57b1e55e86d81e8c56a345f2b77d287a329dee25cbe43feeb3987fb2228c78ad

Sharing

Copy URL Twitter E-mail

General

Target

57b1e55e86d81e8c56a345f2b77d287a329dee25cbe43feeb3987fb2228c78ad
Size

7.0MB
MD5

7d23765ec49893bf1db3ab2164c66f84
SHA1

913f576f325354d93a2118c125a405da0c6615cf
SHA256

57b1e55e86d81e8c56a345f2b77d287a329dee25cbe43feeb3987fb2228c78ad
SHA512

7a142ad0664ac4e08b12733dcac4c68b47b6355944aae9905153f254c273c41cfefb6e1e8c9bd53c0b9a79e0de596ccbc06ec3bdbebed267881331d1f6219cc3
SSDEEP

196608:Zfq43RmLI/TBENrTYqEFvrTgHC7lB6EGKcubz0D:Zym85ZcRrTpDcTD

Score

1^/10

Malware Config

Signatures

Files

57b1e55e86d81e8c56a345f2b77d287a329dee25cbe43feeb3987fb2228c78ad
.zip
Basic.tpi
.dll windows:5 windows x86 arch:x86

e6843f238e0a0336718bb2c01a33d615

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

28/05/2024, 23:59

Subject

CN=Chengdu Qilu Technology Co. Ltd.,O=Chengdu Qilu Technology Co. Ltd.,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7b:b3:d1:7c:7c:8d:d2:ec:69:3c:53:14:81:3c:c2:be:27:ed:3d:d6:4c:a1:9d:0a:48:b5:37:03:ac:31:6f:82
Signer

Actual PE Digest

7b:b3:d1:7c:7c:8d:d2:ec:69:3c:53:14:81:3c:c2:be:27:ed:3d:d6:4c:a1:9d:0a:48:b5:37:03:ac:31:6f:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\.jenkins\workspace\lib_common\Basic\basic\Release\Basic.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ReleaseMutex
GetLongPathNameW
TerminateProcess
GetExitCodeProcess
GetCurrentThread
lstrcmpW
lstrcpynW
GetStartupInfoW
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetStdHandle
GetVersion
GetBinaryTypeW
FileTimeToLocalFileTime
OpenMutexW
OutputDebugStringW
CreatePipe
GetCommandLineW
FormatMessageA
LoadLibraryA
GetModuleFileNameA
DeviceIoControl
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
CreateThread
LoadLibraryExA
VirtualFree
DeleteFileW
GetFileAttributesExW
CreateFileW
GetTempFileNameW
GetTempPathW
CreateProcessW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetFileTime
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
Sleep
GetCurrentProcessId
GetCurrentProcess
OpenProcess
LocalFree
LocalAlloc
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
QueryDosDeviceW
GetLogicalDriveStringsW
DuplicateHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetPrivateProfileStringW
FindFirstFileExA
WriteConsoleW
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadProcessMemory
GetDateFormatW
GetACP
GetConsoleMode
GetConsoleCP
SetFilePointerEx
QueryPerformanceFrequency
CreateProcessA
ExitProcess
GetFileType
GetProcessTimes
GetVersionExW
GetSystemInfo
QueueUserWorkItem
ResetEvent
SwitchToThread
MoveFileExW
GetTickCount
WaitForMultipleObjects
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
WritePrivateProfileStringW
WideCharToMultiByte
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetFullPathNameW
lstrlenW
FindClose
CopyFileW
LoadLibraryW
CreateMutexW
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
CloseHandle
SizeofResource
LoadResource
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
SetStdHandle
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
GetSystemWindowsDirectoryW
FreeResource
CreateDirectoryW
SetFileTime
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetTimeFormatW
MoveFileW
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindNextFileA
OpenFileMappingW
TryEnterCriticalSection
AreFileApisANSI
HeapCreate
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetProcAddress
FreeLibrary
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetFileAttributesW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetSystemTime
QueryPerformanceCounter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
InterlockedDecrement
InterlockedIncrement
DecodePointer
CreateEventW
IsValidCodePage
SetEvent
TlsGetValue
TlsAlloc
FormatMessageW
GetStringTypeW

