dialog
initDialog
make_unicode
show
Overview
overview
7Static
static
3eac426eb5b...92.exe
windows7-x64
7eac426eb5b...92.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...yh.dll
windows7-x64
3$PLUGINSDI...yh.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PROGRAMFI...ge.exe
windows7-x64
3$PROGRAMFI...ge.exe
windows10-2004-x64
3$SYSDIR/D4...BC.dll
windows7-x64
1$SYSDIR/D4...BC.dll
windows10-2004-x64
1$SYSDIR/D4...Cs.dll
windows7-x64
1$SYSDIR/D4...Cs.dll
windows10-2004-x64
1$SYSDIR/D4...BC.dll
windows7-x64
1$SYSDIR/D4...BC.dll
windows10-2004-x64
1$SYSDIR/D4...BC.dll
windows7-x64
1$SYSDIR/D4...BC.dll
windows10-2004-x64
1$SYSDIR/D4...BC.dll
windows7-x64
1$SYSDIR/D4...BC.dll
windows10-2004-x64
1$_2_/icbc_...ey.dll
windows7-x64
3$_2_/icbc_...ey.dll
windows10-2004-x64
3$_2_/icbc_...64.dll
windows7-x64
7$_2_/icbc_...64.dll
windows10-2004-x64
7Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
eac426eb5b70afcc4c3a6f1aa1e6cb4cb7ad428e07277c47b066ed8c54ed2f92.exe
Resource
win7-20240729-en
windows7-x64
18 signatures
150 seconds
Behavioral task
behavioral2
Sample
eac426eb5b70afcc4c3a6f1aa1e6cb4cb7ad428e07277c47b066ed8c54ed2f92.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
18 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Plugin_gsyh.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Plugin_gsyh.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral15
Sample
$PLUGINSDIR/splash.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral16
Sample
$PLUGINSDIR/splash.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral17
Sample
$PROGRAMFILES/ICBCEbankTools/ICBCEbankPlugin/icbc_TDR_usbkey_edge.exe
Resource
win7-20240729-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral18
Sample
$PROGRAMFILES/ICBCEbankTools/ICBCEbankPlugin/icbc_TDR_usbkey_edge.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral19
Sample
$SYSDIR/D4CSP_ICBC.dll
Resource
win7-20240729-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral20
Sample
$SYSDIR/D4CSP_ICBC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
$SYSDIR/D4CSP_ICBCs.dll
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral22
Sample
$SYSDIR/D4CSP_ICBCs.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral23
Sample
$SYSDIR/D4DevEx01_ICBC.dll
Resource
win7-20240729-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral24
Sample
$SYSDIR/D4DevEx01_ICBC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral25
Sample
$SYSDIR/D4Pinpad_ICBC.dll
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral26
Sample
$SYSDIR/D4Pinpad_ICBC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral27
Sample
$SYSDIR/D4Token_ICBC.dll
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral28
Sample
$SYSDIR/D4Token_ICBC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral29
Sample
$_2_/icbc_tdrusbkey.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral30
Sample
$_2_/icbc_tdrusbkey.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral31
Sample
$_2_/icbc_tdrusbkey_64.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral32
Sample
$_2_/icbc_tdrusbkey_64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
eac426eb5b70afcc4c3a6f1aa1e6cb4cb7ad428e07277c47b066ed8c54ed2f92
-
Size
1.9MB
-
MD5
a10770f4ff3a853a2353203e6f5bf10e
-
SHA1
6429364199a4e54643f675f61708f40d13b9991a
-
SHA256
eac426eb5b70afcc4c3a6f1aa1e6cb4cb7ad428e07277c47b066ed8c54ed2f92
-
SHA512
1c22301c10dd23e39572396af0f21fa9ab92c534202e1ef5c9beb4e851a56621b6a95f8e8608f76dcb3431e9191e876aa24c2f4267a83831967e91cef688a565
-
SSDEEP
49152:+GrRvjcsNyJZOxOr9wzXtFKRm9ws8Irh2ByeKGACnTAfy3U8I2pha:+GrFjWJZ7rCzX3KRTsjtkRAGSkU522
Score
3/10
Malware Config
Signatures
-
Unsigned PE 12 IoCs
Checks for missing Authenticode signature.
