700701c6378e12636d8ef727f2065a03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

700701c6378e12636d8ef727f2065a03_JaffaCakes118
Size

1.6MB
MD5

700701c6378e12636d8ef727f2065a03
SHA1

173462f77c0ac49d96b651acccb1fecd4d9f2166
SHA256

a076c0b2144e9e0b164439d82c51c6f80f3ce268f03fe9dee398f2ead8f858fd
SHA512

8582e13649324c715298df6a879a0843234ad5888207c72a4de27eef085e1d8c28af7126318a9b6e0d81a679a2151aab1c10611ee6bd86d7a9fc1b722c88821f
SSDEEP

49152:U8PMzvZAtCCj/mBYwWCESdB7scTawlawbCk:NEv4CCTmeJSHDuwbCk

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/HddInfo.dll
unpack001/$PLUGINSDIR/Inetc.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/Math.dll
unpack001/$PLUGINSDIR/OnTop.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Plugin/lua5.1.dll
unpack001/zlib1.dll
unpack001//uninst.exe
unpack002/$PLUGINSDIR/KillProcDLL.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001//uninst.exe	nsis_installer_1
static1/unpack001//uninst.exe	nsis_installer_2

Files

700701c6378e12636d8ef727f2065a03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

db:65:ab:7c:4f:bd:20:fb:58:35:c5:b8:e9:1e:22:73:90:f2:64:3b
Signer

Actual PE Digest

db:65:ab:7c:4f:bd:20:fb:58:35:c5:b8:e9:1e:22:73:90:f2:64:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/DEDatas/Notes/ƽ̨_.n
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/HddInfo.dll
.dll windows:4 windows x86 arch:x86

49bf2966d2afd5b0b2379acf629be26a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
CloseHandle
CreateFileA
SetPriorityClass
GetCurrentProcess
GetVersionExA
GlobalAlloc
lstrcpynA
GlobalFree
DisableThreadLibraryCalls

user32

wsprintfA

msvcrt

malloc
_adjust_fdiv
free
memset
_initterm

Exports

Exports

GetBufferSize
GetDiskSize
GetModelNumber
GetRevisionNumber
GetSerialNumber

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 689B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Math.dll
.dll windows:4 windows x86 arch:x86

c1eddc2d743572429fa0b1a79b7ac0fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpA
lstrlenA
GlobalFree
lstrcatA
GlobalAlloc
lstrcpynA
FlushFileBuffers
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetLastError
SetFilePointer
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
CloseHandle

Exports

Exports

Script

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OnTop.dll
.dll windows:4 windows x86 arch:x86

5868b2e27b7dc96acf77699398b4c95b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ShowWindow
SetWindowPos

msvcrt

free
_initterm
malloc
_adjust_fdiv

kernel32

DisableThreadLibraryCalls

Exports

Exports

OffTop
OnTop

Sections

.text
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 387B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KeyboardHookService.dll
.dll windows:5 windows x86 arch:x86

b3adc3ec293287fdeb9e43d047f91b98

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

b6:1a:f1:66:0b:ac:ae:95:86:4c:45:48:1f:df:56:da:60:11:b5:c9
Signer

Actual PE Digest

b6:1a:f1:66:0b:ac:ae:95:86:4c:45:48:1f:df:56:da:60:11:b5:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\工作目录\项目\源码\2011.1\宋济沅\键盘钩子服务\Release\KeyboardHookService.pdb

Imports

kernel32

WaitForSingleObject
SetEvent
ConnectNamedPipe
WaitNamedPipeW
WriteFile
ReadFile
CreateFileW
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
GetLastError
CreateEventW
SetNamedPipeHandleState
CloseHandle
InterlockedExchange
GetTickCount
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
MultiByteToWideChar
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW

user32

SetWindowsHookExW
GetKeyState
CallNextHookEx
UnhookWindowsHookEx

Exports

Exports

AddHotKeyObserveEvent
GetSingleton
InitializeHook
RemoveHotKeyObserveEvent

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/BlankDesktop.dll
.dll regsvr32 windows:5 windows x86 arch:x86

44210ee64e1675585742733ada7635d2

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

13:88:4a:af:d7:11:54:93:43:99:47:f9:f3:e4:99:b5:41:0d:2b:d8
Signer

Actual PE Digest

13:88:4a:af:d7:11:54:93:43:99:47:f9:f3:e4:99:b5:41:0d:2b:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
Sleep
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenW
OutputDebugStringW
GetTickCount
RaiseException
FreeLibraryAndExitThread
GetModuleHandleExW
CloseHandle
InterlockedExchange
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
MultiByteToWideChar
LCMapStringW
SetThreadLocale
GetCurrentProcess
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
EncodePointer
DecodePointer
RtlUnwind
GetModuleHandleW
VirtualAlloc
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetThreadLocale
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
GetModuleFileNameW
GetSystemTimeAsFileTime
ExitProcess

user32

GetSysColor
GetSystemMetrics
IsRectEmpty
MapWindowPoints
GetClientRect
CharNextW
SetWindowLongW
MoveWindow
SetWindowPos
BeginPaint
EndPaint
FindWindowW
ShowWindow
SetFocus
GetParent
GetClassInfoExW
LoadCursorW
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
CopyRect
SystemParametersInfoW
FindWindowExW
GetDesktopWindow
DestroyWindow
SetWindowsHookExW
IsWindow
FindWindowExA
InvalidateRect
PostMessageW
CallNextHookEx
UnhookWindowsHookEx
EnumChildWindows
IsWindowVisible
GetWindowRect
UnregisterClassA
AdjustWindowRect
SetTimer
KillTimer
CallWindowProcW
GetWindowLongW
RegisterClassExW
DefWindowProcW
SetParent
CreateWindowExW

