734873dbd81725b2720e775eaf6bc370_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

734873dbd81725b2720e775eaf6bc370_JaffaCakes118
Size

6.1MB
MD5

734873dbd81725b2720e775eaf6bc370
SHA1

3a25a4df300f0487d97a469af7d760835387b0d1
SHA256

090758bb6d01518a1bff7f00997db6b5d545319661b1d8fe20b406fd77ca5666
SHA512

d10ecc0b06d316e9cb930a2891bf26b8f47151eaca30d2ffc3e9fb8c61de19fa61dfd86e7456707df5ef530717030e846de34e979a22d0104e4be2b1d546de9e
SSDEEP

98304:E4SLmc+oT9yCgoCVxWTHrx8q4tFgOB2K2NtXd331PfGgebge0Urk4V+ubXB9L:EWz6tHYk7rz4tmOBmN5dnM+UrL+SRp

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/tutudisk(normal)/enswerapi.dll	patched_upx

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
734873dbd81725b2720e775eaf6bc370_JaffaCakes118
unpack001/tutudisk(fast)/pthreadVC2.dll
unpack001/tutudisk(fast)/tutudiskDown.exe
unpack001/tutudisk(normal)/CluUploaderDll.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack001/tutudisk(normal)/Winup3.0_down_wp001.exe
unpack001/tutudisk(normal)/enswerapi.dll
unpack001/tutudisk(normal)/gmarket_200004321.exe
unpack003/$PLUGINSDIR/DLLWebCount.dll
unpack003/$PLUGINSDIR/SelfDelete.dll
unpack001/tutudisk(normal)/tutu_icon_set.exe
unpack001/tutudisk(normal)/tutudiskDown.exe
unpack001/tutudisk(normal)/tutudiskUp.exe

NSIS installer 8 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/tutudisk(normal)/FineTop__FT72.exe	nsis_installer_1
static1/unpack001/tutudisk(normal)/FineTop__FT72.exe	nsis_installer_2
static1/unpack001/tutudisk(normal)/gmarket_200004321.exe	nsis_installer_1
static1/unpack001/tutudisk(normal)/gmarket_200004321.exe	nsis_installer_2
static1/unpack001/tutudisk(normal)/tutu_icon_set.exe	nsis_installer_1
static1/unpack001/tutudisk(normal)/tutu_icon_set.exe	nsis_installer_2

Files

734873dbd81725b2720e775eaf6bc370_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$SYSDIR/tutudisk.ico
tutudisk(fast)/UnExpService.bat
tutudisk(fast)/ext/fs.lib
tutudisk(fast)/msvcr71.dll
.dll windows:4 windows x86 arch:x86

7acc8c379c768a1ecd81ec502ff5f33e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:bb:cc:f6:32:62:76:b4:13:a1:ec:ed:1b:f7:84:2a:6d:1d:da:07
Signer

Actual PE Digest

33:bb:cc:f6:32:62:76:b4:13:a1:ec:ed:1b:f7:84:2a:6d:1d:da:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr71.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPAGIPBGPAD@Z
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CppXcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_purecall_handler
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tutudisk(fast)/pthreadVC2.dll
.dll windows:4 windows x86 arch:x86

cdb27fb2f0594d54544e89a6bc6e3a1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
_beginthreadex
malloc
exit
longjmp
_ftime
_errno
_setjmp3
_endthreadex
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

TlsSetValue
EnterCriticalSection
TlsAlloc
GetCurrentProcessId
OpenProcess
LoadLibraryA
WaitForMultipleObjects
FreeLibrary
GetProcAddress
SetThreadPriority
ReleaseSemaphore
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
TlsFree
CreateSemaphoreA
SetEvent
CloseHandle
WaitForSingleObject
CreateEventA
InterlockedExchangeAdd
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
ResetEvent
GetCurrentProcess
GetCurrentThreadId
Sleep
GetThreadPriority
DuplicateHandle
GetCurrentThread
GetProcessAffinityMask
SetLastError
TlsGetValue
GetLastError
InterlockedDecrement

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tutudisk(fast)/sver.ini
tutudisk(fast)/tutudisk.ico
tutudisk(fast)/tutudiskDown.exe
.exe windows:4 windows x86 arch:x86

