dialog
initDialog
show
Overview
overview
6Static
static
38c94db987a...18.exe
windows7-x64
38c94db987a...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...it.exe
windows7-x64
3$PLUGINSDI...it.exe
windows10-2004-x64
3$SYSDIR/pncrt.dll
windows7-x64
3$SYSDIR/pncrt.dll
windows10-2004-x64
3NetAgent.dll
windows7-x64
3NetAgent.dll
windows10-2004-x64
3QvodBand.dll
windows7-x64
3QvodBand.dll
windows10-2004-x64
3QvodInit.exe
windows7-x64
3QvodInit.exe
windows10-2004-x64
3QvodInsert.dll
windows7-x64
3QvodInsert.dll
windows10-2004-x64
3QvodPlayer.exe
windows7-x64
6QvodPlayer.exe
windows10-2004-x64
6Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
8c94db987a495af7cc44b2ab62833e8d_JaffaCakes118.exe
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
8c94db987a495af7cc44b2ab62833e8d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/QvodInit.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/QvodInit.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
$SYSDIR/pncrt.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
$SYSDIR/pncrt.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
NetAgent.dll
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
NetAgent.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral13
Sample
QvodBand.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral14
Sample
QvodBand.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral15
Sample
QvodInit.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral16
Sample
QvodInit.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral17
Sample
QvodInsert.dll
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral18
Sample
QvodInsert.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral19
Sample
QvodPlayer.exe
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
QvodPlayer.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
8c94db987a495af7cc44b2ab62833e8d_JaffaCakes118
-
Size
1.1MB
-
MD5
8c94db987a495af7cc44b2ab62833e8d
-
SHA1
69241994fa2352efe7c7162da904470b9630c4c8
-
SHA256
1bce98e9673f7927041295a256b41d6925d78f6f8c3efef5e7b8c9ed06adf1a2
-
SHA512
444ea0b3f2c43011af29327e1c9107b8c844515e7f0d958a6cdf3e9539ee3c7e344cefdc131813b50b703a10c6f3e053685974aa58a1c2fe1d561ecc93e8eb98
-
SSDEEP
24576:/81RPrTQ3jMw27a1i8/fzt3T2dxiTwpPg42dWaNioa8T+2gl:krekaT/pVTwF4QaX7+2W
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource 8c94db987a495af7cc44b2ab62833e8d_JaffaCakes118 unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/$PLUGINSDIR/LangDLL.dll unpack001/$SYSDIR/pncrt.dll unpack001/QvodInsert.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
8c94db987a495af7cc44b2ab62833e8d_JaffaCakes118.exe windows:4 windows x86 arch:x86
dfb06052e74b26a42b0e490bd1c07959
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 40KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
user32
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
gdi32
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
shell32
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/LangDLL.dll.dll windows:4 windows x86 arch:x86
9b6b6a7858e17fb0b17e1c1428330343
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
user32
SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC
gdi32
CreateFontIndirectA
GetDeviceCaps
DeleteObject
Exports
Exports
LangDialog
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 697B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 322B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/QvodInit.exe.exe windows:4 windows x86 arch:x86
b15aa047ced3a842c3d63e77ae9cde2d
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20Signer
Actual PE Digest73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateToolhelp32Snapshot
TerminateProcess
CreateProcessA
GetTickCount
GetFileAttributesA
Process32First
GetTempFileNameA
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
DeleteFileA
MoveFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetModuleHandleA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
user32
FindWindowA
PostMessageA
advapi32
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService
shell32
SHChangeNotify
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
psapi
EnumProcessModules
GetModuleFileNameExA
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/qvod1.ini
-
$SYSDIR/pncrt.dll.dll windows:4 windows x86 arch:x86
828907b7a8ec04c9c4031e40ef2f76ec
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
HeapReAlloc
HeapValidate