resource eac426eb5b70afcc4c3a6f1aa1e6cb4cb7ad428e07277c47b066ed8c54ed2f92 unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/$PLUGINSDIR/LangDLL.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/UserInfo.dll unpack001/$PLUGINSDIR/nsExec.dll unpack001/$PLUGINSDIR/splash.dll unpack001/$SYSDIR/D4CSP_ICBCs.dll unpack002/$PLUGINSDIR/InstallOptions.dll unpack002/$PLUGINSDIR/System.dll unpack002/$PLUGINSDIR/UserInfo.dll unpack002/$PLUGINSDIR/nsExec.dll
Files
-
eac426eb5b70afcc4c3a6f1aa1e6cb4cb7ad428e07277c47b066ed8c54ed2f92.exe windows:4 windows x86 arch:x86
61259b55b8912888e90f516ca08dc514
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 84KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
4b45b7e00344a87332fbd12653854d1a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer
user32
LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData
gdi32
SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW
shell32
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
comdlg32
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/LangDLL.dll.dll windows:4 windows x86 arch:x86
3e8d18bb71c7ebbda2ddc2a4bb03547b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
GlobalFree
lstrcpynW
lstrcmpW
GlobalAlloc
MulDiv
GetModuleHandleW
lstrcpyW
user32
DialogBoxParamW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
SetWindowTextW
LoadIconW
ShowWindow
SendMessageW
GetDC
gdi32
GetDeviceCaps
CreateFontIndirectW
DeleteObject
Exports
Exports
LangDialog
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 681B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Plugin_gsyh.dll.dll windows:5 windows x86 arch:x86
4fd02bc930d223c004d199096342c1f7
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
02:6e:95:dd:b0:89:f2:fd:1b:15:4b:d7:b8:1b:71:57Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before22/08/2022, 00:00Not After22/08/2023, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0d:79:60:24:75:4e:67:b9:53:8e:bd:8d:84:2f:ea:2a:fd:b4:53:9bSigner
Actual PE Digest0d:79:60:24:75:4e:67:b9:53:8e:bd:8d:84:2f:ea:2a:fd:b4:53:9bDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\Program Files (x86)\NSIS\Unicode\Plugins\Plugin_gsyh.pdb
Imports
kernel32
lstrcmpW
lstrcpyW
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
OutputDebugStringW
CreateFileW
CreateDirectoryW
GetLastError
GetModuleHandleW
LoadLibraryA
DeleteFileW
ReadFile
GetFileSize
SetFilePointer
CopyFileW
GetPrivateProfileStringW
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrcatW
GetPrivateProfileStringA
SetCurrentDirectoryA
GetWindowsDirectoryA
WriteFile
CreateFileA
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
WideCharToMultiByte
HeapFree
HeapReAlloc
HeapSize
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
lstrlenA
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
OpenProcess
TerminateProcess
CloseHandle
Process32NextW
SetLastError
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
user32
EndDialog
GetActiveWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowRect
SetDlgItemTextW
GetDlgItem
CharLowerA
CharLowerW
wsprintfA
MessageBoxW
CharUpperW
wsprintfW
SendMessageW
UnregisterClassA
DialogBoxParamW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
shlwapi
PathFindFileNameW
PathFileExistsW
StrStrA
PathIsRelativeW
advapi32
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
LookupPrivilegeValueW
OpenProcessToken
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey
psapi
EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses
ole32
CoInitialize
CoCreateInstance
CoUninitialize
shell32
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
setupapi
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
Exports
Exports
CheckATLVersion
CheckInstalledVSC
DeleteRegKey
DeleteRegValue
FFox_AddP11Name
FFox_AddRootCert
FFox_CopyJSToPref
FFox_CopyPref_ToJS
FFox_DelJSFilePref
FFox_PrefPath
FFox_RegPlugin
FFox_UnRegPlugin
FindProc
FindProc_firefox
GetDllOwnerProcName
GetSysVersion
IsSupport64
MicroAddTrustSite
ModifyFileData
RWCreate
ReadRegBin
ReadRegDWORD
ReadRegStr
WriteRegBin
WriteRegDWORD
WriteRegStr
Sections
.text Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 740B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 662B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UserInfo.dll.dll windows:4 windows x86 arch:x86
5e62e8e248e7364886b604bd1fcf4c13
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
advapi32
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW
kernel32
GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW
Exports
Exports
GetAccountType
GetName
GetOriginalAccountType
Sections