62faa98fbb0bca0eec7e3c16302b6c50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\클루넷\새 폴더\service_develop\HighDown\branches\tutudisk_NoEnswer__\SpeedDown\DownClient\release\HiDiskDown.pdb

Imports

ws2_32

select
getsockopt
__WSAFDIsSet
bind
htons
setsockopt
WSAEventSelect
WSACreateEvent
WSAGetLastError
ntohs
htonl
connect
closesocket
WSACloseEvent
WSAStartup
WSACleanup
listen
accept
send
recv
ioctlsocket
socket
ntohl
gethostname
inet_addr
gethostbyname
inet_ntoa
WSASocketW

iphlpapi

GetIpNetTable
GetAdaptersInfo

kernel32

GetModuleHandleA
WritePrivateProfileStringW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameW
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalGetAtomNameW
FreeResource
SetErrorMode
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
HeapReAlloc
ExitThread
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetDriveTypeA
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
ReadDirectoryChangesW
RaiseException
GetModuleFileNameA
CreateFileA
IsProcessorFeaturePresent
GetSystemInfo
lstrcmpiW
GlobalMemoryStatus
FindNextFileW
GetDriveTypeW
GetFileTime
SetFileTime
GlobalMemoryStatusEx
GetFileSizeEx
MoveFileExW
SetEndOfFile
SetFilePointer
GetCurrentThreadId
LocalAlloc
ResetEvent
CreateNamedPipeW
ExitProcess
GetExitCodeProcess
TerminateProcess
OpenMutexW
GetCurrentProcessId
OpenEventW
SetFilePointerEx
ReadFile
CreateProcessW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetLocalTime
FreeLibrary
CreateDirectoryW
InterlockedDecrement
QueryPerformanceCounter
QueryPerformanceFrequency
CreateThread
CreateEventW
SetEvent
TerminateThread
SuspendThread
MoveFileW
WriteFile
DeleteFileW
WaitForSingleObject
LocalFree
ReleaseMutex
ResumeThread
SetThreadPriority
GetVersionExW
lstrcpynW
GetModuleHandleW
SetLastError
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GlobalReAlloc
FindFirstFileW
GetFileSize
CreateFileW
FindClose
HeapAlloc
HeapDestroy
HeapFree
HeapCreate
LeaveCriticalSection
DeleteCriticalSection
lstrlenA
EnterCriticalSection
GetFileAttributesW
FindResourceW
GetTickCount
LoadResource
LockResource
lstrcpyW
GetProcAddress
WideCharToMultiByte
SizeofResource
lstrcmpW
LoadLibraryW
GetVersionExA
lstrlenW
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleFileNameW
InitializeCriticalSection
GetCommandLineW
SetCurrentDirectoryW
CloseHandle
GetCurrentProcess
Sleep
GetLastError
CreateMutexW

user32

BringWindowToTop
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatW
PostThreadMessageW
SetWindowTextW
IsDialogMessageW
SystemParametersInfoW
GetMenuItemInfoW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
GetMessageW
ValidateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
IntersectRect
SetMenu
IsIconic
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
RegisterWindowMessageW
wsprintfW
EnumWindows
GetWindowTextW
AttachThreadInput
GetForegroundWindow
SetWindowPos
EnableMenuItem
CreateWindowExW
DestroyWindow
DefWindowProcW
IsWindowVisible
ReleaseDC
MapWindowPoints
GetWindowThreadProcessId
GetClassNameW
DrawFocusRect
GetFocus
FillRect
FindWindowW
SetWindowRgn
LoadCursorW
GetActiveWindow
SetRect
GetDC
GetWindowLongW
CallWindowProcW
MessageBoxW
IsWindow
GetDesktopWindow
GetParent
SetCursor
UpdateWindow
RedrawWindow
CopyRect
PtInRect
LoadImageW
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
OffsetRect
GetSystemMetrics
InflateRect
GetSysColor
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
CreatePopupMenu
CloseWindow
GetClientRect
InvalidateRect
KillTimer
GetWindowRect
LoadBitmapW
ReplyMessage
SetTimer
DispatchMessageW
TranslateMessage
SetWindowLongW
PeekMessageW
PostMessageW
EnableWindow
ExitWindowsEx
TranslateAcceleratorW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
UnregisterClassW
AppendMenuW
SendMessageW
GetSysColorBrush
CharUpperW
DrawIcon
IsRectEmpty
SystemParametersInfoA
MoveWindow
SetForegroundWindow
GetSystemMenu
ShowWindow
LoadIconW
GetKeyState
GetClassInfoW
UnregisterClassA
RegisterClassExW