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
GetSystemTime
GetModuleHandleA
Exports
Exports
$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
SetUserHeapAlloc
SetUserHeapCalloc
SetUserHeapFree
SetUserHeapReAlloc
SetUserHeapSize
SetUserHeapValidate
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtHeapAlloc
_CrtHeapCalloc
_CrtHeapFree
_CrtHeapReAlloc
_CrtHeapSize
_CrtHeapValidate
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp
Sections
.text Size: 212KB - Virtual size: 211KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
NetAgent.dll.dll windows:4 windows x86 arch:x86
f618d4cb4d41a461355f2eab6ae077ff
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
10:0a:b5:d6:6a:3b:83:25:44:3d:1c:58:79:b2:91:65:cf:37:18:92Signer
Actual PE Digest10:0a:b5:d6:6a:3b:83:25:44:3d:1c:58:79:b2:91:65:cf:37:18:92Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
ws2_32
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket
WSACloseEvent
recv
WSAGetLastError
send
socket
WSACreateEvent
connect
WSAEventSelect
htons
gethostbyname
kernel32
GetStdHandle
LCMapStringW
LCMapStringA
CreateEventA
WaitForSingleObject
SetEvent
RtlUnwind
GetLastError
MoveFileW
DeleteFileW
CreateDirectoryW
CloseHandle
GetFileType
CreateFileW
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetFilePointer
HeapAlloc
SetStdHandle
SetHandleCount
GetStartupInfoA
SetEndOfFile
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
Exports
Exports
CreateAndRunAgent
GetDownloadLen
GetFileLen
Seek
Terminate
Sections
.text Size: 48KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
QvodBand.dll.dll regsvr32 windows:4 windows x86 arch:x86
0e32a3b828b41920c248142fcbc590d3
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
02:c7:4f:c2:b1:d8:13:17:21:31:17:2e:f8:ad:32:ff:12:0b:61:b8Signer
Actual PE Digest02:c7:4f:c2:b1:d8:13:17:21:31:17:2e:f8:ad:32:ff:12:0b:61:b8Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
WideCharToMultiByte
GetModuleFileNameA
CreateProcessA
GetTickCount
GetFileAttributesA
CloseHandle
Sleep
FlushFileBuffers
SetStdHandle
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA
user32
LoadStringA
InsertMenuItemA
LoadImageA
FindWindowA
SendMessageA
gdi32
DeleteObject
advapi32
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
shell32
DragQueryFileA
ole32
CoTaskMemFree
StringFromIID
ReleaseStgMedium
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 40KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
QvodInit.exe.exe windows:4 windows x86 arch:x86
b15aa047ced3a842c3d63e77ae9cde2d
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20Signer
Actual PE Digest73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateToolhelp32Snapshot
TerminateProcess
CreateProcessA
GetTickCount
GetFileAttributesA
Process32First
GetTempFileNameA
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
DeleteFileA
MoveFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetModuleHandleA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
user32
FindWindowA
PostMessageA
advapi32
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService
shell32
SHChangeNotify
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
psapi
EnumProcessModules
GetModuleFileNameExA
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
QvodInsert.dll.dll regsvr32 windows:4 windows x86 arch:x86
512da446183fb702675cbe4761220c96
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
HeapDestroy
lstrcpyW
lstrcatW
LocalFree
SetEnvironmentVariableA
GetLocaleInfoW
SetConsoleCtrlHandler
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
CreateFileW
IsBadCodePtr
IsBadReadPtr
CreateFileA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
FlushFileBuffers
GetModuleHandleW
LCMapStringW
LCMapStringA
CompareStringW
CompareStringA
UnhandledExceptionFilter
GetModuleHandleA
HeapSize
TerminateProcess
SetLastError
TlsFree
TlsAlloc
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
FatalAppExitA
ExitProcess
RaiseException
GetVersion
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
RtlUnwind
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
DuplicateHandle
GetShortPathNameW
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetLocalTime
GetSystemDefaultLangID
OpenMutexW
OpenSemaphoreW
GetSystemTime
CreateProcessW
GetFileAttributesW
CreateDirectoryW
SetEnvironmentVariableW
CopyFileW
GetTickCount
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileW
FindNextFileW
GetLastError
WaitForSingleObject
ResetEvent
FindFirstFileW