.text Size: 1024B - Virtual size: 714B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 705B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/nsExec.dll.dll windows:4 windows x86 arch:x86
c1c7505e1e6e929ebb6b9100e55b050a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
advapi32
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode
user32
wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW
kernel32
CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/splash.dll.dll windows:4 windows x86 arch:x86
b2f74f0e1fc649806cefa8459b832b47
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
lstrcpynW
lstrcpyW
lstrcatW
user32
RegisterClassW
LoadImageW
CreateWindowExW
SetTimer
EndPaint
GetClientRect
BeginPaint
IsWindow
ShowWindow
SetWindowPos
SetWindowLongW
SystemParametersInfoW
GetMessageW
DispatchMessageW
UnregisterClassW
wsprintfW
LoadCursorW
DefWindowProcW
DestroyWindow
gdi32
GetObjectW
CreateCompatibleDC
DeleteDC
BitBlt
SelectObject
DeleteObject
winmm
PlaySoundW
Exports
Exports
show
Sections
.text Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 962B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 290B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PROGRAMFILES/ICBCEbankTools/ICBCEbankPlugin/icbc_TDR_usbkey_edge.exe.exe windows:5 windows x86 arch:x86
e4b46e6d64d81bcbb20344b93f1807a5
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:df:08:f7:9d:ab:41:9a:13:3e:d9:d7:f8:49:01:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before23/08/2023, 00:00Not After22/08/2024, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1a:4b:a2:db:81:27:1c:3d:46:23:98:22:69:26:24:4d:42:d3:32:94Signer
Actual PE Digest1a:4b:a2:db:81:27:1c:3d:46:23:98:22:69:26:24:4d:42:d3:32:94Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileW
SetEndOfFile
GetLastError
lstrcmpW
SetLastError
GetTempPathA
FileTimeToLocalFileTime
CloseHandle
WinExec
OpenEventA
WriteConsoleA
lstrlenW
ReadFile
FileTimeToSystemTime
WriteFile
SetEvent
GetFileSize
CreateFileA
LocalAlloc
LoadLibraryA
FreeLibrary
GetSystemWindowsDirectoryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
GetCurrentProcess
GetModuleHandleA
GetProcAddress
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
LocalFree
WideCharToMultiByte
lstrcmpA
lstrlenA
GetLocalTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InterlockedCompareExchange
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
DeleteFileA
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
SetEnvironmentVariableA
user32
GetForegroundWindow
FindWindowA
comdlg32
GetOpenFileNameW
advapi32
RegQueryValueExA
RegSetValueExW
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExW
ole32
CoCreateGuid
shlwapi
wvnsprintfA
StrStrA
crypt32
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertCompareCertificateName
CertSetCertificateContextProperty
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertGetNameStringA
CertEnumCertificatesInStore
Sections
.text Size: 339KB - Virtual size: 338KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PROGRAMFILES/ICBCEbankTools/ICBCEbankPlugin/icbc_TDR_usbkey_edge.json
-
$SYSDIR/D4CSP_ICBC.dll.dll windows:5 windows x64 arch:x64
a86291623874ca79966f7eaf30a9e3c5
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:df:08:f7:9d:ab:41:9a:13:3e:d9:d7:f8:49:01:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before23/08/2023, 00:00Not After22/08/2024, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
15:31:f2:bb:22:02:e1:5b:b0:ea:f5:d4:0c:36:d1:d5:82:2a:91:a2Signer
Actual PE Digest15:31:f2:bb:22:02:e1:5b:b0:ea:f5:d4:0c:36:d1:d5:82:2a:91:a2Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
InitializeCriticalSection
DisableThreadLibraryCalls
lstrcmpA
CloseHandle
CreateFileW
GetCurrentProcess
Process32NextW
WideCharToMultiByte
lstrlenW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrcpyA
SetEvent
OpenEventW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
MultiByteToWideChar
lstrcmpW
GetLastError
IsBadWritePtr
SetLastError
LocalFree
GetVersionExW
lstrlenA
LocalAlloc
FreeLibrary
GetSystemWindowsDirectoryW
LoadLibraryW
GetProcAddress
lstrcpynA
lstrcpyW
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
RaiseException
RtlPcToFileHeader
Sleep
HeapSize
GetModuleHandleW
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
shlwapi
wvnsprintfW
StrChrA
wvnsprintfA
StrCSpnA
StrRChrA
StrStrA
imagehlp
ImageGetCertificateHeader
ImageEnumerateCertificates
ImageGetCertificateData
crypt32
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertCompareCertificateName
CertSetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertGetNameStringW
CertFreeCertificateContext
CryptVerifyMessageSignature
Exports
Exports
CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