gdi32

RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
PtVisible
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetBkMode
GetDIBits
CreateDCW
GetPixel
CreateRectRgn
CreateFontW
CreatePen
SetRectRgn
CreateRectRgnIndirect
GetDeviceCaps
CreateDIBSection
CombineRgn
ExtCreateRegion
DeleteDC
SetBkColor
BitBlt
GetMapMode
SetMapMode
CreateCompatibleBitmap
CreateBitmap
DPtoLP
SelectObject
DeleteObject
CreateFontIndirectW
Rectangle
GetTextExtentPoint32W
GetStockObject
CreateCompatibleDC
GetObjectW
CreateSolidBrush
StretchBlt
RestoreDC
SaveDC
GetClipBox
SetTextColor

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegConnectRegistryW
RegQueryValueW
RegOpenKeyW
QueryServiceConfigW
DeleteService
ControlService
CreateServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExA
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
DragFinish
DragQueryFileW
SHGetFileInfoW

comctl32

InitCommonControlsEx

shlwapi

StrFormatByteSizeW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathGetArgsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CoUninitialize
CLSIDFromProgID
CoCreateInstance
OleRun
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoInitializeEx
CoFreeUnusedLibraries
OleUninitialize
CoInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SysStringLen
VariantInit
VariantClear
SysAllocString
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString
GetErrorInfo

version

VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 376KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tutudisk(normal)/CluUploaderDll.dll
.dll windows:4 windows x86 arch:x86

a37fb62db372a1b057cc8e6fe4ac98cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PROJECT\org_src\UploaderLibraryDll\release\CluUploaderDll.pdb

Imports

ws2_32

getsockopt
__WSAFDIsSet
WSAStartup
WSACleanup
WSAGetLastError
gethostbyname
bind
listen
ntohs
connect
send
recv
closesocket
setsockopt
ioctlsocket
socket
htons
select
inet_ntoa
accept
inet_addr

kernel32

GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
WritePrivateProfileStringW
GlobalFlags
CompareStringW
GetModuleHandleA
InterlockedIncrement
GetVersionExA
LoadLibraryA
GlobalFindAtomW
GetThreadLocale
WriteFile
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetFullPathNameW
GlobalReAlloc
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetDriveTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
HeapReAlloc
ExitProcess
ExitThread
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetCurrentDirectoryA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetDriveTypeA
SetEnvironmentVariableA
TlsGetValue
LocalAlloc
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
GetCurrentProcessId
SetLastError
GlobalAddAtomW
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetModuleHandleW
lstrlenW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileSizeEx
CompareFileTime
DeleteFileW
GetTickCount
GetFileTime
GetFileSize
SetFilePointer
ReadFile
CreateFileW
CreateThread
CreateEventW
CloseHandle
SetEvent
WaitForSingleObject
TerminateThread
SuspendThread
CreateDirectoryW
lstrlenA
GetLastError
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetLocalTime
Sleep
ResumeThread
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

DestroyMenu
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
LoadCursorW
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetSysColor
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
UnregisterClassW
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetSysColorBrush
ShowWindow
CopyRect
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
PeekMessageW
TranslateMessage
DispatchMessageW
UnregisterClassA
SetWindowTextW

gdi32

SetMapMode
GetClipBox
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
TextOutW
RectVisible
PtVisible
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
Escape
GetDeviceCaps
CreateBitmap
ExtTextOutW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegConnectRegistryW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathFindFileNameW
PathFindExtensionW

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear
SysFreeString
GetErrorInfo

Exports

Exports

CancelHashing
Dispose
GetNativeGridId
Initialize
SetCurrentUploadSpeed
SetHashingFileInfo
SetNativeGridId
StartHashing