user32

GetWindowThreadProcessId
GetShellWindow
FindWindowW
PtInRect
GetMessageW
ShowWindow
PostMessageW
DispatchMessageW
PeekMessageW
UnregisterClassW
RegisterClassExW
LoadCursorW
SetWindowLongW
KillTimer
TranslateMessage
IsWindowVisible
CharNextW
DestroyWindow
IsWindow
CreateWindowExW
DefWindowProcW
PostThreadMessageW
GetParent
ScreenToClient
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetAsyncKeyState
SendMessageTimeoutW
GetWindow
FindWindowExW
SendMessageW
wsprintfW
GetWindowLongW
PostQuitMessage
SetTimer
CopyRect
OffsetRect
UnionRect
EqualRect
SetCursor
DrawFocusRect
MsgWaitForMultipleObjects
CallWindowProcW
GetClassInfoExW

gdi32

DeleteObject
RectVisible
GetObjectW
CreateDIBSection
SelectObject
SaveDC
RestoreDC
OffsetViewportOrgEx
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetViewportOrgEx

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
UnlockServiceDatabase
QueryServiceLockStatusW
StartServiceW
CreateServiceW
RegOpenKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
EqualSid
GetTokenInformation
OpenThreadToken
GetUserNameW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
DuplicateTokenEx
LookupPrivilegeValueW
GetLengthSid
CreateWellKnownSid
AdjustTokenPrivileges
SetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ChangeServiceConfigW
ChangeServiceConfig2W
ControlService
DeleteService
LockServiceDatabase

shell32

ord165
SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoInitializeSecurity
CLSIDFromProgID
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUI4FromStr
VarDateFromStr
SysAllocStringLen

shlwapi

PathCombineW
StrStrIW
StrStrIA
PathAppendW
PathFileExistsW
StrCmpIW
StrTrimA
StrCmpNIW
SHSetValueA
SHGetValueA
PathRemoveFileSpecW
SHGetValueW
wnsprintfW
AssocQueryStringW
PathIsRootW
PathIsRelativeW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
PathFileExistsA

comctl32

_TrackMouseEvent

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wtsapi32

WTSQueryUserToken

dbghelp

MakeSureDirectoryPathExists

wininet

InternetCrackUrlW
InternetGetConnectedState

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

iphlpapi

GetAdaptersInfo

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectRect

Exports

Exports

CreateTrayClient
GetBrowserVisitor
GetLuaExplain
luaopen_LDSBasic

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConfigCenter.dll
.dll windows:5 windows x86 arch:x86

abf9bb6937a6b295f8baff836b34d4b7

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bc
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:40:d3:8f:ff:0f:6e:d2:9e:05:c9:9c:d2:ef:6d:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:19:89:08:c3:cd:0c:30:64:49:51:c5:0f:d0:90:24:4b:7d:f9:1d:da:4b:cb:a2:6d:78:84:e9:86:df:0a:88
Signer

Actual PE Digest

18:19:89:08:c3:cd:0c:30:64:49:51:c5:0f:d0:90:24:4b:7d:f9:1d:da:4b:cb:a2:6d:78:84:e9:86:df:0a:88

Digest Algorithm

sha256

PE Digest Matches

true

15:88:c6:10:7d:b0:09:8f:e4:74:c5:78:60:03:9b:e8:1e:37:14:5f
Signer

Actual PE Digest

15:88:c6:10:7d:b0:09:8f:e4:74:c5:78:60:03:9b:e8:1e:37:14:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\lib_common\config_center\Release\ConfigCenter.pdb

Imports

kernel32

WaitForSingleObject
FreeLibrary
GetProcAddress
SetEvent
Sleep
GetTickCount
CreateEventW
LoadLibraryW
GetModuleFileNameW
GetPrivateProfileSectionW
WideCharToMultiByte
DecodePointer
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
CreateMutexW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
SetLastError
GetLastError
FindNextFileA
FindFirstFileExA
FindClose
GetConsoleMode
GetCurrentThreadId
RaiseException
GetLocalTime
CreateFileW
DeleteFileW
InterlockedExchange
InterlockedCompareExchange
GetCurrentProcess
GetFileSize
WriteFile
ReadFile
FlushFileBuffers
GetModuleHandleW
GetStartupInfoW
WaitForMultipleObjects
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
InterlockedExchangeAdd
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeResource
GetSystemWindowsDirectoryW
GetVersionExW
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP

user32

FindWindowW
GetWindowLongW
KillTimer
SetTimer
DestroyWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
RegisterWindowMessageW
LoadCursorW
SetWindowLongW
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
SendMessageW
PeekMessageW
DispatchMessageW
ShowWindow
SendMessageTimeoutW
GetMessageW
TranslateMessage