Sections
.text Size: 209KB - Virtual size: 208KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/D4CSP_ICBCs.dll.dll windows:5 windows x64 arch:x64
e2af0e56da4eab5f77d44678a7e8fbe8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
SetLastError
shlwapi
PathFindFileNameA
Exports
Exports
CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 232B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 300B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/D4DevEx01_ICBC.dll.dll windows:5 windows x64 arch:x64
0abae1a527b876e610eef0ea1fa0d6d2
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:df:08:f7:9d:ab:41:9a:13:3e:d9:d7:f8:49:01:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before23/08/2023, 00:00Not After22/08/2024, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
9e:33:96:cc:2f:25:55:4c:36:13:51:67:ff:37:5b:71:e7:4f:8b:9fSigner
Actual PE Digest9e:33:96:cc:2f:25:55:4c:36:13:51:67:ff:37:5b:71:e7:4f:8b:9fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetLastError
CallNamedPipeA
WaitNamedPipeA
ReadFile
WriteFile
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemWindowsDirectoryW
CreateFileW
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
Process32NextW
lstrlenW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetLocalTime
lstrcpyA
CompareFileTime
FindFirstFileA
Sleep
CreateDirectoryA
lstrcpyW
CancelIo
GetOverlappedResult
WaitForSingleObject
CreateEventW
lstrcpynA
GetLogicalDrives
CreateFileA
CloseHandle
DeviceIoControl
GlobalAlloc
lstrlenA
GetProcessHeap
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
GlobalFree
SetFileAttributesA
GetVersionExW
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
HeapSize
RaiseException
RtlPcToFileHeader
SetHandleCount
GetFileType
GetStartupInfoA
user32
wsprintfA
advapi32
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetUserNameA
RegOpenKeyExW
RegCloseKey
shell32
ord680
SHGetSpecialFolderPathA
shlwapi
wnsprintfA
StrStrA
StrStrW
StrChrA
wvnsprintfA
StrRChrA
StrCSpnA
StrStrIA
imagehlp
ImageGetCertificateHeader
ImageEnumerateCertificates
ImageGetCertificateData
crypt32
CertFreeCertificateContext
CryptVerifyMessageSignature
setupapi
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetClassDevsW
winscard
SCardReleaseContext
SCardFreeMemory
SCardReconnect
SCardStatusW
SCardDisconnect
SCardConnectA
SCardEstablishContext
SCardListReadersA
SCardTransmit
g_rgSCardT1Pci
Exports
Exports
OnKey_GetFunctionList
Sections
.text Size: 137KB - Virtual size: 137KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/D4Pinpad_ICBC.dll.dll windows:5 windows x64 arch:x64
74846345e4e914d1c07e44df21ef98aa
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:df:08:f7:9d:ab:41:9a:13:3e:d9:d7:f8:49:01:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before23/08/2023, 00:00Not After22/08/2024, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6f:69:b5:88:7c:9b:12:24:36:b4:bb:51:e9:4f:99:96:78:10:ea:57Signer
Actual PE Digest6f:69:b5:88:7c:9b:12:24:36:b4:bb:51:e9:4f:99:96:78:10:ea:57Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
FileTimeToLocalFileTime
lstrcmpW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStartupInfoA
GetFileType
FileTimeToSystemTime
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
VirtualProtect
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
DeleteCriticalSection
lstrcatA
lstrcpyA
ProcessIdToSessionId
QueryActCtxW
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
ActivateActCtx
OutputDebugStringA
DeactivateActCtx
GetLastError
lstrcpyW
MulDiv
lstrcmpA
GetSystemDefaultLangID
GetFileSize
ReadFile
CreateThread
Sleep
GetModuleFileNameW
GetCurrentProcessId
GetTickCount
lstrlenA
CreateToolhelp32Snapshot
GetProcAddress
Process32FirstW
lstrcmpiW
lstrlenW
WideCharToMultiByte
Process32NextW
LoadLibraryW
FreeLibrary
CreateFileW
CloseHandle
GetSystemWindowsDirectoryW
GetVersionExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleW
SetHandleCount
user32
GetSysColor
GetIconInfo
SetTimer
KillTimer
RegisterWindowMessageW
CreateDialogParamW
DrawIconEx
EndDialog
DialogBoxParamW
DrawEdge
FillRect
SetWindowLongW
MessageBoxW
SetForegroundWindow
ClientToScreen
SetCursorPos
mouse_event
EnableWindow
GetSystemMetrics
SetWindowsHookExW
SetWindowTextW
InvalidateRect
GetCursorPos
SystemParametersInfoW
ScreenToClient
SetCapture
GetWindowRect
GetDesktopWindow
DrawTextW
DrawFrameControl
GetWindowTextW
GetWindowTextLengthW
GetClientRect
SetRectEmpty
GetDC
ReleaseDC
MoveWindow
RedrawWindow
SetWindowRgn
ShowWindow
SetActiveWindow
LoadImageW
PostThreadMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
GetDlgItem
UpdateWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