gdi32

SelectObject
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject
CreateRectRgn
CreateCompatibleDC

ole32

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

LoadRegTypeLi
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen
LoadTypeLi

imagehlp

MapFileAndCheckSumW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipCreateTexture
GdipGetImageGraphicsContext
GdipFree
GdipAlloc
GdipDeleteBrush
GdipDeleteGraphics
GdipDeleteRegion
GdiplusStartup
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCombineRegionRectI
GdipCreateBitmapFromFile
GdipCloneImage
GdipCloneBrush
GdipCreateRegionHrgn
GdipDrawImageRectRectI
GdipFillRegion
GdipFillRectangleI

atl100

ord15
ord49
ord56
ord68
ord61
ord23
ord43
ord44
ord30
ord32
ord58
ord31
ord64
ord67

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

private
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/DesktopShellViewAddin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

4a5c504605e2d31f3212e96b7c4b32b0

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

cf:0f:79:a2:1d:e9:a2:06:c2:e0:f1:b7:d7:4d:eb:29:ad:60:f0:bb
Signer

Actual PE Digest

cf:0f:79:a2:1d:e9:a2:06:c2:e0:f1:b7:d7:4d:eb:29:ad:60:f0:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FlushInstructionCache
GetCurrentProcess
FormatMessageA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalLock
lstrcpynW
ExpandEnvironmentStringsW
ExitProcess
GetModuleFileNameW
LoadLibraryW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SetThreadLocale
GetThreadLocale
InitializeCriticalSectionAndSpinCount
InterlockedExchange
TerminateThread
WaitForSingleObject
CreateThread
lstrlenW
Sleep
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetPrivateProfileStringW
GetModuleHandleW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
HeapCreate
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCommandLineA
GetCurrentThreadId
RtlUnwind
DecodePointer
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
DeleteFileW
GetFileSize
CreateFileW
WriteFile
ReadFile
GetProcAddress
RaiseException
FreeResource
GetVersionExW
GetPrivateProfileIntW
GetSystemTimeAsFileTime
WritePrivateProfileStringW
CloseHandle
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetShortPathNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FlushFileBuffers
FindResourceW
LoadResource
LockResource
SizeofResource
OutputDebugStringW

user32

GetClassInfoW
MapWindowPoints
InvalidateRect
DeleteMenu
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
GetKeyState
IsMenu
GetMenuState
GetMenuStringW
MoveWindow
GetClientRect
GetMenuItemCount
GetMenuItemInfoW
WindowFromPoint
EqualRect
DestroyMenu
AppendMenuW
SetMenuDefaultItem
GetSubMenu
InsertMenuItemW
InsertMenuW
GetShellWindow
PostMessageW
CreateMenu
GetMenuItemID
SetMenuItemInfoW
SendMessageW
GetParent
IsWindow
CharNextW
GetCursorPos
CreatePopupMenu
CopyRect
ShowWindow
IsWindowVisible
DestroyWindow
RegisterClipboardFormatW
FindWindowExW
TrackPopupMenu
MonitorFromPoint
GetMonitorInfoW
SetTimer
KillTimer

gdi32

BitBlt
DeleteObject
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC

advapi32

RegEnumValueA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA

shell32

ord155
ord18
SHGetPathFromIDListW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetDesktopFolder
ShellExecuteW
SHBindToParent
ord25

ole32

CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
ReleaseStgMedium
CoInitializeEx

oleaut32

LoadRegTypeLi
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen
LoadTypeLi

atl100

ord61
ord23
ord15
ord30
ord49
ord68
ord67
ord32
ord58
ord31
ord64
ord56

shlwapi

SHCreateStreamOnFileW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathAppendW
GetMenuPosFromID
PathAppendA

dbghelp

MakeSureDirectoryPathExists

imagehlp

MapFileAndCheckSumW

msi

ord217
ord173

lua5.1

lua_newuserdata
lua_touserdata
luaL_typerror
lua_pushnumber
luaL_checklstring
luaL_checknumber
lua_pushinteger
lua_pushboolean
lua_pushnil
lua_setfield
lua_pushcclosure
lua_pcall
lua_settop
lua_tolstring
lua_toboolean
lua_tonumber
lua_getfield
lua_close
luaL_newstate
luaL_openlibs
luaL_loadbuffer
lua_typename
lua_type
lua_pushlstring
luaL_argerror

gdiplus

GdiplusStartup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

private
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/FlashPlayer.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8e2f29e510aa6bb4c8a54a696cb36223