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ord165

ole32

CoUninitialize
CoCreateGuid
CoInitializeEx
CoInitialize

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathCombineW
PathRenameExtensionW
SHGetValueA
StrCmpNIW
StrStrIW
StrTrimA
StrStrIA
StrCmpIW
PathFileExistsW
SHSetValueA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

advapi32

RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegSetValueExW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Exports

Exports

CreateTrayClient
RunConfigCenter

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConfigCenterStub.dll
.dll windows:5 windows x86 arch:x86

f1d148c68a28fc6b8ada50cc133ff2b0

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:3a:9f:12:d7:27:bb:f0:11:99:e7:4e:0a:5c:7d:8a
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2019, 00:00

Not After

03/11/2020, 12:00

Subject

CN=Chengdu Qilu Technology Co. Ltd.,O=Chengdu Qilu Technology Co. Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:a2:c3:d3:42:a0:5e:b5:82:18:9a:9b:19:2f:d4:8b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/11/2017, 00:00

Not After

08/11/2020, 23:59

Subject

SERIALNUMBER=91510100394487762T,CN=Chengdu Qilu Technology Co. Ltd.,OU=IT Dept,O=Chengdu Qilu Technology Co. Ltd.,L=chengdu,ST=sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130647616f78696e,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:81:51:42:5f:ff:04:7c:dd:d6:82:30:af:c8:f3:c6:f5:e7:05:06:85:cd:b2:99:9e:a5:b9:85:a2:ae:e4:d4
Signer

Actual PE Digest

79:81:51:42:5f:ff:04:7c:dd:d6:82:30:af:c8:f3:c6:f5:e7:05:06:85:cd:b2:99:9e:a5:b9:85:a2:ae:e4:d4

Digest Algorithm

sha256

PE Digest Matches

true

dc:77:2a:28:b5:30:a4:70:90:6c:31:f3:5e:a4:0f:78:81:11:a7:37
Signer

Actual PE Digest

dc:77:2a:28:b5:30:a4:70:90:6c:31:f3:5e:a4:0f:78:81:11:a7:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\lib_common\config_center\Release\ConfigCenterStub.pdb

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
GetModuleFileNameW
DecodePointer
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
ReadConsoleW
SetEndOfFile
WriteConsoleW
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
HeapReAlloc
HeapAlloc
GetOEMCP
IsValidCodePage
HeapDestroy
LockResource
MultiByteToWideChar
GetFileSizeEx
GetLocalTime
CreateFileW
DeleteFileW
InterlockedExchange
GetCurrentThreadId
FreeLibrary
GetProcAddress
GetCurrentProcess
WriteFile
ReadFile
FlushFileBuffers
LoadLibraryW
GetModuleHandleW
GetStartupInfoW
WaitForMultipleObjects
IsDebuggerPresent
OutputDebugStringW
LoadLibraryExW
InterlockedExchangeAdd
GetCurrentProcessId
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA

user32

UnregisterClassW
FindWindowW
IsWindow
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
SendMessageTimeoutW
LoadCursorW
GetWindowLongW

shell32

ord165
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

shlwapi

PathCombineW
PathAppendW
PathFindFileNameW
PathRemoveFileSpecW
PathRenameExtensionW
PathFileExistsW
StrStrIW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

ole32

CoInitializeEx

Exports

Exports

GetConfigCenter
GetConfigCenterEx

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PopMgr.tpi
.dll windows:5 windows x86 arch:x86

5b767a2644dc26553f6fd79a282567f1

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:29:65:75:16:67:77:2c:46:5a:4d:61:e5:a2:58:2b:09:fb:51:b9:3a:d6:42:df:b1:19:56:30:ff:4a:7e:75
Signer