Sections

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tutudisk(normal)/FineTop__FT72.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:d3:a7:b1:e9:14:d8:85:50:9c:16:51:fe:20:08:d0
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/12/2010, 00:00

Not After

02/02/2012, 23:59

Subject

CN=nbiz Ltd.,OU=Development Department,O=nbiz Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

40ffeaaff4dd6648ff7802eda4676ee6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetVersionExA
lstrcmpiA
GetCurrentThreadId
GetProcAddress
GetCommandLineA
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
SetEvent
lstrlenA
SetCurrentDirectoryA
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetModuleHandleA
GetExitCodeThread
CreateThread
CreateFileMappingA
CreateEventA
GlobalAlloc
CreateProcessA
GetLastError
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
DuplicateHandle
LoadLibraryA

user32

GetClassNameA
SetWindowsHookExA
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
DefWindowProcA
SetForegroundWindow
PostMessageA
CreateWindowExA
GetWindowThreadProcessId
CallWindowProcA
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClientRect
LoadIconA
CreateDialogParamA
IsWindowVisible
CallNextHookEx
CharNextA
DialogBoxParamA
SendMessageW
MessageBoxA
EndDialog
SetWindowLongA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
LoadImageA

advapi32

GetUserNameA
OpenSCManagerA
GetTokenInformation
OpenProcessToken
CloseServiceHandle
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
QueryServiceStatus
OpenServiceA

shell32

ShellExecuteExA

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tutudisk(normal)/Winup3.0_down_wp001.exe
.exe windows:5 windows x86 arch:x86

52677c3945f8762a132317bfccb7b69c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\nsp2007\to trunk\Usermode\Package\Downloader\bin\downloader.pdb

Imports

kernel32

GetTickCount
FormatMessageW
LocalFree
CreateFileW
GetModuleFileNameW
TerminateProcess
WaitForSingleObject
CreateMutexW
FreeResource
DeleteFileW
SetFileAttributesW
SetEvent
WriteFile
SetFilePointer
GetTempPathW
GetTempFileNameW
CopyFileW
Sleep
VirtualFree
GetFileAttributesW
CreateEventW
VirtualAlloc
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GetUserDefaultLangID
SetLastError
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
CloseHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
ReadFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
ExitProcess
IsProcessorFeaturePresent
OutputDebugStringW
GetModuleHandleW
GetStartupInfoW
WriteConsoleW
OpenProcess
GetLastError
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
GetCommandLineW
CreateThread
GetCurrentThreadId
ExitThread
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte

user32

RegisterClassW
GetWindowRect
GetDesktopWindow
SetWindowPos
GetParent
GetDC
ReleaseDC
GetClientRect
ScreenToClient
InvalidateRect
UpdateWindow
PostMessageW
DrawTextW
CallWindowProcW
IsRectEmpty
InflateRect
BeginPaint
SendMessageW
EndDialog
CreateWindowExW
SetWindowTextW
MessageBoxW
DialogBoxParamW
FrameRect
EndPaint
GetWindowLongW
SetWindowLongW
FindWindowW
GetWindowThreadProcessId
GetClassInfoW
LoadIconW
DefWindowProcW

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
DeleteObject
EnumFontsW
DeleteDC

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHCreateDirectoryExW
ShellExecuteExW

ole32

CreateStreamOnHGlobal

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAddExtensionW
PathFindExtensionW
PathFileExistsW
StrStrW

wininet

InternetReadFile
InternetWriteFile
InternetOpenW
InternetSetStatusCallbackW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetOpenUrlW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpQueryInfoW

comctl32

_TrackMouseEvent

gdiplus

GdipAlloc
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateSolidFill
GdipDisposeImage
GdipCreatePen1
GdipCloneBrush
GdipFree
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipCreateBitmapFromFileICM
GdipDrawImageI
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipDrawImageRectI
GdipFillRectangleI
GdipDrawRectangleI

ws2_32

inet_ntoa

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tutudisk(normal)/enswerapi.dll
.dll windows:4 windows x86 arch:x86

a0715cb0f483c1a9ac1099b7a266e4e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

closesocket
inet_ntoa
gethostbyname
send
inet_addr
ioctlsocket
htons
shutdown
setsockopt
socket
WSAStartup
WSAGetLastError