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

29:3d:b3:51:b4:15:10:c3:47:6f:d6:b3:6a:43:1d:46:ed:ed:63:b3
Signer

Actual PE Digest

29:3d:b3:51:b4:15:10:c3:47:6f:d6:b3:6a:43:1d:46:ed:ed:63:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeResource
SetLastError
lstrlenW
ReadFile
CloseHandle
GetFileSize
CreateFileW
lstrlenA
GetCurrentThreadId
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
VirtualAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
LockResource
GetCPInfo
HeapReAlloc
HeapDestroy
HeapCreate
HeapSize
Sleep
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
RtlUnwind
EncodePointer
DecodePointer
VirtualFree
IsProcessorFeaturePresent
LoadLibraryW
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
SizeofResource
FindResourceW
LoadResource
GetThreadLocale
SetThreadLocale
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetModuleHandleExW
FreeLibraryAndExitThread
InitializeCriticalSectionAndSpinCount
RaiseException
WideCharToMultiByte
GetACP
MultiByteToWideChar
QueryPerformanceCounter
ExitProcess

user32

SetWindowsHookExW
ReleaseDC
GetSystemMetrics
IsWindow
DestroyWindow
IsRectEmpty
OffsetRect
GetCursorPos
SetRectEmpty
GetWindowDC
UpdateLayeredWindow
DefWindowProcW
MoveWindow
ShowWindow
SetWindowPos
GetWindowRect
SetWindowLongW
CreateWindowExW
RegisterClassExW
CopyRect
GetClientRect
BeginPaint
EndPaint
TrackMouseEvent
GetParent
SendMessageW
SetFocus
CallWindowProcW
ReleaseCapture
SetCapture
MapWindowPoints
InvalidateRect
InvalidateRgn
GetUpdateRgn
PtInRect
IntersectRect
EqualRect
CharNextW
GetClassInfoExW
LoadCursorW
IsZoomed
PostMessageW
SetForegroundWindow
CallNextHookEx
DestroyAcceleratorTable
TranslateAcceleratorW
IsWindowVisible
SendDlgItemMessageW
GetDlgItem
GetFocus
FindWindowExW
GetClassLongW
SetClassLongW
GetWindowLongW
InflateRect
SetWindowTextW
UnregisterClassA
SetWindowContextHelpId
GetWindow
EndDialog
MapDialogRect
LoadAcceleratorsW
UnhookWindowsHookEx

gdi32

RectInRegion
GetRgnBox
ExcludeClipRect
BitBlt
CreateRectRgnIndirect
SelectClipRgn
CreateCompatibleDC
SetLayout
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
CreateRectRgn
CombineRgn

ole32

CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen

imagehlp

MapFileAndCheckSumW

gdiplus

GdipFree
GdipSetPageUnit
GdipAddPathArcI
GdipAddPathLineI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdiplusStartup
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipCloneImage
GdipCloneBrush
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipCreateFont
GdipDrawImageRectRect
GdipAlloc
GdipDrawString
GdipFillPath
GdipDrawPath
GdipSetWorldTransform
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAddPathStringI
GdipCreateSolidFill
GdipCreateMatrix2
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipDeleteMatrix

comctl32

InitCommonControlsEx

atl100

ord44
ord64
ord68
ord56
ord49
ord15
ord23
ord61
ord67
ord43
ord58
ord32
ord31
ord42
ord48
ord47
ord60
ord37

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/HotkeyServiceAddin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

f2040c67812e4b5ef4d9883552f74dc4

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

d5:69:b2:0a:e7:cd:0d:7a:e4:d8:ec:4e:c1:17:75:40:26:a9:07:75
Signer

Actual PE Digest

d5:69:b2:0a:e7:cd:0d:7a:e4:d8:ec:4e:c1:17:75:40:26:a9:07:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
InitializeCriticalSection
TlsAlloc
FlushInstructionCache
GetCurrentProcess
SetLastError
TerminateThread
TlsFree
FreeLibrary
CreateThread
TlsSetValue
TlsGetValue
LoadLibraryW
InterlockedExchange
GetCurrentThreadId
lstrlenW
InterlockedPushEntrySList
WaitForSingleObject
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
InterlockedPopEntrySList
VirtualAlloc
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetProcessHeap
VirtualFree
GetFileType
GetOverlappedResult
ReadFile
SetEvent
FlushFileBuffers
CreateNamedPipeW
CreateEventW
ConnectNamedPipe
GetLastError
DisconnectNamedPipe
CloseHandle
WriteFile
GetModuleFileNameW
InterlockedCompareExchange
ExitProcess
DecodePointer
EncodePointer
HeapFree
RtlUnwind
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
GetStdHandle
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount

user32

RegisterHotKey
CallWindowProcW
GetWindowLongW
DefWindowProcW
DestroyWindow
GetSystemMetrics
CreateWindowExW
IsWindow
PostMessageW
SetWindowLongW
UnregisterHotKey
RegisterClassExW
LoadCursorW
GetClassInfoExW
CharNextW
UnregisterClassA

ole32

CoCreateInstance

oleaut32

LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen

imagehlp

MapFileAndCheckSumW

atl100

ord58
ord32
ord44
ord43
ord67
ord61
ord23
ord15
ord49
ord56
ord68
ord64
ord31

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/NotepadAddin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