LoadIconW
SetWindowPos
CharLowerW
IsWindow
FindWindowW
GetWindow
GetActiveWindow
GetAncestor
GetForegroundWindow
GetWindowThreadProcessId
UnhookWindowsHookEx
SetDlgItemTextW
GetParent
VkKeyScanW
SendMessageW
SetFocus
GetKeyState
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreateWindowExW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyWindow
DefWindowProcW
PostMessageW
CallNextHookEx
InflateRect
EqualRect
PtInRect
OffsetRect
GetWindowDC
EndPaint
BeginPaint
GetCapture
ReleaseCapture
UnregisterClassA
gdi32
CreateRectRgn
CombineRgn
EqualRgn
SetBkMode
SetTextColor
GetStockObject
CreateFontIndirectW
GetObjectW
DeleteObject
SetBkColor
ExtTextOutW
CreatePolygonRgn
FrameRgn
OffsetRgn
ExcludeClipRect
DeleteDC
CreateSolidBrush
GetTextExtentPoint32W
GetDeviceCaps
StretchBlt
CreateCompatibleDC
CreateDIBSection
SetDIBColorTable
GetDIBColorTable
SetStretchBltMode
CreateCompatibleBitmap
CreateRoundRectRgn
SelectObject
advapi32
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
shlwapi
StrToIntA
StrStrIW
wvnsprintfA
wvnsprintfW
StrStrW
comctl32
ImageList_SetBkColor
ImageList_Draw
ImageList_Create
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Destroy
msimg32
AlphaBlend
TransparentBlt
imagehlp
ImageGetCertificateHeader
ImageGetCertificateData
ImageEnumerateCertificates
crypt32
CertGetCertificateChain
CertFreeCertificateChain
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertCompareCertificateName
CertSetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertGetNameStringW
CryptVerifyMessageSignature
CertFreeCertificateContext
gdiplus
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusShutdown
Exports
Exports
Pinpad_CreateKey
Pinpad_CreateKeyEx
Pinpad_GetKeyInfo
Pinpad_Indicator
Pinpad_MLChangeDlgRes
Pinpad_MLGetText
Pinpad_Param
Pinpad_ShowDialog
Pinpad_VerifyData
ToolsShowInit
Sections
.text Size: 358KB - Virtual size: 357KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/D4Token_ICBC.dll.dll windows:5 windows x64 arch:x64
ae0f1f0570bf82de8a94e08fc1811db5
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:df:08:f7:9d:ab:41:9a:13:3e:d9:d7:f8:49:01:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before23/08/2023, 00:00Not After22/08/2024, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
19:04:50:e2:fc:de:06:d6:b9:2f:0e:de:b9:8f:10:88:af:6a:c8:a3Signer
Actual PE Digest19:04:50:e2:fc:de:06:d6:b9:2f:0e:de:b9:8f:10:88:af:6a:c8:a3Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentProcessId
OpenFileMappingW
UnmapViewOfFile
WaitForSingleObject
ProcessIdToSessionId
lstrcpyA
SetConsoleMode
ReadConsoleInputA
CreateFileMappingW
MapViewOfFile
OpenMutexW
CreateMutexW
LocalFree
lstrlenA
LocalAlloc
lstrcpynA
MultiByteToWideChar
OpenEventW
SetEvent
CreateFileW
CloseHandle
GetSystemWindowsDirectoryW
WideCharToMultiByte
WinExec
lstrcpyW
lstrlenW
LoadLibraryW
GetProcAddress
lstrcmpW
FreeLibrary
DisableThreadLibraryCalls
ReleaseMutex
GetCurrentThreadId
GetLastError
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
LoadLibraryA
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
HeapReAlloc
FlsSetValue
GetCommandLineA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
SetConsoleCtrlHandler
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
HeapSize
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointer
GetFullPathNameA
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetProcessHeap
GetVersionExW
user32
CharLowerW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
GetDesktopWindow
FindWindowW
advapi32
SetSecurityDescriptorSacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetSecurityDescriptorSacl
shlwapi
StrCSpnA
StrStrA
wvnsprintfA
StrChrA
StrRChrA
crypt32
CryptVerifyMessageSignature
CertCreateCertificateContext
CertFreeCertificateContext
imagehlp
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
wtsapi32
WTSEnumerateSessionsW
WTSFreeMemory
Exports
Exports
ALG_DesDecrypt
ALG_DesEncrypt
ALG_Digest
Gzip_do_compress
Gzip_do_uncompress
Gzip_free
OnKeyT_ChangePin
OnKeyT_ClearObjectsLoadType
OnKeyT_ClearToken
OnKeyT_CreateObject
OnKeyT_DeleteObject
OnKeyT_DevAlgCalc
OnKeyT_ECCSign
OnKeyT_Ex_DisplayInfo
OnKeyT_Ex_InputPasswd
OnKeyT_Ex_SelectSlot
OnKeyT_ExportPairKey
OnKeyT_GeneratePairKey
OnKeyT_GeneratePairKeyEx
OnKeyT_GetDeviceInfo
OnKeyT_GetObjectList
OnKeyT_GetRandBytes
OnKeyT_GetSlotList
OnKeyT_ImportPairKey
OnKeyT_InitToken
OnKeyT_Login
OnKeyT_Logout
OnKeyT_ManTokenParam
OnKeyT_Name2SlotID
OnKeyT_ReadObject
OnKeyT_ReadObjectEx
OnKeyT_ReloadPin
OnKeyT_RsaDecrypt
OnKeyT_RsaEncrypt
OnKeyT_RsaSign
OnKeyT_RsaSign_icbc
OnKeyT_RsaVerify
OnKeyT_UpdateObject
Ossl_Base64_Decode
Ossl_Base64_Encode