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
PeekNamedPipe
GetFileInformationByHandle
QueryPerformanceCounter
GetEnvironmentStringsW
CreateThread
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
CreatePipe
TerminateThread
CreateProcessA
CloseHandle
TerminateProcess
GetLastError
CreateMutexA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
GetVersionExA
CreateFileA
GetFileSize
GetLocaleInfoW
WriteFile
GetTickCount
LockResource
LoadResource
CreateDirectoryA
SizeofResource
FindResourceA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
GetFileAttributesA
MultiByteToWideChar
IsDBCSLeadByteEx
WideCharToMultiByte
InterlockedExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateFileW
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetCurrentDirectoryA
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RemoveDirectoryA
GetTimeFormatA
GetDateFormatA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
DuplicateHandle
DeleteFileA
GetTimeZoneInformation
FindNextFileA
GetCommandLineA
RtlUnwind
RaiseException
MoveFileA
HeapReAlloc
SetFilePointer
GetModuleHandleA
ExitProcess
GetFullPathNameA
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetLastError
GetStdHandle
GetStringTypeA

ws2_32

WSACreateEvent
WSACloseEvent
WSACleanup
WSARecv
WSAWaitForMultipleEvents
WSAConnect
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSAResetEvent

Exports

Exports

DeleteReport
EnswerAPIConnect
EnswerAPIConnectArg
EnswerAPIConnectArg2
EnswerAPIDelete
EnswerAPIDisconnect
EnswerAPIDownloadCheck
EnswerAPIDownloadCheckByKey
EnswerAPIGetErrorString
EnswerAPIGetHash
EnswerAPIGetLastError
EnswerAPIGetUnitedHash
EnswerAPIInit
EnswerAPINew
EnswerAPISetEnv
EnswerAPISetEnv2
EnswerAPISetLastError
EnswerAPIStopUploadCheck
EnswerAPIUploadCheck
EnswerAPIUploadCheck_NoHashCheck
NewReport

Sections

.text
Size: 472KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stabstr
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tutudisk(normal)/gmarket_200004321.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$FAVORITES/G.url
$PLUGINSDIR/DLLWebCount.dll
.dll windows:4 windows x86 arch:x86

324e87a129b7b2af320238c8ab284874

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord2512
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1199
ord1247
ord690
ord2393
ord800
ord5207
ord860
ord389
ord540
ord1176
ord1243
ord2554
ord4486
ord6375
ord3825
ord4274
ord269
ord826
ord600
ord1578
ord6467

msvcrt

__CxxFrameHandler
_EH_prolog
??1type_info@@UAE@XZ
_onexit
__dllonexit

kernel32

LocalFree
lstrcpyA
GlobalFree
LocalAlloc

user32

wsprintfA
MessageBoxA

Exports

Exports

DLLWebCount
myFunction

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SelfDelete.dll
.dll windows:4 windows x86 arch:x86

3d91458bc90a151726bcfdaeff902d08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
free
_onexit
__dllonexit
??1type_info@@UAE@XZ
strrchr
_adjust_fdiv
malloc
_initterm

kernel32

LocalFree
LocalAlloc
CreateFileA
GetModuleFileNameA
lstrcpyA
lstrlenA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
ResumeThread
SetPriorityClass

user32

wsprintfA

shell32

SHChangeNotify

mfc42

ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord1253
ord1255
ord6467
ord1578
ord600
ord269
ord826

Exports

Exports

SelfDelete

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/g_icon.ico
tutudisk(normal)/tutu_icon_set.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tutudisk.ico
tutudisk(normal)/tutudisk.ico
tutudisk(normal)/tutudiskDown.exe
.exe windows:4 windows x86 arch:x86

bd9c0b6e3bb7e06c035fdbb665370902

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\tutu_source\Source\tutudisk.com\src_client\down_client\Release\down_client.pdb