495ab10209312139a23dadc4ae8e335d

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

3b:64:97:93:92:56:54:4a:c3:67:61:5c:90:5f:df:d4:51:e3:11:87
Signer

Actual PE Digest

3b:64:97:93:92:56:54:4a:c3:67:61:5c:90:5f:df:d4:51:e3:11:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
LockResource
LoadResource
FindResourceW
SetThreadLocale
GetThreadLocale
FlushInstructionCache
GetCurrentProcess
TlsAlloc
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
TlsFree
SetLastError
CreateMutexW
ReleaseMutex
TlsSetValue
TlsGetValue
lstrlenW
FindResourceExW
GetFileSize
CreateFileW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentThreadId
MoveFileW
CreateDirectoryW
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
InterlockedDecrement
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetFileType
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Sleep
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
HeapAlloc
GetCommandLineA
HeapFree
EncodePointer
DecodePointer
RtlUnwind
GetConsoleCP
GetConsoleMode
GetStringTypeW
InterlockedIncrement
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
DeleteCriticalSection
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
ReadFile
FlushFileBuffers
GetLastError
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
InterlockedPushEntrySList
CloseHandle
WriteFile
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
SetStdHandle
InterlockedCompareExchange
WriteConsoleW

user32

PostQuitMessage
GetSystemMetrics
LoadImageW
SetWindowsHookExW
GetActiveWindow
MapDialogRect
SetWindowContextHelpId
CreateWindowExW
UnhookWindowsHookEx
GetCursorPos
SetForegroundWindow
MonitorFromPoint
DestroyMenu
AppendMenuW
CreatePopupMenu
LoadIconW
DestroyIcon
TranslateAcceleratorW
LoadAcceleratorsW
DestroyAcceleratorTable
GetFocus
CallNextHookEx
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
MessageBoxW
EnableWindow
GetClientRect
GetWindowRect
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowVisible
ShowWindow
UpdateWindow
SetWindowPos
PostMessageW
GetDlgItem
SendDlgItemMessageW
EndDialog
CallWindowProcW
DefWindowProcW
IsWindow
SetFocus
GetWindowLongW
SetWindowLongW
DestroyWindow
SendMessageW
CharNextW
TrackPopupMenu
UnregisterClassA

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
StringFromCLSID

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
UnRegisterTypeLi
SysAllocStringLen
RegisterTypeLi

dbghelp

MakeSureDirectoryPathExists

shlwapi

PathRemoveExtensionW
PathAddExtensionW
PathAppendW

imagehlp

MapFileAndCheckSumW

atl100

ord64
ord56
ord49
ord15
ord23
ord61
ord67
ord43
ord44
ord37
ord30
ord32
ord58
ord31
ord35
ord42
ord48
ord60
ord68

comctl32

ImageList_Create
ImageList_ReplaceIcon
CreateToolbarEx
ImageList_Destroy

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdipLoadImageFromStream
GdipDisposeImage

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

private
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/ScreenShotForCom.dll
.dll regsvr32 windows:5 windows x86 arch:x86

1760a871f1997006489383990871c69d

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

67:23:a9:da:d9:fd:d5:7c:a5:ea:21:16:22:90:c9:08:0a:3d:7c:36
Signer

Actual PE Digest

67:23:a9:da:d9:fd:d5:7c:a5:ea:21:16:22:90:c9:08:0a:3d:7c:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
lstrlenA
LockResource
FindResourceExW
FlushInstructionCache
GetCurrentProcess
lstrlenW
SetLastError
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetThreadLocale
GetThreadLocale
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
InterlockedPushEntrySList
InterlockedCompareExchange
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
WaitForSingleObject
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
EnterCriticalSection
SetHandleCount
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetLocaleInfoW
GetStdHandle
HeapDestroy
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
HeapAlloc
GetCommandLineA
GetCurrentThreadId
HeapFree
DecodePointer
EncodePointer
RtlUnwind
CreateMutexW
CreateThread
CloseHandle
GetFileSize
WriteFile
ReadFile
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
RaiseException
FlushFileBuffers
CreateFileW
GetLastError
SetEvent
CreateEventW
GetFileType
ReleaseMutex
FindResourceW
GetModuleFileNameW
SizeofResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
QueryPerformanceCounter

user32

CreateWindowExW
GetWindowLongW
DestroyWindow
SendMessageW
PtInRect
OffsetRect
MapWindowPoints
GetClientRect
BeginPaint
EndPaint
TrackMouseEvent
InvalidateRect
InvalidateRgn
SetCapture
UpdateWindow
SetWindowLongW
LoadCursorW
EndDialog
SendDlgItemMessageW
GetDlgItem
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
MoveWindow
OpenClipboard
ShowWindow
SetWindowPos
CharNextW
CopyRect
IntersectRect
SetCursor
CloseClipboard
SetClipboardData
IsWindow
ReleaseCapture
GetCursorPos
TrackPopupMenu
MonitorFromPoint
DestroyMenu
AppendMenuW
CreatePopupMenu
FrameRect
FillRect
GetClassLongW
SetClassLongW
CreateDialogParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetFocus
IsWindowVisible
PostMessageW
PostQuitMessage
GetActiveWindow
MapDialogRect
SetWindowContextHelpId
EmptyClipboard
UnregisterClassA

gdi32

GetDeviceCaps
CreateDCW
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
OffsetRgn
CreateRectRgn
CombineRgn
DeleteObject
CreateSolidBrush

comdlg32

GetSaveFileNameW

shell32

SHGetSpecialFolderPathW

ole32

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysFreeString
SysStringLen
UnRegisterTypeLi

dbghelp

MakeSureDirectoryPathExists

shlwapi

PathAppendW

imagehlp

MapFileAndCheckSumW

gdiplus

GdiplusStartup
GdipFree
GdipCreateFont
GdipDrawString
GdipSetPageUnit
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipFillRectangleI
GdipCreateSolidFill
GdipCreateBitmapFromHBITMAP
GdipDeleteBrush
GdiplusShutdown
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipAlloc

comctl32

InitCommonControlsEx

atl100

ord35
ord67
ord68
ord56
ord49
ord64
ord43
ord44
ord58
ord32
ord15
ord23
ord61
ord31
ord42
ord48
ord60
ord30