Actual PE Digest

bd:29:65:75:16:67:77:2c:46:5a:4d:61:e5:a2:58:2b:09:fb:51:b9:3a:d6:42:df:b1:19:56:30:ff:4a:7e:75

Digest Algorithm

sha256

PE Digest Matches

true

0c:fe:0f:4b:f4:fa:35:4d:63:e8:b8:00:ca:a7:f7:17:15:c8:ca:90
Signer

Actual PE Digest

0c:fe:0f:4b:f4:fa:35:4d:63:e8:b8:00:ca:a7:f7:17:15:c8:ca:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\lib_common\PopMgr\Release\PopMgr.pdb

Imports

kernel32

GetCurrentProcess
WaitForSingleObject
LoadLibraryW
MultiByteToWideChar
GetProcessTimes
ReadProcessMemory
DuplicateHandle
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WideCharToMultiByte
FindResourceExW
FindResourceW
GetTickCount
SizeofResource
LoadResource
LockResource
GetPrivateProfileIntW
GetModuleHandleW
CreateMutexW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetCurrentThreadId
OpenProcess
GetProcAddress
DeleteCriticalSection
WaitForSingleObjectEx
WriteConsoleW
SetFilePointerEx
SetEndOfFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStdHandle
GetACP
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
WriteFile
ReadFile
FlushFileBuffers
GetModuleFileNameW
CreateProcessW
GetStartupInfoW
CreateFileW
GetLocalTime
DeleteFileW
InterlockedExchange
InterlockedCompareExchange
SetEvent
WaitForMultipleObjects
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
LoadLibraryExW
Sleep
InterlockedExchangeAdd
FreeLibrary
InterlockedIncrement
InterlockedDecrement
WritePrivateProfileStringW
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
FreeResource
GetSystemWindowsDirectoryW
GetVersionExW
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
ResetEvent

user32

MonitorFromPoint
GetWindowInfo
GetWindow
GetAncestor
SendMessageTimeoutW
ShowWindow
FindWindowW
GetShellWindow
GetDesktopWindow
SetWindowLongW
GetWindowLongW
WindowFromPoint
GetWindowRect
GetForegroundWindow
KillTimer
SetTimer
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMonitorInfoW
GetWindowThreadProcessId
UnregisterClassW
LoadCursorW

advapi32

RegEnumKeyExW
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ord165
ShellExecuteW
SHCreateDirectoryExW

shlwapi

PathFileExistsW
PathCombineW
SHGetValueW
PathFindFileNameW
StrCmpIW
PathRemoveFileSpecW
StrCmpNIW
PathRenameExtensionW
StrStrIW
SHGetValueA
PathAppendW
SHSetValueA
StrStrIA
StrTrimA

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

ole32

CoCreateGuid
CoInitializeEx

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Exports

Exports

CreateTrayClient

Sections

.text
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PopMgrStub.dll
.dll windows:5 windows x86 arch:x86

584ffc0c9cd72c9816def734e7059807

Code Sign

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bc
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:40:d3:8f:ff:0f:6e:d2:9e:05:c9:9c:d2:ef:6d:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:b6:5a:fc:99:58:fc:47:ca:3c:89:57:39:ba:0d:1a:3c:39:2c:2f:eb:cc:61:5a:2f:31:e3:f2:2c:fe:ea:7c
Signer

Actual PE Digest

d0:b6:5a:fc:99:58:fc:47:ca:3c:89:57:39:ba:0d:1a:3c:39:2c:2f:eb:cc:61:5a:2f:31:e3:f2:2c:fe:ea:7c

Digest Algorithm

sha256

PE Digest Matches

true

c4:2b:94:47:15:f9:17:4f:62:38:6f:9f:0f:75:2f:28:a4:9b:a6:ce
Signer

Actual PE Digest

c4:2b:94:47:15:f9:17:4f:62:38:6f:9f:0f:75:2f:28:a4:9b:a6:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\lib_common\PopMgr\Release\PopMgrStub.pdb