Ossl_Base64_P7_FileData
Ossl_BytesToKey
Ossl_Cipher_SetPadding
Ossl_DecryptFinal
Ossl_DecryptInit
Ossl_DecryptUpdate
Ossl_DigestDecode
Ossl_DigestEncode
Ossl_DigestFinal
Ossl_DigestInit
Ossl_DigestUpdate
Ossl_DigestUpdateEx
Ossl_EncodeFinal
Ossl_EncodeInit
Ossl_EncodeUpdate
Ossl_EncryptFinal
Ossl_EncryptInit
Ossl_EncryptUpdate
Ossl_GetBytes
Ossl_GetCertFromP7
Ossl_GetCertPublicKeyN
Ossl_GetHashNID
Ossl_PKCS7_Sign
Ossl_PKCS7_Verify
Ossl_PKCS7_free
Ossl_PackageP10
Ossl_ParseCertDN
Ossl_RC2_SetKey
Ossl_RsaPrivate_crypt
Ossl_RsaPrivate_d2me
Ossl_RsaPublic_crypt
Ossl_RsaPublic_d2i
Ossl_RsaPublic_i2d
Ossl_Z_SM3
SSL_RsaPublic_crypt
Sections
.text Size: 614KB - Virtual size: 613KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 188KB - Virtual size: 188KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 76KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/ICBC_tdr.reg
-
$TEMP/ICBC_TDR_LOGO.bmp
-
$_2_/icbc_tdrusbkey.dll.dll regsvr32 windows:5 windows x86 arch:x86
5ec10ce1d51a8dbb13957c3dc729c000
Code Sign
03:96:d5:40:ab:c6:c3:5c:8f:cf:25:2b:09:9d:6c:d1Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before25/05/2021, 00:00Not After18/08/2022, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11/05/2022, 00:00Not After10/08/2033, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ac:59:a1:d7:65:af:ab:30:0b:ed:42:1b:bf:e5:44:18:4d:b0:7b:c7Signer
Actual PE Digestac:59:a1:d7:65:af:ab:30:0b:ed:42:1b:bf:e5:44:18:4d:b0:7b:c7Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetSystemWindowsDirectoryW
GetCurrentProcess
Process32NextW
CloseHandle
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiA
LockResource
FindResourceExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FlushFileBuffers
LoadLibraryW
SetLastError
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcAddress
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
lstrcmpiW
SetThreadLocale
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
GetThreadLocale
lstrcmpW
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree
VirtualAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
user32
LoadStringW
CharNextW
advapi32
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
ole32
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
ProgIDFromCLSID
CoTaskMemAlloc
oleaut32
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysAllocStringLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
shlwapi
wvnsprintfW
crypt32
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertOpenStore
CertSetCertificateContextProperty
CertCompareCertificateName
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertCreateCertificateContext
CertGetNameStringW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_2_/icbc_tdrusbkey_64.dll.dll regsvr32 windows:5 windows x64 arch:x64
cba047f309a06c8419d568046b32e81b
Code Sign
03:96:d5:40:ab:c6:c3:5c:8f:cf:25:2b:09:9d:6c:d1Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before25/05/2021, 00:00Not After18/08/2022, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11/05/2022, 00:00Not After10/08/2033, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
af:a5:29:20:fd:83:43:57:73:fc:f8:49:4c:16:9b:29:7e:7a:9f:97Signer
Actual PE Digestaf:a5:29:20:fd:83:43:57:73:fc:f8:49:4c:16:9b:29:7e:7a:9f:97Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentProcess
Process32NextW
CloseHandle
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiA
LockResource
FindResourceExW
FlushFileBuffers
lstrcmpW
GetSystemWindowsDirectoryW
LoadLibraryW
SetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcAddress
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetModuleFileNameW
SetThreadLocale
GetModuleHandleW
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
user32
LoadStringW
CharNextW
advapi32
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteKeyW
ole32
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
ProgIDFromCLSID
CoTaskMemAlloc
oleaut32
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysAllocStringLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
shlwapi
wvnsprintfW
crypt32
CertCreateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertSetCertificateContextProperty
CertCompareCertificateName
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertGetNameStringW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 131KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_2_/icbcgm_tdrusbkey.dll.dll regsvr32 windows:5 windows x86 arch:x86
3e98193e48933cca9df01a6adf36a6a1
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:df:08:f7:9d:ab:41:9a:13:3e:d9:d7:f8:49:01:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before23/08/2023, 00:00Not After22/08/2024, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:20:95:8f:35:23:44:19:43:05:44:47:fe:b8:5a:3c:d7:5b:a7:efSigner