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

private
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/SoundOffAddin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

ade6c96f826b6af5b9e6eb77de97d894

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

02:59:e4:0a:1f:fc:24:a5:52:9a:3a:af:bb:d5:6c:b9:59:f9:67:ff
Signer

Actual PE Digest

02:59:e4:0a:1f:fc:24:a5:52:9a:3a:af:bb:d5:6c:b9:59:f9:67:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceW
lstrlenW
WriteConsoleW
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
FlushFileBuffers
GetLastError
ExitProcess
CloseHandle
WriteFile
GetModuleFileNameW
SetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Sleep
HeapSize
HeapReAlloc
DecodePointer
EncodePointer
RtlUnwind
HeapFree
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
CreateFileW

user32

CharNextW
SendMessageW
GetShellWindow

ole32

StringFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi

imagehlp

MapFileAndCheckSumW

atl100

ord30
ord31
ord58
ord32
ord67
ord61
ord23
ord15
ord49
ord56
ord68
ord64

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdiplusStartup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/UpdateAddin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

69907215699fe4e8e5d064faec14a142

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

c8:b1:a8:70:48:6f:cd:9c:c6:e2:85:3e:73:66:fc:31:7d:33:6d:a6
Signer

Actual PE Digest

c8:b1:a8:70:48:6f:cd:9c:c6:e2:85:3e:73:66:fc:31:7d:33:6d:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
GetSystemInfo
CreateIoCompletionPort
MultiByteToWideChar
WideCharToMultiByte
ReadFile
WriteFile
ExpandEnvironmentStringsW
CopyFileW
GetFileSize
CreateFileW
DeleteFileW
SetEndOfFile
SetFilePointerEx
GetDiskFreeSpaceExW
GetFileSizeEx
GetTickCount
GetModuleFileNameW
ExitProcess
GetProcAddress
FreeLibrary
OutputDebugStringA
LoadLibraryW
CreateDirectoryW
RaiseException
GetModuleHandleW
Sleep
FindClose
FindNextFileW
FindFirstFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
lstrlenW
WaitForMultipleObjects
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
HeapReAlloc
HeapDestroy
HeapCreate
HeapSize
IsValidCodePage
GetProcessHeap
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
WaitForSingleObject
GetCurrentThreadId
TerminateThread
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateThread
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchange
GetLastError
GetStringTypeW
InterlockedCompareExchange
EncodePointer
DecodePointer
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
GetCPInfo
LCMapStringW
HeapAlloc
GetStdHandle

user32

CharNextW
MessageBoxW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen

wininet

InternetCloseHandle
HttpQueryInfoW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetReadFile
InternetSetFilePointer

shlwapi

PathFileExistsW
PathAppendA
PathFindFileNameW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW

dbghelp

MakeSureDirectoryPathExists

imagehlp

MapFileAndCheckSumW

atl100

ord32
ord58
ord67
ord61
ord23
ord15
ord64
ord49
ord56
ord68
ord31

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/WebSearchAddin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

080ab45e2acebe5e31d46525cad860ee

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

ac:e3:9c:3d:e4:2c:ec:d6:87:96:34:dd:4d:3b:bf:bf:49:d6:ce:2f
Signer

Actual PE Digest

ac:e3:9c:3d:e4:2c:ec:d6:87:96:34:dd:4d:3b:bf:bf:49:d6:ce:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
lstrlenA
LockResource
LoadResource
FindResourceW
SizeofResource
FreeResource
GetFileSize
CreateFileW
OutputDebugStringW
InterlockedExchange
FindResourceExW
SetThreadLocale
GetThreadLocale
TlsAlloc
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentProcessId
CreateMutexW
ReleaseMutex
lstrlenW
TlsSetValue
TlsGetValue
TerminateThread
CreateThread
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
WriteConsoleW
SetStdHandle
GetModuleHandleW
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapDestroy
HeapCreate
HeapSize
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
EncodePointer
DecodePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
RaiseException
WideCharToMultiByte
MultiByteToWideChar
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcAddress
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
ReadFile
SetEvent
FlushFileBuffers
GetModuleFileNameW
GetLastError
CloseHandle
WriteFile
ExitProcess

user32

IsChild
IsDialogMessageW
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetSystemMetrics
IsWindow
DestroyWindow
IsRectEmpty
GetFocus
PostQuitMessage
GetActiveWindow
FillRect
SetWindowContextHelpId
MapDialogRect
DispatchMessageW
TranslateMessage
GetMessageW
OffsetRect
GetCursorPos
SetClassLongW
GetClassLongW
SetRectEmpty
GetWindowDC
UpdateLayeredWindow
DefWindowProcW
MoveWindow
ShowWindow
SetWindowPos
GetWindowRect
SetWindowLongW
CreateWindowExW
RegisterClassExW
CopyRect
GetClientRect
BeginPaint
EndPaint
TrackMouseEvent
GetParent
SendMessageW
SetFocus
CallWindowProcW
ReleaseCapture
SetCapture
MapWindowPoints
InvalidateRect
InvalidateRgn
GetUpdateRgn
PtInRect
IntersectRect
EqualRect
CharNextW
GetClassInfoExW
LoadCursorW
UnregisterClassA
EndDialog
SendDlgItemMessageW
GetDlgItem
InflateRect
GetWindowLongW
SetCursor
PostMessageW
UpdateWindow
IsWindowVisible
WindowFromPoint
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW

gdi32

CreateSolidBrush
SetTextColor
GetRgnBox
ExcludeClipRect
SelectClipRgn
CombineRgn
RectInRegion
CreateRectRgnIndirect
BitBlt
SetLayout
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateRectRgn

shell32

ShellExecuteA
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
StringFromCLSID
CoUninitialize

oleaut32

RegisterTypeLi
SysFreeString
UnRegisterTypeLi
SysAllocStringLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen

dbghelp

MakeSureDirectoryPathExists

shlwapi

PathAppendW
PathRemoveFileSpecW

imagehlp

MapFileAndCheckSumW

gdiplus

GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipCloneImage
GdipCloneBrush
GdipCreateFont
GdipDrawString
GdiplusStartup
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipFree

comctl32

InitCommonControlsEx

atl100

ord68
ord35
ord60
ord48
ord42
ord31
ord58
ord32
ord30
ord37
ord44
ord43
ord67
ord61
ord23
ord15
ord49
ord56
ord64

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

private
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/atl100.dll
.dll windows:5 windows x86 arch:x86

0bbf1228f837ecb83ec693b705100bde

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:16:2e:ee:28:2f:5b:ce:ae:59:de:01:f6:7c:6c:d1:bf:03:ad:9d
Signer

Actual PE Digest

9a:16:2e:ee:28:2f:5b:ce:ae:59:de:01:f6:7c:6c:d1:bf:03:ad:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atl100.i386.pdb

Imports

kernel32

lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameW
WideCharToMultiByte
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
lstrcmpW
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
LockResource
LocalAlloc
InterlockedExchange
LoadLibraryA
HeapFree
DecodePointer
EncodePointer
HeapAlloc
GetCommandLineA
HeapCreate
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
WriteFile
GetStdHandle
ExitProcess
HeapReAlloc
HeapSize
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
InterlockedCompareExchange
InterlockedPushEntrySList
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetPerUserRegistration
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlSetPerUserRegistration
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/lua5.1.dll
.dll windows:4 windows x86 arch:x86

df5ee731556844566bd09eb9e0c19cfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
FormatMessageA
GetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr80

strtoul
strcoll
strerror
ungetc
strstr
__iob_func
_errno
fopen
fread
fprintf
ferror
freopen
realloc
fclose
getc
feof
free
fputs
fgets
setvbuf
fwrite
ftell
fseek
clearerr
fscanf
tmpfile
_pclose
fflush
_popen
ceil
modf
ldexp
rand
srand
strcspn
_HUGE
_mktime64
_gmtime64
tmpnam
system
remove
clock
strftime
setlocale
_localtime64
getenv
_difftime64
_time64
rename
memchr
ispunct
tolower
isupper
toupper
islower
strpbrk
isxdigit
strrchr
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strncpy
strncat
sprintf
strtod
localeconv
isspace
iscntrl
isdigit
isalpha
isalnum
exit
longjmp
strchr
frexp
_setjmp3
_CIpow
floor
memcpy
_CIexp
_CIlog10
_CIlog
_CIsqrt
_CIfmod
_CIatan2
_CIatan
_CIacos
_CIasin
_CItanh
_CItan
_CIcosh
_CIcos
_CIsinh
_CIsin

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WangZhe.exe
.exe windows:5 windows x86 arch:x86

89197a3fd61674d35b611e60013a571e

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

22:59:39:d9:cc:f0:71:ed:bd:f1:c1:47:01:17:60:4b:e0:82:3b:b1
Signer

Actual PE Digest

22:59:39:d9:cc:f0:71:ed:bd:f1:c1:47:01:17:60:4b:e0:82:3b:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
InterlockedCompareExchange
VirtualFree
GetProcessHeap
IsProcessorFeaturePresent
VirtualAlloc
CreateIoCompletionPort
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
GetDiskFreeSpaceExW
GetTickCount
InterlockedExchange
lstrlenA
RaiseException
SetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalAlloc
LocalFree
OpenMutexW
ExitProcess
CreateMutexW
GlobalFree
FreeResource
InterlockedDecrement
InterlockedIncrement
lstrlenW
InitializeCriticalSectionAndSpinCount
MulDiv
lstrcmpW
CreateEventW
SetEvent
MoveFileW
CopyFileA
DeleteFileA
GlobalHandle
lstrcmpiW
LoadLibraryExW
SetProcessWorkingSetSize
SetEnvironmentVariableA
CompareStringW
SetStdHandle
HeapAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
InterlockedPopEntrySList
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
DecodePointer
EncodePointer
GetStringTypeW
FlushInstructionCache
InitializeCriticalSection
GetCurrentProcess
GetVersionExW
CreateThread
GetCurrentThreadId
DeleteCriticalSection
WaitForMultipleObjects
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
TerminateThread
WaitForSingleObject
GetQueuedCompletionStatus
GlobalUnlock
GlobalAlloc
GlobalLock
GetSystemInfo
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
FindNextFileW
FindClose
Sleep
WriteFile
SetFilePointerEx
SetEndOfFile
FindFirstFileW
OutputDebugStringA
GetLastError
GetFileSizeEx
LoadLibraryW
CreateDirectoryW
FreeLibrary
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
CreateFileW
CloseHandle
ReadFile
OutputDebugStringW
GetFileSize
CreateFileA
WriteConsoleW
DeleteFileW