Imports

kernel32

GetModuleFileNameW
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
WaitForSingleObjectEx
HeapReAlloc
HeapAlloc
WriteConsoleW
SetFilePointerEx
SetEndOfFile
HeapDestroy
LockResource
GetFileSizeEx
GetLocalTime
CreateFileW
DeleteFileW
InterlockedExchange
InterlockedCompareExchange
GetCurrentThreadId
GetProcAddress
WriteFile
ReadFile
FlushFileBuffers
LoadLibraryW
GetModuleHandleW
GetStartupInfoW
WaitForMultipleObjects
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetPrivateProfileIntW
WritePrivateProfileStringW
Sleep
InterlockedExchangeAdd
SetLastError
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
FreeResource
GetSystemWindowsDirectoryW
GetVersionExW
RtlUnwind
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetACP
GetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ResetEvent

user32

LoadCursorW
SetWindowLongW
FindWindowW
IsWindow
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowLongW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
SendMessageTimeoutW
UnregisterClassW
GetMessageW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ord165

shlwapi

SHGetValueW
StrStrIW
StrCmpIW
SHSetValueA
SHGetValueA
StrStrIA
PathRemoveFileSpecW
PathFileExistsW
StrTrimA
PathRenameExtensionW
PathFindFileNameW
PathAppendW
StrCmpNIW
PathCombineW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW

ole32

CoInitializeEx
CoCreateGuid

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Exports

Exports

GetPopMgr

Sections

.text
Size: 801KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RunExtention.tpi
.dll windows:5 windows x86 arch:x86

585ca24c7d4eb199b82ae53b3e163f3d

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bc
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:40:d3:8f:ff:0f:6e:d2:9e:05:c9:9c:d2:ef:6d:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:2e:ee:24:06:1f:67:30:6d:1d:bd:d5:a1:3b:76:b6:90:92:ff:1d:27:b8:e4:e7:b8:60:77:de:ce:97:bd:27
Signer

Actual PE Digest

4c:2e:ee:24:06:1f:67:30:6d:1d:bd:d5:a1:3b:76:b6:90:92:ff:1d:27:b8:e4:e7:b8:60:77:de:ce:97:bd:27

Digest Algorithm

sha256

PE Digest Matches

true

1c:e0:d2:99:cb:1d:d7:4c:5e:0e:c0:42:29:e4:b5:2d:3c:34:cb:a7
Signer

Actual PE Digest

1c:e0:d2:99:cb:1d:d7:4c:5e:0e:c0:42:29:e4:b5:2d:3c:34:cb:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\lib_common\run_extention\Release\RunExtention.pdb

Imports

kernel32

FlushFileBuffers
FindClose
GetTickCount
lstrlenW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FindResourceExW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
GetCurrentThreadId
OpenFileMappingW
SetEvent
WaitForSingleObject
ReadFile
CreateEventW
CreateProcessW
GetStartupInfoW
CopyFileW
WriteFile
GetFileSize
SizeofResource
LoadResource
SetLastError
GetProcAddress
LockResource
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetStdHandle
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WaitForMultipleObjects
DecodePointer
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
LoadLibraryExW
GetVersionExW
WideCharToMultiByte
GetStringTypeW
FormatMessageW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
GetCurrentProcessId
ReleaseMutex
CreateMutexW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
InterlockedCompareExchange
Sleep
FreeResource
GetSystemWindowsDirectoryW
RtlUnwind
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
ExitProcess
GetModuleFileNameA
GetACP
GetStdHandle

user32

SetWindowLongW
GetWindowLongW
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassW
wsprintfW
LoadCursorW
DestroyWindow

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ord165

ole32

CoInitialize
CoCreateGuid
CoUninitialize

shlwapi

PathCombineW
PathAppendW
PathRemoveFileSpecW
StrStrIA
SHGetValueW
StrTrimA
StrStrIW
PathFileExistsW
StrCmpNIW
StrCmpIW
SHGetValueA
SHSetValueA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

iphlpapi

GetAdaptersInfo

advapi32

RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA

Exports

Exports

CreateTrayClient
RunExtentionScript

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tabx_pp.tpi
.dll windows:6 windows x86 arch:x86

58884f0dd251a8d0ce0e85e064d08e80

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:07:8e:70:ea:ee:48:ff:eb:95:76:bd:d4:00:be:98
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/05/2024, 00:00