Actual PE Digest6a:20:95:8f:35:23:44:19:43:05:44:47:fe:b8:5a:3c:d7:5b:a7:efDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LeaveCriticalSection
lstrlenA
lstrcmpW
WinExec
SetEvent
OpenEventW
GetTempPathA
CreateFileA
ReadFile
GetFileSize
WriteFile
lstrcmpA
LocalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
LockResource
FindResourceExW
SetThreadLocale
GetThreadLocale
SetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetEndOfFile
GetModuleHandleW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetSystemWindowsDirectoryW
EnterCriticalSection
Process32FirstW
lstrcmpiW
lstrlenW
WideCharToMultiByte
CloseHandle
Process32NextW
LoadLibraryW
GetProcAddress
GetLocaleInfoW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
GetModuleHandleA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
DeleteCriticalSection
RaiseException
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
MultiByteToWideChar
LocalFree
CreateToolhelp32Snapshot
CreateFileW
FreeLibrary
SetStdHandle
GetCurrentProcess
Sleep
InterlockedExchange
InterlockedCompareExchange
GetLocaleInfoA
RtlUnwind
DeleteFileA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
user32
GetForegroundWindow
FindWindowW
LoadStringW
CharNextW
advapi32
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ole32
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid
StringFromGUID2
CoCreateInstance
ProgIDFromCLSID
CoTaskMemAlloc
oleaut32
SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen
VarBstrCat
VarUI4FromStr
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
shlwapi
StrStrA
wvnsprintfW
imagehlp
ImageGetCertificateData
ImageGetCertificateHeader
ImageEnumerateCertificates
crypt32
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertCompareCertificateName
CertSetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertGetNameStringW
CryptVerifyMessageSignature
CertFreeCertificateContext
CertOpenSystemStoreW
comdlg32
GetOpenFileNameW
GetOpenFileNameA
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 376KB - Virtual size: 375KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_2_/icbcgm_tdrusbkey_64.dll.dll regsvr32 windows:5 windows x64 arch:x64
a5f22a0e7b25a74634e102934035d1eb
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:df:08:f7:9d:ab:41:9a:13:3e:d9:d7:f8:49:01:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before23/08/2023, 00:00Not After22/08/2024, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
9a:31:e0:9b:50:73:ca:e6:fa:16:2c:0d:56:01:d3:02:10:6e:cd:7cSigner
Actual PE Digest9a:31:e0:9b:50:73:ca:e6:fa:16:2c:0d:56:01:d3:02:10:6e:cd:7cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenA
lstrcmpW
WinExec
SetEvent
OpenEventW
GetTempPathA
CreateFileA
ReadFile
GetFileSize
WriteFile
lstrcmpA
LocalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
LockResource
FindResourceExW
SetThreadLocale
GetThreadLocale
SetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetEndOfFile
SetStdHandle
GetProcAddress
GetConsoleOutputCP
WriteConsoleA
GetCurrentProcess
lstrcmpiW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
SetEnvironmentVariableA
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
LocalFree
CreateFileW
GetSystemWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
WideCharToMultiByte
CloseHandle
Process32NextW
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
WriteConsoleW
GetModuleHandleW
Sleep
GetLocaleInfoA
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
DeleteFileA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetDateFormatA
GetTimeFormatA
CompareStringA
CompareStringW
GetStringTypeW
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
user32
GetForegroundWindow
FindWindowW
CharNextW
LoadStringW
advapi32
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ole32
CoTaskMemFree
ProgIDFromCLSID
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
oleaut32
SysAllocStringLen
SysFreeString
VarUI4FromStr
SysStringLen
VarBstrCat
SetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
CreateErrorInfo
SysAllocString
shlwapi
StrStrA
wvnsprintfW
imagehlp
ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData
crypt32
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertCompareCertificateName
CertSetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertGetNameStringW
CryptVerifyMessageSignature
CertFreeCertificateContext
CertOpenSystemStoreW
comdlg32
GetOpenFileNameW
GetOpenFileNameA
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 475KB - Virtual size: 474KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