Imports

kernel32

VirtualQuery
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetDriveTypeA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
VirtualProtect
RtlUnwind
GetVersionExA
ExitProcess
SetErrorMode
GetOEMCP
GetCPInfo
GetFileTime
GetFileAttributesA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
LocalAlloc
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryA
WritePrivateProfileStringA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetFullPathNameA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
SetLastError
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalDeleteAtom
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
FreeLibrary
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
GetCurrentProcess
lstrcatA
GetPrivateProfileStringA
GetCommandLineA
GetTickCount
GetNumberFormatA
GetDiskFreeSpaceExA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
InterlockedDecrement
GetModuleFileNameA
CreateProcessA
GetExitCodeProcess
FindFirstFileA
FindClose
GetVolumeInformationA
lstrcmpA
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventA
GetCurrentThread
SetThreadPriority
CreateDirectoryA
CreateFileA
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
lstrcpynA
MulDiv
lstrcpyA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetLastError
Sleep
lstrlenA
lstrcmpiA
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetStdHandle

user32

SetMenu
TranslateAcceleratorA
GetMenuItemInfoA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
wsprintfA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
ReleaseDC
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
BringWindowToTop
GetDlgCtrlID
DefWindowProcA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CharUpperA
MessageBoxA
GetClassInfoA
UnregisterClassA
LoadIconA
DrawIconEx
GetWindowLongA
CopyRect
PtInRect
InflateRect
LoadBitmapA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
ValidateRect
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
ExitWindowsEx
LockWindowUpdate
ReplyMessage
FindWindowA
SetWindowRgn
GetActiveWindow
SetRectEmpty
InsertMenuItemA
PostThreadMessageA
GetDC
SetRect
GetParent
GetWindowRect
IsWindow
SetWindowLongA
CallWindowProcA
UpdateWindow
SetCursor
WindowFromPoint
SetCapture
GetCapture
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
FillRect
DrawFocusRect
SendMessageA
GetClientRect
GetFocus
EnableWindow
PostMessageA
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
PeekMessageA
InvalidateRect
RedrawWindow
SetForegroundWindow
ShowWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
GetSystemMetrics
GetSysColor
ReleaseCapture
GetIconInfo
LoadImageA
DestroyIcon
OffsetRect
ClientToScreen

gdi32

CreateEllipticRgn
LPtoDP
Ellipse
CreatePatternBrush
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreatePen
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRectRgn
CreateFontA
CreateDIBSection
ExtCreateRegion
CombineRgn
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreateFontIndirectA
DeleteObject
GetStockObject
GetTextExtentPoint32A
StretchBlt
Rectangle
GetDeviceCaps
CreateCompatibleDC
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CreateSolidBrush

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegConnectRegistryA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
Shell_NotifyIconA

comctl32

ord17
ImageList_Draw
ImageList_Destroy
ImageList_GetImageInfo

shlwapi

PathGetArgsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrFormatByteSize64A
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocStringLen
VariantChangeType
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect

ws2_32

WSARecv
WSASend
WSAWaitForMultipleEvents
setsockopt
WSAConnect
WSASocketA
WSAGetLastError
select
__WSAFDIsSet
recv
socket
closesocket
inet_addr
htons
connect
WSACleanup
WSAStartup
gethostbyname

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tutudisk(normal)/tutudiskUp.exe
.exe windows:4 windows x86 arch:x86

7c52db7efda3901f8e1feeecf170f5bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\클루넷\새 폴더\service_develop\NormalDown\Branch\tutudisk.com\bin\tutudiskUp.pdb

Imports

enswerapi

EnswerAPIDelete
EnswerAPINew
EnswerAPIInit
EnswerAPISetEnv
EnswerAPIUploadCheck
DeleteReport
EnswerAPIStopUploadCheck
EnswerAPIConnect
EnswerAPIDisconnect
NewReport

kernel32

WritePrivateProfileStringA
GetCurrentDirectoryA
GetFileAttributesA
GetFileTime
SetErrorMode
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetCurrentProcessId
GetModuleFileNameW
FormatMessageA
LocalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
CreateDirectoryA
GetVersionExA
GetCurrentProcess
GetCommandLineA
GetTickCount
GetNumberFormatA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
InterlockedDecrement
GetModuleFileNameA
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
CloseHandle
CreateMutexA
Sleep
CompareStringA
CompareStringW
InterlockedExchange
GetVersion
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
MultiByteToWideChar
lstrcpynA
MulDiv
lstrcpyA
lstrlenA
IsDebuggerPresent