Not After

20/05/2027, 23:59

Subject

SERIALNUMBER=91510100394487762T,CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c21e68890e983bde9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:7b:cc:99:4e:e9:a2:00:4d:fa:80:dd:0f:c1:8b:0a:ff:4b:6a:54:a2:48:07:d7:fe:f1:49:0b:32:e6:f1:b8
Signer

Actual PE Digest

1f:7b:cc:99:4e:e9:a2:00:4d:fa:80:dd:0f:c1:8b:0a:ff:4b:6a:54:a2:48:07:d7:fe:f1:49:0b:32:e6:f1:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\Zipper\Zipper_tpi\bin\Release\tabx_pp.pdb

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
CreateFileA
GetCommandLineW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ReadDirectoryChangesW
CancelIo
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateFileW
MoveFileExW
CreateEventW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
CreateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetFilePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MoveFileW
lstrlenW
lstrcmpW
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetWindowsDirectoryW
GetLocalTime
GetStartupInfoW
CreateProcessW
GetCurrentThreadId
GetCurrentThread
CreateRemoteThread
GetCurrentProcessId
CreateMutexW
OutputDebugStringW
GetTempPathW
WriteConsoleW
SetEnvironmentVariableW
WriteFile
ReadFile
GetCommandLineA
GetOEMCP
IsValidCodePage
ReadConsoleW
SetFileAttributesW
SetEndOfFile
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
OpenProcess
Sleep
lstrcpyW
LoadLibraryW
GetModuleFileNameW
FreeLibrary
GetCurrentProcess
GetLastError
CloseHandle
DeleteFileW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcAddress
GetModuleHandleW
GetVersionExW
GetProcessHeap
HeapSize
HeapFree
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetSystemDirectoryW
lstrcmpiA
FlushFileBuffers
lstrcmpA
GetSystemWindowsDirectoryW
InterlockedCompareExchange
InitializeSListHead
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetTempFileNameW
IsBadReadPtr
ResetEvent
ResumeThread
GetVersion
FreeEnvironmentStringsW
RemoveDirectoryW
GetLogicalDriveStringsW
GetFileSizeEx
GetFileSize
GetFileAttributesW
VirtualFreeEx
ExitProcess
GetACP
FreeResource
MulDiv
ReleaseMutex
LoadLibraryExW
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
DeviceIoControl
SetLastError
AreFileApisANSI
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
FormatMessageW
GetStringTypeW
GetDriveTypeW
HeapReAlloc
HeapAlloc
HeapDestroy
GetEnvironmentStringsW
MultiByteToWideChar

user32

RemovePropW
InvalidateRgn
IsWindowEnabled
GetShellWindow
RegisterClassExW
DefWindowProcW
RegisterWindowMessageW
GetAncestor
MonitorFromWindow
ClientToScreen
GetClientRect
CharLowerBuffW
EnumWindows
IsIconic
IsWindowVisible
ScreenToClient
SetWindowLongW
GetWindowLongW
DestroyWindow
PostQuitMessage
KillTimer
SetTimer
GetDesktopWindow
PtInRect
CopyRect
GetCursorPos
UnhookWinEvent
SetWinEventHook
PostThreadMessageW
EnumDisplayMonitors
GetMonitorInfoW
SystemParametersInfoW
GetWindowTextW
SetForegroundWindow
GetClassNameW
GetForegroundWindow
BringWindowToTop
SetWindowPos
MoveWindow
IsWindow
AttachThreadInput
wsprintfW
GetWindow
GetWindowThreadProcessId
FindWindowExW
FindWindowW
CreateAcceleratorTableW
SendMessageW
GetWindowRect
GetWindowTextLengthW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DestroyIcon
ChangeWindowMessageFilter
CreateWindowExW
GetDC
ReleaseDC
MonitorFromPoint
PostMessageW
SetWindowTextW
UpdateLayeredWindow
IsZoomed
CharNextW
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
GetParent
CharPrevW
DrawTextW
SetRect
LoadImageW
DrawIconEx
GetIconInfo
wvsprintfW
SetCursor
InflateRect
OffsetRect
LoadCursorW
CallWindowProcW
RegisterClassW
GetClassInfoExW
ShowWindow
EnableWindow
SetPropW
GetPropW
SetWindowRgn
MessageBoxW
GetMessagePos
GetDlgCtrlID
DrawFocusRect
FillRect
HideCaret
ShowCaret
GetSysColor
GetWindowDC
IsChild