FindClose
Sleep
DeleteCriticalSection
CloseHandle
CreateEventW
SetEvent
InitializeCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
GetVersionExW
GetProcAddress
InterlockedDecrement
lstrlenW
GetUserDefaultLangID
WriteFile
user32
LoadStringW
GetClientRect
FillRect
GetDC
ReleaseDC
SendMessageW
IsWindow
SetCapture
CharNextW
SetWindowPos
CreateWindowExW
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
ReleaseCapture
wvsprintfW
GetActiveWindow
DrawTextW
DialogBoxParamW
ClientToScreen
FindWindowW
CreateMenu
GetSubMenu
CharLowerW
UnionRect
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
GetQueueStatus
DispatchMessageW
DestroyWindow
SetTimer
SetRectEmpty
MoveWindow
InvalidateRect
ShowWindow
FindWindowExW
PostMessageW
SetWindowTextW
BringWindowToTop
ShowCursor
GetDesktopWindow
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
SetSysColors
GetSysColor
EnumChildWindows
LoadImageW
GetClassNameW
LoadBitmapW
GetParent
GetKeyState
MessageBoxW
SetDlgItemInt
GetDlgItemTextW
CheckRadioButton
SetDlgItemTextW
GetDlgCtrlID
EndDialog
CopyRect
SetRect
GetSystemMetrics
SystemParametersInfoW
SetParent
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterHotKey
UnregisterHotKey
KillTimer
TrackPopupMenu
EnableWindow
CreateDialogParamW
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
GetDlgItem
InvalidateRgn
CreateAcceleratorTableW
RedrawWindow
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
wsprintfW
GetWindowTextLengthW
GetWindowTextW
GetWindow
RegisterWindowMessageW
GetClassInfoExW
RegisterClassExW
SetCursor
LoadCursorW
gdi32
TextOutW
GetStockObject
GetDeviceCaps
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetTextAlign
CreateSolidBrush
BitBlt
DeleteDC
CreateFontIndirectW
DeleteObject
SetDIBits
CreatePatternBrush
Rectangle
SetBkMode
GetDIBits
SetTextColor
StretchDIBits
SetStretchBltMode
CreateDIBSection
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
SelectObject
CreateDCW
CreateMetaFileW
comdlg32
ChooseColorW
GetOpenFileNameW
ChooseFontA
GetSaveFileNameW
advapi32
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
shell32
ShellExecuteW
ole32
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoInitializeEx
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
StringFromCLSID
CoCreateInstance
OleRegGetMiscStatus
WriteClassStm
CoUninitialize
CoFreeUnusedLibraries
OleSaveToStream
CreateDataAdviseHolder
OleLoadFromStream
oleaut32
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
VariantInit
SafeArrayCreate
SafeArrayPutElement
VariantCopy
VariantClear
SysAllocString
SysFreeString
ws2_32
WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
htonl
connect
recv
inet_addr
htons
send
WSAEventSelect
setsockopt
closesocket
socket
WSAGetLastError
ntohs
ntohl
gethostbyname
inet_ntoa
winmm
timeGetTime
timeSetEvent
quartz
AMGetErrorTextW
comctl32
ImageList_LoadImageW
_TrackMouseEvent
InitCommonControlsEx
ImageList_Destroy
ord16
msimg32
AlphaBlend
TransparentBlt
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 516KB - Virtual size: 515KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 84KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 80KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
QvodPlayer.exe.exe windows:4 windows x86 arch:x86
1804f662d6972fd3d24222e8aab5fa2e
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
99:1e:70:83:26:88:9a:f5:e0:4b:72:31:eb:e1:44:a6:79:da:58:feSigner
Actual PE Digest99:1e:70:83:26:88:9a:f5:e0:4b:72:31:eb:e1:44:a6:79:da:58:feDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindFirstChangeNotificationW
GlobalSize
CreateProcessW
OpenSemaphoreW
GetDiskFreeSpaceExW
SystemTimeToTzSpecificLocalTime
RemoveDirectoryW
FileTimeToSystemTime
GetWindowsDirectoryA
MoveFileW
GetTickCount
GetTempPathW
CreateMutexW
OpenMutexW
HeapDestroy
LocalFree
SetEnvironmentVariableA
GetOEMCP
GetACP
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
SetEndOfFile
GetStartupInfoA
GetStdHandle
SetHandleCount
FindNextChangeNotification
CompareStringW
CompareStringA
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
UnhandledExceptionFilter
HeapSize
TerminateProcess
WriteFile
SetLastError
TlsAlloc
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
CreateFileA
GetFileType
GetFileAttributesA
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetTimeZoneInformation
RtlUnwind
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
FindCloseChangeNotification
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleHandleW
GetDriveTypeW
GetVolumeInformationW
SetSystemPowerState
SetThreadExecutionState
lstrcpynA
lstrcpynW
SetEnvironmentVariableW
GetSystemDirectoryW
CopyFileW
GetSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
DeviceIoControl
GetProcessHeap
HeapAlloc
HeapFree
lstrcpyW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
WaitForSingleObject
ResetEvent
Sleep
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
GetFileAttributesW
FindNextFileW
FindClose
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
CreateDirectoryW
SetFileAttributesW
GetLocalTime
DeleteFileW
InterlockedIncrement
GetUserDefaultLangID
lstrlenW
GetProcAddress
InterlockedDecrement
GetVersionExW
FreeLibrary
LoadLibraryW
SetStdHandle
RaiseException
user32
GetDlgCtrlID
CheckRadioButton
SetDlgItemTextW
GetDlgItemTextW
EndDialog
DialogBoxParamW
ClientToScreen
EnumDisplayDevicesW
EnumDisplaySettingsW
SetParent
GetMenuItemInfoW
SetMenuItemInfoW
DeleteMenu
EnableWindow
ExitWindowsEx
SetDlgItemInt
GetActiveWindow
DrawTextW
IsMenu
CloseClipboard
GetClipboardData
OpenClipboard
GetDlgItemInt
GetDlgItemTextA
OffsetRect
UpdateWindow
SetForegroundWindow
MoveWindow
ShowWindow
PostMessageW
DestroyAcceleratorTable
CallNextHookEx
GetWindowRect
GetDesktopWindow
MessageBoxW
LoadStringW
CharNextW
CopyAcceleratorTableW
LoadAcceleratorsW
CreateMenu
MessageBeep
PeekMessageW
RemoveMenu
WindowFromPoint
GetKeyState
DestroyIcon
UnionRect
DispatchMessageW
TranslateMessage
GetMessageW
GetScrollInfo
GetMenuStringW
ModifyMenuW
GetMenuItemID
DefWindowProcW
GetClientRect
ReleaseDC
FillRect
GetDC
SendMessageW
wsprintfW
IsWindow
SetCapture
ReleaseCapture
SetWindowPos
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
DestroyWindow
SetRectEmpty
LoadCursorW
SetTimer
RegisterClassExW
GetClassInfoExW
InvalidateRect
FindWindowExW
ShowCursor
CharLowerW
LoadMenuW
SetRect
RegisterWindowMessageW
GetWindow
GetSystemMetrics
GetSystemMenu
TrackPopupMenu
SystemParametersInfoW
CopyRect
IsZoomed
IsIconic
UnregisterHotKey
FindWindowW
LoadIconW
CheckMenuItem
CheckMenuRadioItem
EnableMenuItem
CreateDialogParamW
GetSubMenu
RegisterHotKey
TranslateAcceleratorW
UnhookWindowsHookEx
SetWindowsHookExW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetKeyboardState
MapWindowPoints
TrackPopupMenuEx
IsWindowVisible
PostQuitMessage
LoadStringA
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
InvalidateRgn
RedrawWindow
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
GetDlgItem
SetWindowRgn
LoadBitmapW
GetClassNameW
LoadImageW
EnumChildWindows
GetSysColor
SetSysColors
GetParent
SetCursor
GetCursorPos
ScreenToClient
PtInRect
BringWindowToTop
KillTimer
GetWindowTextLengthW
gdi32
SetViewportOrgEx
Rectangle
CreatePatternBrush
GetTextExtentPoint32W
SetDIBits
SetBkColor
ExtTextOutW
GetCurrentObject
GetPixel
CreatePen
MoveToEx
LineTo
CreateDIBSection
SetStretchBltMode
StretchDIBits
SetTextColor
GetDIBits
SetBkMode
CreateFontIndirectW
GetStockObject
GetDeviceCaps
CreateRectRgn
CombineRgn
GetObjectW
StretchBlt
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
RoundRect
CreateCompatibleDC
DeleteObject
comdlg32
ChooseColorW
ChooseFontA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
advapi32
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW
shell32
SHFileOperationW
Shell_NotifyIconW
SHChangeNotify
SHAppBarMessage
ExtractIconW
DragFinish
DragAcceptFiles
ShellExecuteW
SHBrowseForFolderW
DragQueryFileW
SHGetPathFromIDListW
ole32
CLSIDFromProgID
CoTaskMemFree
OleUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
CoFreeUnusedLibraries
CoUninitialize
CoInitializeSecurity
OleInitialize
oleaut32
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
LoadRegTypeLi
SysStringLen
OleCreatePropertyFrame
VariantInit
VariantCopy
VariantClear
SysAllocString
GetErrorInfo
ws2_32
gethostbyname
inet_ntoa
ntohl
WSACleanup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAEventSelect
gethostname
htonl
inet_addr
htons
recv
send
WSAGetLastError
socket
setsockopt
connect
closesocket
ntohs
WSAStartup
winmm
mciSendStringW
timeGetTime
quartz
AMGetErrorTextW
iphlpapi
GetAdaptersInfo
comctl32
_TrackMouseEvent
ord16
ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_BeginDrag
ImageList_LoadImageW
InitCommonControlsEx
msimg32
AlphaBlend
TransparentBlt
urlmon
CoInternetGetSession
Sections
.text Size: 984KB - Virtual size: 983KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 80KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