user32

BringWindowToTop
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
PostThreadMessageA
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
SetMenu
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
ReleaseDC
ExitWindowsEx
ReplyMessage
FindWindowA
SetWindowRgn
GetActiveWindow
GetDC
LoadBitmapA
SetRect
GetParent
GetWindowRect
IsWindow
SetWindowLongA
CallWindowProcA
RedrawWindow
UpdateWindow
SetCursor
WindowFromPoint
SetCapture
GetCapture
InvalidateRect
ClientToScreen
OffsetRect
DestroyIcon
LoadImageA
GetIconInfo
ReleaseCapture
TranslateAcceleratorA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColor
GetSystemMetrics
UnregisterClassA
GetMenuItemInfoA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
UnhookWindowsHookEx
SetWindowContextHelpId
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
DestroyMenu
ShowWindow
SetForegroundWindow
KillTimer
SetTimer
PostMessageA
GetClassInfoA
MessageBoxA
CharUpperA
EnableWindow
GetFocus
GetClientRect
SendMessageA
DrawFocusRect
FillRect
InflateRect
PtInRect
CopyRect
GetWindowLongA
DrawIconEx
LoadIconA
ShowScrollBar

gdi32

ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
TextOutA
PtVisible
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
CreatePatternBrush
RectVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreateFontIndirectA
DeleteObject
GetStockObject
GetObjectA
GetTextExtentPoint32A
Rectangle
GetDeviceCaps
SetRectRgn
CreateRectRgnIndirect
CreateSolidBrush
CreatePen
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRectRgn
CreateFontA
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
CreateCompatibleDC
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegConnectRegistryA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA

shell32

Shell_NotifyIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17

shlwapi

PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
StrFormatByteSize64A
PathGetArgsA
UrlUnescapeA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
OleCreateFontIndirect

ws2_32

gethostbyname
WSAStartup
WSACleanup
connect
htons
inet_addr
closesocket
socket
send
__WSAFDIsSet
WSAGetLastError
select
WSASocketA
WSAConnect
setsockopt
WSAWaitForMultipleEvents
WSASend
WSARecv
WSASetLastError

wininet

InternetQueryDataAvailable
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.text
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tutudisk(normal)/ver.ini
tutudisk(normal)/wtutudiskSetup2.exe
.exe windows:4 windows x86 arch:x86

3c81eca45eb7a6b225ef89e682e35723

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:37:47:52:fd:9f:e1:65:b2:e7:9b:76:5d:57:b1:ec
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/05/2011, 00:00

Not After

15/05/2014, 23:59

Subject

CN=The A MEDIA,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=The A MEDIA,L=GuroGU,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

CreateStreamOnHGlobal

comctl32

_TrackMouseEvent

shell32

ShellExecuteA

Sections

.text
Size: 282KB - Virtual size: 960KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 17KB

7acc8c379c768a1ecd81ec502ff5f33e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

33:bb:cc:f6:32:62:76:b4:13:a1:ec:ed:1b:f7:84:2a:6d:1d:da:07Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 226KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 952B

.reloc Size: 12KB - Virtual size: 10KB

cdb27fb2f0594d54544e89a6bc6e3a1b

Headers

File Characteristics

Imports

msvcrt

wsock32

kernel32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

62faa98fbb0bca0eec7e3c16302b6c50

Headers

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

kernel32

user32

gdi32

comdlg32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 17KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

33:bb:cc:f6:32:62:76:b4:13:a1:ec:ed:1b:f7:84:2a:6d:1d:da:07
Signer

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 376KB - Virtual size: 372KB

.data
Size: 1.4MB - Virtual size: 2.5MB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.text
Size: 404KB - Virtual size: 403KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 12KB - Virtual size: 127KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 32KB - Virtual size: 29KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

68:d3:a7:b1:e9:14:d8:85:50:9c:16:51:fe:20:08:d0
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 52KB