gdi32

CreateRectRgnIndirect
GetDIBits
SelectObject
GetTextExtentPoint32W
CreateDCW
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
Rectangle
RestoreDC
SaveDC
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CombineRgn
SetDIBitsToDevice
CreateRoundRectRgn
GetCharABCWidthsW
GetClipBox
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
SetDIBColorTable
TextOutW
ExtTextOutW
CreateSolidBrush
GetTextColor

advapi32

LookupPrivilegeValueW
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
ConvertSidToStringSidW
RegGetValueW
IsValidSid
GetTokenInformation
RegQueryValueExW
RegQueryValueExA
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegCreateKeyW

shell32

SHGetFileInfoW
ord727
ShellExecuteW
SHCreateItemFromParsingName
ord155
SHGetPathFromIDListW
SHGetFolderLocation
SHGetKnownFolderPath
SHGetDesktopFolder
SHOpenWithDialog
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
ord68
ord165

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoCreateGuid
CoTaskMemFree
CoCreateInstance

oleaut32

VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysAllocString

shlwapi

StrStrIA
SHAutoComplete
StrCmpNIW
StrTrimA
SHGetValueA
PathCombineW
PathFileExistsW
wnsprintfW
PathRemoveFileSpecW
StrStrIW
PathAppendW
PathIsDirectoryW
StrFormatByteSizeW
StrRetToStrW
PathFindFileNameW
SHGetValueW
StrCmpIW
SHDeleteKeyW
SHDeleteValueW
SHSetValueW
StrStrW
StrCmpW
ord176
SHSetValueA

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

gdiplus

GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAddPathArc
GdipDrawEllipseI
GdipLoadImageFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipCreateBitmapFromStream

msimg32

AlphaBlend
GradientFill

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_DrawEx
ord17
_TrackMouseEvent

Exports

Exports

CreateTrayClient

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6843f238e0a0336718bb2c01a33d615

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

7b:b3:d1:7c:7c:8d:d2:ec:69:3c:53:14:81:3c:c2:be:27:ed:3d:d6:4c:a1:9d:0a:48:b5:37:03:ac:31:6f:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

wtsapi32

dbghelp

wininet

psapi

version

secur32

crypt32

wintrust

iphlpapi

gdiplus

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 291KB - Virtual size: 290KB

.data Size: 35KB - Virtual size: 45KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 68KB - Virtual size: 67KB

abf9bb6937a6b295f8baff836b34d4b7

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bcCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

02:40:d3:8f:ff:0f:6e:d2:9e:05:c9:9c:d2:ef:6d:4fCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

7b:b3:d1:7c:7c:8d:d2:ec:69:3c:53:14:81:3c:c2:be:27:ed:3d:d6:4c:a1:9d:0a:48:b5:37:03:ac:31:6f:82
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 291KB - Virtual size: 290KB

.data
Size: 35KB - Virtual size: 45KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 68KB - Virtual size: 67KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bc
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

02:40:d3:8f:ff:0f:6e:d2:9e:05:c9:9c:d2:ef:6d:4f
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

18:19:89:08:c3:cd:0c:30:64:49:51:c5:0f:d0:90:24:4b:7d:f9:1d:da:4b:cb:a2:6d:78:84:e9:86:df:0a:88
Signer

15:88:c6:10:7d:b0:09:8f:e4:74:c5:78:60:03:9b:e8:1e:37:14:5f
Signer

.text
Size: 350KB - Virtual size: 349KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0a:3a:9f:12:d7:27:bb:f0:11:99:e7:4e:0a:5c:7d:8a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

68:a2:c3:d3:42:a0:5e:b5:82:18:9a:9b:19:2f:d4:8b
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

79:81:51:42:5f:ff:04:7c:dd:d6:82:30:af:c8:f3:c6:f5:e7:05:06:85:cd:b2:99:9e:a5:b9:85:a2:ae:e4:d4
Signer

dc:77:2a:28:b5:30:a4:70:90:6c:31:f3:5e:a4:0f:78:81:11:a7:37
Signer