unInstall.exe.exe windows:4 windows x86 arch:x86
61259b55b8912888e90f516ca08dc514
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:df:08:f7:9d:ab:41:9a:13:3e:d9:d7:f8:49:01:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before23/08/2023, 00:00Not After22/08/2024, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:95:df:09:24:6a:b0:35:01:ae:94:0b:66:04:2e:df:6a:a1:75:5dSigner
Actual PE Digest04:95:df:09:24:6a:b0:35:01:ae:94:0b:66:04:2e:df:6a:a1:75:5dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 84KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
4b45b7e00344a87332fbd12653854d1a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer
user32
LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData
gdi32
SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW
shell32
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
comdlg32
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
dialog
initDialog
make_unicode
show
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Plugin_gsyh.dll.dll windows:5 windows x86 arch:x86
4fd02bc930d223c004d199096342c1f7
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03/05/2023, 00:00Not After02/08/2034, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
02:6e:95:dd:b0:89:f2:fd:1b:15:4b:d7:b8:1b:71:57Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before22/08/2022, 00:00Not After22/08/2023, 23:59SubjectCN=Tendyron Corporation,O=Tendyron Corporation,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0d:79:60:24:75:4e:67:b9:53:8e:bd:8d:84:2f:ea:2a:fd:b4:53:9bSigner
Actual PE Digest0d:79:60:24:75:4e:67:b9:53:8e:bd:8d:84:2f:ea:2a:fd:b4:53:9bDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\Program Files (x86)\NSIS\Unicode\Plugins\Plugin_gsyh.pdb
Imports
kernel32
lstrcmpW
lstrcpyW
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
OutputDebugStringW
CreateFileW
CreateDirectoryW
GetLastError
GetModuleHandleW
LoadLibraryA
DeleteFileW
ReadFile
GetFileSize
SetFilePointer
CopyFileW
GetPrivateProfileStringW
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrcatW
GetPrivateProfileStringA
SetCurrentDirectoryA
GetWindowsDirectoryA
WriteFile
CreateFileA
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
WideCharToMultiByte
HeapFree
HeapReAlloc
HeapSize
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
lstrlenA
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
OpenProcess
TerminateProcess
CloseHandle
Process32NextW
SetLastError
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
user32
EndDialog
GetActiveWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowRect
SetDlgItemTextW
GetDlgItem
CharLowerA
CharLowerW
wsprintfA
MessageBoxW
CharUpperW
wsprintfW
SendMessageW
UnregisterClassA
DialogBoxParamW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
shlwapi
PathFindFileNameW
PathFileExistsW
StrStrA
PathIsRelativeW
advapi32
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
LookupPrivilegeValueW
OpenProcessToken
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey
psapi
EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses
ole32
CoInitialize
CoCreateInstance
CoUninitialize
shell32
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
setupapi
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
Exports
Exports
CheckATLVersion
CheckInstalledVSC
DeleteRegKey
DeleteRegValue
FFox_AddP11Name
FFox_AddRootCert
FFox_CopyJSToPref
FFox_CopyPref_ToJS
FFox_DelJSFilePref
FFox_PrefPath
FFox_RegPlugin
FFox_UnRegPlugin
FindProc
FindProc_firefox
GetDllOwnerProcName
GetSysVersion
IsSupport64
MicroAddTrustSite
ModifyFileData
RWCreate
ReadRegBin
ReadRegDWORD
ReadRegStr
WriteRegBin
WriteRegDWORD
WriteRegStr
Sections
.text Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 740B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 662B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UserInfo.dll.dll windows:4 windows x86 arch:x86
5e62e8e248e7364886b604bd1fcf4c13
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
advapi32
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW
kernel32
GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW
Exports
Exports
GetAccountType
GetName
GetOriginalAccountType
Sections
.text Size: 1024B - Virtual size: 714B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 705B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/nsExec.dll.dll windows:4 windows x86 arch:x86
c1c7505e1e6e929ebb6b9100e55b050a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
advapi32
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode
user32
wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW
kernel32
CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