user32

IsWindowVisible
GetWindowTextA
GetWindowTextLengthA
SetWindowRgn
GetSystemMetrics
GetDesktopWindow
ReleaseDC
GetDC
IsRectEmpty
MoveWindow
IsWindow
OffsetRect
GetWindowDC
GetWindowRect
UpdateLayeredWindow
CopyRect
CallWindowProcW
MapWindowPoints
SendMessageW
ReleaseCapture
CreateWindowExW
SystemParametersInfoW
DialogBoxIndirectParamW
GetActiveWindow
EndDialog
GetWindowTextLengthW
IsChild
GetFocus
GetDlgItem
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
GetCursorPos
SetWindowPos
SetWindowLongW
InvalidateRect
SetFocus
GetClientRect
InvalidateRgn
TrackMouseEvent
GetParent
SetCapture
GetUpdateRgn
DestroyWindow
EndPaint
PtInRect
SetRectEmpty
EqualRect
IntersectRect
KillTimer
SetTimer
MessageBoxW
GetWindowLongW
DefWindowProcW
GetWindowTextW
SetWindowTextW
ShowWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
SetCursor
GetIconInfo
DestroyIcon
InflateRect
RegisterClipboardFormatW
GetClassLongW
SetClassLongW
RegisterWindowMessageW
AnimateWindow
GetWindow
SetWindowContextHelpId
MapDialogRect
SendDlgItemMessageW
DestroyAcceleratorTable
FillRect
SetParent
UpdateWindow
PostQuitMessage
CreateDialogIndirectParamW
GetDoubleClickTime
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
BeginPaint
UnregisterClassA

gdi32

GetObjectW
RectInRegion
GetDeviceCaps
GetStockObject
CreateFontW
CreateRoundRectRgn
SetBkColor
SetTextColor
FillRgn
CreateSolidBrush
CombineRgn
GetRgnBox
SetLayout
BitBlt
DeleteDC
ExcludeClipRect
DeleteObject
SelectObject
CreateRectRgn
CreateCompatibleBitmap
CreateRectRgnIndirect
CreateCompatibleDC
CreateDIBSection
SelectClipRgn

comdlg32

GetOpenFileNameW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHBindToParent
ord25
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteA
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
RegisterDragDrop
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString

oleaut32

VarUI4FromStr
VarDateFromStr
SystemTimeToVariantTime
VarUdateFromDate
VariantTimeToSystemTime
VariantInit
VariantClear
LoadTypeLi
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
OleCreateFontIndirect
LoadRegTypeLi

gdiplus

GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSaveImageToFile
GdipSetStringFormatAlign
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipAddPathLineI
GdipDrawImagePointsRectI
GdipCreateLineBrushI
GdipSetPenDashArray
GdipCombineRegionRegion
GdipCreateRegionPath
GdipLoadImageFromStream
GdipFillRectangleI
GdipDeleteRegion
GdipFillRegion
GdipDrawImageRectRectI
GdipCreateRegionRectI
GdipFillEllipse
GdipDrawEllipse
GdipAddPathArcI
GdipDrawRectangleI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneFont
GdipDrawLineI
GdipSetPageUnit
GdipCloneStringFormat
GdipGetImageEncodersSize
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRect
GdipDeleteBrush
GdipFree
GdipCreatePen1
GdipGetImageWidth
GdipCreatePath
GdipCloneImage
GdipSetInterpolationMode
GdipFillPath
GdipCreateFromHDC
GdipDrawString
GdipDeletePath
GdipCreateFont
GdipDisposeImage
GdipAlloc
GdipCreateSolidFill
GdipDeleteFontFamily
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipMeasureString
GdipGetImageHeight
GdipCloneBrush
GdipDeletePen
GdipAddPathPie

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendA
PathIsDirectoryW
PathFindFileNameW
StrRetToBufW
PathFileExistsA
PathRemoveFileSpecA
PathFindExtensionW
PathAppendW

dbghelp

MakeSureDirectoryPathExists

wininet

InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetSetOptionW
HttpQueryInfoW
InternetSetFilePointer
InternetCrackUrlW
InternetCheckConnectionW
InternetCloseHandle

comctl32

ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragMove
InitCommonControlsEx
ImageList_DragEnter
ImageList_EndDrag
ImageList_AddMasked

ws2_32

socket
closesocket
setsockopt
gethostbyname
htons
connect
send
select
recv
WSACleanup
WSAStartup
__WSAFDIsSet

imagehlp

MapFileAndCheckSumW

msi

ord217
ord173

Sections

.text
Size: 635KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 674KB - Virtual size: 674KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WangZheDock.exe
.exe windows:5 windows x86 arch:x86

29441558555b677ac6e3e31bcdd18c5b

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

c6:2d:1b:e2:e0:9b:c8:f9:30:e2:2e:06:9e:3c:fd:54:5c:cd:51:df
Signer

Actual PE Digest

c6:2d:1b:e2:e0:9b:c8:f9:30:e2:2e:06:9e:3c:fd:54:5c:cd:51:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
LoadLibraryExW
SizeofResource
LockResource
GlobalLock
GlobalUnlock
GlobalFree
InterlockedCompareExchange
InterlockedExchange
CreateMutexW
ReadFile
OpenMutexW
GetProcessHeap
SetEndOfFile
CreateFileA
CreateFileW
GetLocaleInfoW
LoadLibraryA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapAlloc
GetStartupInfoA
FindResourceW
EnumResourceNamesW
LocalFree
LocalAlloc
SetProcessWorkingSetSize
SetEvent
GetCurrentProcess
CloseHandle
GetUserDefaultLCID
GetModuleFileNameW
Sleep
GetSystemDirectoryW
ExitProcess
FindNextFileW
FindClose
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
QueryPerformanceCounter
FindFirstFileW
TerminateProcess
HeapFree
GetLastError
GlobalAlloc
FreeResource
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA

user32

ReleaseDC
GetWindowDC
MoveWindow
SetWindowTextW
EnableWindow
MapWindowPoints
SendMessageW
GetSystemMetrics
MessageBoxW
GetSysColorBrush
SendDlgItemMessageW
EndDialog
GetDlgItem
InvalidateRect
GetDC
GetClientRect
FillRect
GetWindowRect
DefWindowProcW
DispatchMessageW
DestroyIcon
ShowWindow
SetWindowPos
OffsetRect
LoadIconW
InsertMenuItemW
ModifyMenuW
FindWindowW
SetForegroundWindow
KillTimer
RegisterWindowMessageW
SetTimer
CheckMenuItem
SetMenuDefaultItem
GetCursorPos
EnableMenuItem
GetForegroundWindow
UpdateLayeredWindow
GetMessageW
UpdateWindow
CallWindowProcW
SetWindowsHookExW
PostMessageW
LoadCursorW
CallNextHookEx
PtInRect
WindowFromPoint
TranslateMessage
RegisterClassExW
GetWindowLongW
SetWindowLongW
CreateWindowExW
DialogBoxParamW
TrackPopupMenu
PostQuitMessage
keybd_event
SystemParametersInfoW
GetIconInfo
UnhookWindowsHookEx
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
LoadImageW
GetSubMenu
LoadMenuW
GetDesktopWindow
DestroyMenu
RegisterClipboardFormatW

gdi32

GetObjectW
BitBlt
ExcludeClipRect
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateDIBSection

advapi32

RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

shell32

Shell_NotifyIconW
SHGetFileInfoW
SHAppBarMessage
SHGetFolderLocation
ShellExecuteW
ExtractAssociatedIconExW
SHGetPathFromIDListW
ord25
SHBindToParent

ole32

CoCreateInstance
RegisterDragDrop
OleUninitialize
CreateStreamOnHGlobal
OleInitialize

comctl32

ImageList_Add
ImageList_Destroy
ImageList_Create

msi

ord173
ord217

shlwapi

PathRemoveFileSpecW
StrRetToBufW

imagehlp

MapFileAndCheckSumW

gdiplus

GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipFree
GdipDeletePen
GdipDeleteGraphics
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdiplusStartup
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreatePath
GdipCreateFontFamilyFromName
GdipDrawString
GdipDeletePath
GdipAddPathString
GdipCreateFont
GdipCreateSolidFill
GdipDeleteFontFamily
GdipSetSmoothingMode
GdipDeleteFont
GdipSetTextRenderingHint
GdipMeasureString
GdipStringFormatGetGenericDefault
GdipGetEmHeight
GdipCloneBrush
GdipDeleteBrush
GdipSetInterpolationMode
GdipDrawImagePointsI
GdipDrawRectangleI
GdipCreatePen1
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetPageUnit

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
uninst.exe.nsis
zlib1.dll
.dll windows:4 windows x86 arch:x86

66a201125fb55b79ced6d0ecd1985e10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Sleep
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_lseek
_open
_read
_write
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_iob
abort
fflush
fputc
free
fwrite
getenv
localeconv
malloc
memchr
memcpy
sprintf
strcat
strcpy
strerror
strlen
vfprintf
wcslen

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/chonglang.exe
.exe windows:5 windows x86 arch:x86

d377790d7113d47219b11ace4a6801e9

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:18:80:60:8d:4b:dc
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

02/08/2011, 07:18

Not After

02/08/2014, 13:34

Subject

CN=上海在天网络科技有限公司,O=上海在天网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c1377756c69616e677469616e406c6976652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

b6:6b:48:e8:c7:16:6e:2a:77:0a:4e:0a:de:42:3a:a9:4d:41:5e:66
Signer

Actual PE Digest

b6:6b:48:e8:c7:16:6e:2a:77:0a:4e:0a:de:42:3a:a9:4d:41:5e:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\我的文档\visual studio 2010\Projects\wz\Release\wz.pdb

Imports

shell32

ShellExecuteW

kernel32

InterlockedDecrement
GetStringTypeW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WideCharToMultiByte
HeapSize
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

19:9d:f8:79Certificate

Key Usages

1b:18:80:60:8d:4b:dcCertificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

01Certificate

Key Usages

db:65:ab:7c:4f:bd:20:fb:58:35:c5:b8:e9:1e:22:73:90:f2:64:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 16KB - Virtual size: 16KB

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

49bf2966d2afd5b0b2379acf629be26a

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 689B

.data Size: 512B - Virtual size: 108B

.reloc Size: 512B - Virtual size: 256B

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

19:9d:f8:79
Certificate

1b:18:80:60:8d:4b:dc
Certificate

39
Certificate

01
Certificate

db:65:ab:7c:4f:bd:20:fb:58:35:c5:b8:e9:1e:22:73:90:f2:64:3b
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 689B

.data
Size: 512B - Virtual size: 108B

.reloc
Size: 512B - Virtual size: 256B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 40KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 512B - Virtual size: 474B

.rdata
Size: 512B - Virtual size: 387B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 112B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B