoxW
GetFocus

gdi32

CreateSolidBrush
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetStockObject
CreatePatternBrush
RectVisible
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
DeleteObject
CreateFontIndirectW
BitBlt
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
GetClipBox
SetTextColor
SetBkColor
GetObjectW
CreateBitmap
TextOutW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

DeregisterEventSource
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
ReportEventA
RegisterEventSourceA

shell32

DragFinish
DragQueryFileW
SHGetFileInfoW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CLSIDFromString
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID

oleaut32

VariantClear
SysStringLen
SysFreeString
SysAllocStringLen
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

wininet

HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA
InternetOpenA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/bitcomet_extension_signed.xpi
.zip
tools/npBitCometAgent.dll
.dll windows:5 windows x86 arch:x86

94e8c208eb6ddd6a7b3a1c4c8e2ce01b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2009, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

85:09:76:c5:d3:8f:5a:f8:e3:c3:a0:48:04:ef:af:80:98:03:e1:1a
Signer

Actual PE Digest

85:09:76:c5:d3:8f:5a:f8:e3:c3:a0:48:04:ef:af:80:98:03:e1:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometAgent_FireFox\app\Release_unicode\BitCometAgent_FirefoxPlugin.pdb

Imports

kernel32

LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
LoadLibraryW
OutputDebugStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
Thread32First
Thread32Next
CreateEventW
MapViewOfFile
UnmapViewOfFile
ResetEvent
WaitForSingleObject
ExpandEnvironmentStringsW
DebugBreak
FormatMessageW
InitializeCriticalSection
ReleaseMutex
ReleaseSemaphore
GetSystemInfo
CreateFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
GetTempFileNameW
GetTempPathW
FindFirstFileW
FindClose
GetEnvironmentVariableW
GetModuleFileNameW
CopyFileW
SetCurrentDirectoryW
GetModuleHandleA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
lstrcpyW
lstrcpynW
GetFileInformationByHandle
SetEndOfFile
GetCurrentDirectoryA
SetEnvironmentVariableW
GetFullPathNameA
GetDriveTypeA
GetFullPathNameW
MoveFileW
DeleteFileW
OpenEventA
GetProcessHeap
AreFileApisANSI
GetVersionExA
CreateMutexA
DeviceIoControl
FindFirstFileA
SetEvent
CloseHandle
CreateFileMappingW
CreateEventA
InterlockedCompareExchange
GetDriveTypeW

user32

DdeCreateDataHandle
DdePostAdvise
DdeFreeDataHandle
DdeGetData
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeNameService
DdeUninitialize
DdeInitializeW
DestroyWindow
DdeCreateStringHandleW
MessageBoxW
GetWindowTextW
EnumThreadWindows
DefWindowProcW
EndPaint
wsprintfW
DdeQueryStringW
DdeFreeStringHandle
DdeGetLastError
SetWindowLongW
BeginPaint
GetClientRect
FrameRect
GetWindowLongW
DrawTextA
UnregisterClassW

gdi32

GetStockObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateGuid
CoCreateInstance

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/nsIBitCometAgent.xpt
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:dbCertificate

Extended Key Usages

Key Usages

e8:78:c9:53:c7:47:e7:04:96:5b:7b:46:3b:93:1e:1f:0a:0e:df:c9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 868KB

.rsrc Size: 37KB - Virtual size: 37KB

98e27fcd0c2a4e01ac568f9c42837b00

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:dbCertificate

Extended Key Usages

Key Usages

53:92:2d:eb:d4:b9:75:bc:a0:8d:59:b1:c3:2e:42:a5:b8:11:ab:62Signer

Headers

File Characteristics

PDB Paths

Imports

xpcom

kernel32

version

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 351KB - Virtual size: 351KB

.data Size: 27KB - Virtual size: 323KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 148KB - Virtual size: 148KB

f8ae1b5e812aeebf8b05f5035b07c398

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

userenv

Exports

Exports

Sections

.text Size: 672KB - Virtual size: 671KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 18KB - Virtual size: 45KB

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

e8:78:c9:53:c7:47:e7:04:96:5b:7b:46:3b:93:1e:1f:0a:0e:df:c9
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 868KB

.rsrc
Size: 37KB - Virtual size: 37KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

53:92:2d:eb:d4:b9:75:bc:a0:8d:59:b1:c3:2e:42:a5:b8:11:ab:62
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 351KB - Virtual size: 351KB

.data
Size: 27KB - Virtual size: 323KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 148KB - Virtual size: 148KB

.text
Size: 672KB - Virtual size: 671KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 18KB - Virtual size: 45KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 85KB - Virtual size: 84KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

ca:f0:be:2b:91:d0:9f:5b:66:98:77:65:90:24:15:c6:79:96:94:9b
Signer

.text
Size: 841KB - Virtual size: 840KB

.rdata
Size: 264KB - Virtual size: 264KB

.data
Size: 27KB - Virtual size: 318KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 126KB - Virtual size: 126KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:b6:d3:9b:ba:c2:eb:6f:38:1d:43:f8:7a:70:8f:f0
Certificate

c5:1e:ac:27:23:77:fb:dd:f8:7f:07:6e:2e:03:1b:7a:69:37:b2:b1
Signer

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate