aab546b2b0c4f4030c475a0cacc716fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aab546b2b0c4f4030c475a0cacc716fe_JaffaCakes118
Size

9.7MB
MD5

aab546b2b0c4f4030c475a0cacc716fe
SHA1

cbbc28dfb4a5d092f1c59ff9045d1cd5bc38180c
SHA256

89bc2e387fb007677f9f6e0935d54c874a748308969fd88ac8f6c40f45d4b33e
SHA512

eb523a11566cca579b14adb4f4ca5dc58057b008d158afd27d96ee36500fa3e48fb411d52593e8c66b93ee849f9e1c4b01cb287fe330224a5517776a5d6a2723
SSDEEP

196608:Fv/AxoIKpT673RJ37SDfEyjol+lsOPxL39uan9uMH:5/aSpT6llsjol+ltxJuK

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Zhuangji/Mydrivers.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Zhuangji/Mydrivers.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Zhuangji/BENCH.DLL
unpack001/Zhuangji/Irrlicht.dll

Files

aab546b2b0c4f4030c475a0cacc716fe_JaffaCakes118
.rar
Zhuangji/BENCH.DLL
.dll windows:4 windows x86 arch:x86

d9b614ded403577bde60a663d4547144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
QueryPerformanceFrequency
CloseHandle
ReadFile
SetFilePointer
DeviceIoControl
CreateFileA
Sleep
VirtualFree
VirtualAlloc
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
QueryPerformanceCounter
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers

Exports

Exports

BenchCPU
BenchDisk_RandomSeek
BenchDisk_ReadBurst
BenchFPU
BenchMMX
BenchMemory

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/DPInst32.exe
.exe windows:6 windows x86 arch:x86

0bbb04de18f86a2d1ac8d1d580c5be48

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b5:3c:25:6a:47:ff:f8:34:a3:0f:d0:7e:68:b8:45:4a:55:63:bd:08
Signer

Actual PE Digest

b5:3c:25:6a:47:ff:f8:34:a3:0f:d0:7e:68:b8:45:4a:55:63:bd:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DpInst.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
IsTextUnicode
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
DeleteService
StartServiceW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatus
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
CheckTokenMembership

kernel32

DeleteFileW
ReleaseMutex
SetFilePointer
HeapFree
GetProcessHeap
HeapAlloc
CreateMutexW
FreeLibrary
FreeConsole
SetConsoleCursorPosition
GetFileAttributesW
ReadConsoleOutputW
UnmapViewOfFile
SetConsoleMode
GetConsoleMode
GetStdHandle
GetProcAddress
LoadLibraryW
WriteConsoleOutputW
WriteConsoleW
IsValidLocale
lstrcmpW
lstrlenW
lstrcmpiW
GetTempFileNameW
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
SetFileAttributesW
FormatMessageW
RaiseException
GetFileSize
CreateFileMappingW
FillConsoleOutputCharacterW
MapViewOfFile
CreateThread
Sleep
InterlockedDecrement
InterlockedIncrement
WriteFile
CreateFileW
GetConsoleScreenBufferInfo
WaitForMultipleObjects
InterlockedCompareExchange
SetEvent
CreateEventW
LocalReAlloc
DeviceIoControl
GetExitCodeProcess
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetFullPathNameW
GetSystemWindowsDirectoryW
MoveFileExW
SearchPathW
GetSystemDefaultUILanguage
LoadLibraryExW
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleCP
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
ReadFile
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetThreadLocale
SetThreadLocale
GetUserDefaultUILanguage
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
SetCurrentDirectoryW
GetStringTypeA
WaitForSingleObject
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleFileNameA
ExitProcess
GetModuleHandleA
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetStartupInfoW
GetEnvironmentVariableW
CompareStringW
WideCharToMultiByte
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
LocalAlloc
GlobalFree
LocalFree
MultiByteToWideChar
GetCurrentProcess
GetLastError
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceLanguagesW
GetSystemDirectoryW

gdi32

SetLayout
DeleteDC
GetObjectW
CreateCompatibleBitmap
CreateBitmap
SelectObject
StartPage
EndPage
StartDocW
EndDoc
GetTextMetricsW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
CreateCompatibleDC

user32

AllowSetForegroundWindow
ShowWindow
CreateWindowExW
DefWindowProcW
PostQuitMessage
GetUserObjectInformationW
GetProcessWindowStation
GetIconInfo
DrawIconEx
CreateIconIndirect
LoadIconW
LoadBitmapW
DrawTextExW
LoadImageW
GetSystemMetrics
GetSysColor
DestroyWindow
GetWindowLongW
SendDlgItemMessageW
InvalidateRect
SetWindowTextW
SystemParametersInfoW
GetDC
ReleaseDC
SetWindowLongW
SetDlgItemTextW
GetParent
PostMessageW
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
DestroyIcon
DialogBoxParamW
GetDlgItem
SendMessageW
MessageBoxW
RegisterClassExW
UnregisterClassA
CharLowerW
CharPrevW
EndDialog

ntdll

NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlUnwind
NtClose
NtOpenThreadToken

shell32

SHGetFolderPathW
ShellExecuteExW
ord59
CommandLineToArgvW

setupapi

SetupDiOpenClassRegKey
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupGetLineCountW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW
pSetupSetGlobalFlags
pSetupGetGlobalFlags
SetupGetFieldCount
SetupGetIntField
SetupOpenAppendInfFileW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupDiCreateDeviceInfoList
SetupDiClassNameFromGuidW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupGetTargetPathW
SetupQueueCopyIndirectW
SetupQueueCopyW
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupCopyOEMInfW
CM_Enumerate_Classes
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CMP_WaitNoPendingInstallEvents
CM_Setup_DevNode
SetupDiDestroyDeviceInfoList
CM_Query_And_Remove_SubTreeW

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
StringFromCLSID

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysFreeString

comctl32

ImageList_ReplaceIcon
CreatePropertySheetPageW
ImageList_Create
ImageList_SetBkColor
PropertySheetW

comdlg32

GetSaveFileNameW
PrintDlgExW

crypt32

CertGetCTLContextProperty
CertFreeCTLContext
CryptQueryObject
CertFreeCertificateContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/DPInst64.exe
.exe windows:6 windows x64 arch:x64

4584aed10fdc1d558a53d7cc2371df14

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

89:33:8d:36:ef:11:03:b8:62:ee:1a:e6:a7:80:0b:58:5e:c0:9f:ca
Signer

Actual PE Digest

89:33:8d:36:ef:11:03:b8:62:ee:1a:e6:a7:80:0b:58:5e:c0:9f:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DpInst.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
IsTextUnicode
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
DeleteService
CloseServiceHandle
ControlService
StartServiceW
RegDeleteValueW
CheckTokenMembership
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW

kernel32

SetFilePointer
HeapAlloc
GetProcessHeap
HeapFree
CreateMutexW
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
ReadConsoleOutputW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ReleaseMutex
FreeLibrary
WriteConsoleOutputW
WriteConsoleW
LoadLibraryW
GetProcAddress
GetStdHandle
IsValidLocale
VirtualProtect
Sleep
GetFileAttributesW
DeleteFileW
FindClose
FindNextFileW
RaiseException
lstrcmpiW
lstrcmpW
FindFirstFileW
CopyFileW
lstrlenW
SetFileAttributesW
FormatMessageW
GetTempFileNameW
MapViewOfFile
FreeConsole
CreateFileMappingW
GetFileSize
WaitForMultipleObjects
CreateEventW
SetEvent
SetEndOfFile
LocalReAlloc
DeviceIoControl
GetSystemDirectoryW
VerifyVersionInfoW
VerSetConditionMask
GetShortPathNameW
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetModuleFileNameW
GetFullPathNameW
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetSystemDefaultUILanguage
SearchPathW
SetLastError
GetLocaleInfoW
LoadLibraryExW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
GetEnvironmentVariableW
CompareStringW
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapReAlloc
HeapDestroy
CreateThread
SetThreadLocale
GetThreadLocale
WriteFile
CreateFileW
LocalFree
FindResourceW
GlobalFree
SetCurrentDirectoryW
LocalAlloc
GetUserDefaultUILanguage
EnumResourceLanguagesW
GetCurrentProcess
GetLastError
MultiByteToWideChar
GetVersionExW
GetCommandLineW
CloseHandle
GetLocalTime
FindResourceExW
GetExitCodeProcess
WaitForSingleObject
LoadResource
LockResource
SizeofResource
GetWindowsDirectoryW
UnmapViewOfFile

gdi32

SelectObject
CreateBitmap
CreateCompatibleBitmap
GetObjectW
DeleteDC
SetLayout
CreateCompatibleDC
EndPage
StartPage
EndDoc
StartDocW
GetTextMetricsW
CreateFontIndirectW
DeleteObject
GetDeviceCaps

user32

MessageBoxW
CreateIconIndirect
DrawIconEx
GetIconInfo
LoadIconW
LoadBitmapW
PostQuitMessage
SendMessageW
CharPrevW
CharLowerW
UnregisterClassA
DefWindowProcW
EndDialog
RegisterClassExW
CreateWindowExW
ShowWindow
AllowSetForegroundWindow
DialogBoxParamW
GetProcessWindowStation
GetUserObjectInformationW
GetDlgItem
DestroyIcon
ReleaseDC
InvalidateRect
SetWindowTextW
SetDlgItemTextW
PostMessageW
GetParent
GetSystemMetrics
GetSysColor
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
DestroyWindow
GetWindowLongPtrW
SetWindowLongW
SetWindowLongPtrW
SystemParametersInfoW
SendDlgItemMessageW
LoadImageW
GetDC
DrawTextExW

msvcrt

_resetstkoflw
__C_specific_handler
memset
_wcsupr
_wcslwr
_errno
__CxxFrameHandler
fread
feof
realloc
fclose
_wfopen
??2@YAPEAX_K@Z
wcsstr
_wcsicmp
_wtol
_vscwprintf
free
malloc
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
memcpy
memmove
_CxxThrowException
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_wcsnicmp
_vsnwprintf
wcsncmp
bsearch
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswalpha
??_U@YAPEAX_K@Z
wcschr
wcspbrk
wcsrchr
iswdigit
_isatty
fwprintf
_itoa
memcmp

ntdll

RtlNtStatusToDosError
NtOpenProcessToken
NtClose
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryInformationToken
RtlCaptureContext

shell32

ShellExecuteExW
ord59
SHGetFolderPathW
CommandLineToArgvW

setupapi

SetupFindNextLine
pSetupSetGlobalFlags
pSetupGetGlobalFlags
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupGetTargetPathW
SetupDiSetSelectedDevice
SetupDiSetClassInstallParamsW
SetupDiGetDriverInfoDetailW
SetupOpenFileQueue
SetupDiGetSelectedDriverW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
CM_Get_DevNode_Status
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupFindNextMatchLineW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList
SetupDiClassNameFromGuidW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetActualSectionToInstallW
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupInitDefaultQueueCallbackEx
CMP_WaitNoPendingInstallEvents
SetupDiOpenClassRegKey
SetupGetStringFieldW
SetupGetLineCountW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupGetIntField
SetupGetFieldCount
SetupOpenInfFileW
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupInstallFilesFromInfSectionW
SetupPromptReboot
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Query_And_Remove_SubTreeW
CM_Setup_DevNode
CM_Get_Device_IDW
CM_Enumerate_Classes
SetupCopyOEMInfW
SetupQueueCopyW
SetupCloseFileQueue

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

ole32

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantChangeType
VariantInit
VariantClear
SysAllocString
SysFreeString

comctl32

ImageList_SetBkColor
PropertySheetW
ImageList_Create
CreatePropertySheetPageW
ImageList_ReplaceIcon

comdlg32

PrintDlgExW
GetSaveFileNameW

crypt32

CertFreeCTLContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCertificateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 517KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 348KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/Data/backupicon/10000.png
.png
Zhuangji/Data/backupicon/10001.png
.png
Zhuangji/Data/backupicon/10002.png
.png
Zhuangji/Data/backupicon/10003.png
.png
Zhuangji/Data/backupicon/10004.png
.png
Zhuangji/Data/backupicon/10005.png
.png
Zhuangji/Data/backupicon/10006.png
.png
Zhuangji/Data/backupicon/10007.png
.png
Zhuangji/Data/backupicon/10008.png
.png
Zhuangji/Data/backupicon/10009.png
.png
Zhuangji/Data/backupicon/10010.png
.png
Zhuangji/Data/backupicon/102.png
.png
Zhuangji/Data/backupicon/103.png
.png
Zhuangji/Data/backupicon/104.png
.png
Zhuangji/Data/backupicon/105.png
.png
Zhuangji/Data/backupicon/106.png
.png
Zhuangji/Data/backupicon/107.png
.png
Zhuangji/Data/backupicon/108.png
.png
Zhuangji/Data/backupicon/11000.png
.png
Zhuangji/Data/backupicon/11001.png
.png
Zhuangji/Data/backupicon/11010.png
.png
Zhuangji/Data/backupicon/12000.png
.png
Zhuangji/Data/backupicon/12001.png
.png
Zhuangji/Data/backupicon/12002.png
.png
Zhuangji/Data/backupicon/12003.png
.png
Zhuangji/Data/backupicon/12004.png
.png
Zhuangji/Data/backupicon/12005.png
.png
Zhuangji/Data/backupicon/12006.png
.png
Zhuangji/Data/backupicon/12007.png
.png
Zhuangji/Data/backupicon/12008.png
.png
Zhuangji/Data/backupicon/12009.png
.png
Zhuangji/Data/backupicon/12010.png
.png
Zhuangji/Data/backupicon/13000.png
.png
Zhuangji/Data/backupicon/13001.png
.png
Zhuangji/Data/backupicon/13100.png
.png
Zhuangji/Data/backupicon/13200.png
.png
Zhuangji/Data/backupicon/13300.png
.png
Zhuangji/Data/backupicon/13301.png
.png
Zhuangji/Data/backupicon/13302.png
.png
Zhuangji/Data/backupicon/13303.png
.png
Zhuangji/Data/backupicon/13304.png
.png
Zhuangji/Data/backupicon/13305.png
.png
Zhuangji/Data/backupicon/16000.png
.png
Zhuangji/Data/backupicon/16001.png
.png
Zhuangji/Data/backupicon/17000.png
.png
Zhuangji/Data/backupicon/17001.png
.png
Zhuangji/Data/backupicon/17002.png
.png
Zhuangji/Data/backupicon/17003.png
.png
Zhuangji/Data/backupicon/17004.png
.png
Zhuangji/Data/backupicon/17005.png
.png
Zhuangji/Data/backupicon/17006.png
.png
Zhuangji/Data/backupicon/18000.png
.png
Zhuangji/Data/backupicon/19000.png
.png
Zhuangji/Data/backupicon/19001.png
.png
Zhuangji/Data/backupicon/19002.png
.png
Zhuangji/Data/backupicon/19003.png
.png
Zhuangji/Data/backupicon/19004.png
.png
Zhuangji/Data/backupicon/19005.png
.png
Zhuangji/Data/backupicon/19006.png
.png
Zhuangji/Data/backupicon/2.png
.png
Zhuangji/Data/backupicon/20000.png
.png
Zhuangji/Data/backupicon/20001.png
.png
Zhuangji/Data/backupicon/20002.png
.png
Zhuangji/Data/backupicon/20003.png
.png
Zhuangji/Data/backupicon/20004.png
.png
Zhuangji/Data/backupicon/20005.png
.png
Zhuangji/Data/backupicon/20006.png
.png
Zhuangji/Data/backupicon/20007.png
.png
Zhuangji/Data/backupicon/20008.png
.png
Zhuangji/Data/backupicon/20009.png
.png
Zhuangji/Data/backupicon/202.png
.png
Zhuangji/Data/backupicon/3.png
.png
Zhuangji/Data/backupicon/30000.png
.png
Zhuangji/Data/backupicon/30001.png
.png
Zhuangji/Data/backupicon/30002.png
.png
Zhuangji/Data/backupicon/4.png
.png
Zhuangji/Data/backupicon/401.png
.png
Zhuangji/Data/backupicon/5.png
.png
Zhuangji/Data/backupicon/defbackup.png
.png
Zhuangji/Data/backupicon/document.png
.png
Zhuangji/Data/backupicon/driver.png
.png
Zhuangji/Data/backupicon/file.png
.png
Zhuangji/Data/backupicon/image.png
.png
Zhuangji/Data/backupicon/installation.png
.png
Zhuangji/Data/backupicon/music.png
.png
Zhuangji/Data/backupicon/vedio.png
.png
Zhuangji/Data/bench_gard.dat
Zhuangji/Data/gbench_scene.pk3
.zip
media/earth.jpg
.jpg
media/earth.x
media/earthbump.jpg
.jpg
media/fireball.bmp
media/logo.png
.png
media/particlered.bmp
media/particlewhite.bmp
media/rockwall.jpg
.jpg
media/rockwall_height.bmp
media/room.3ds
media/tag_fps.png
.png
media/tag_tim.png
.png
media/tag_triangles.png
.png
Zhuangji/Data/html/error_drvinfo.html
.html .js polyglot
Zhuangji/Data/html/error_softinfo.html
.html .js polyglot
Zhuangji/Data/html/images/icon_1.png
.png
Zhuangji/Data/kbkscript.dat
Zhuangji/Data/knavlib.dat
Zhuangji/Data/mksysdev.dat
Zhuangji/Data/office.dat
Zhuangji/Data/osricsoft.dat
Zhuangji/Data/soft.dat
Zhuangji/Data/softconvert.dat
Zhuangji/Data/system.dat
Zhuangji/Data/system64.dat
Zhuangji/Irrlicht.dll
.dll windows:4 windows x86 arch:x86

4151be17f2decdae3d96c6e0c5ec41b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
QueryPerformanceFrequency
OutputDebugStringA
SetThreadAffinityMask
QueryPerformanceCounter
GetSystemInfo
UnmapViewOfFile
CreateFileW
CreateFileMappingA
GetFileSize
MapViewOfFile
lstrcmpiA
InterlockedCompareExchange
SetEndOfFile
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetTimeZoneInformation
GetTickCount
LCMapStringA
GetLocaleInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
InterlockedExchange
FlushFileBuffers
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
ReadFile
CloseHandle
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetStringTypeW
GetStringTypeA
GlobalLock
GlobalUnlock
GlobalMemoryStatus
GlobalAlloc
MultiByteToWideChar
GetVersionExA
GetLastError
LoadLibraryA
Sleep
GetProcAddress
LCMapStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
DeleteCriticalSection
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetCPInfo
RaiseException
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
GetProcessHeap
GetCommandLineA
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
FindClose
GetFileAttributesA
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetDriveTypeA
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA

user32

OpenClipboard
SetClipboardData
CloseClipboard
GetClipboardData
EmptyClipboard
ToAsciiEx
SetForegroundWindow
GetMessagePos
GetCapture
EndPaint
PeekMessageA
GetFocus
ShowCursor
ReleaseCapture
GetKeyboardState
SetWindowPlacement
MoveWindow
EnumDisplaySettingsA
GetWindowPlacement
LoadImageA
GetCursorInfo
GetKeyboardLayout
GetClientRect
UpdateWindow
MapVirtualKeyA
SendMessageTimeoutA
GetWindowRect
SetWindowLongA
SetWindowPos
BeginPaint
GetCursorPos
SetActiveWindow
GetDoubleClickTime
ShowWindow
SendMessageTimeoutW
ChangeDisplaySettingsA
SetCursorPos
PostQuitMessage
GetActiveWindow
SetCapture
DispatchMessageA
ClientToScreen
ReleaseDC
DestroyWindow
AdjustWindowRect
LoadCursorA
DefWindowProcA
GetSystemMetrics
RegisterClassExA
GetDC
CreateWindowExA

gdi32

GetDeviceGammaRamp
SetDeviceGammaRamp
GetPixelFormat
SetPixelFormat
DescribePixelFormat
SwapBuffers
ChoosePixelFormat
StretchDIBits
DeleteObject

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

opengl32

glDepthFunc
glHint
glShadeModel
glLoadMatrixf
glReadBuffer
glClipPlane
glTexCoord2f
glTexParameteri
glVertex3f
glVertex2i
glColorMask
glTexEnvf
glPopMatrix
glPushMatrix
glFogf
glClear
glStencilFunc
glDrawElements
glScissor
glDrawBuffer
wglDeleteContext
glTexCoordPointer
glTexGeni
glFogi
glGetError
glLoadIdentity
glReadPixels
glGetIntegerv
glGetFloatv
glGetTexImage
glTexSubImage2D
glCopyTexSubImage2D
glGenTextures
glTexImage2D
glDeleteTextures
glVertex2f
glDisableClientState
wglMakeCurrent
glEnd
glAlphaFunc
wglGetProcAddress
glFogfv
glLineWidth
glBegin
glEnable
glTexParameterf
glMaterialf
glTranslatef
glPushAttrib
glPixelStorei
glFlush
glGetString
glDepthMask
glEnableClientState
glViewport
glNormalPointer
wglCreateContext
glTexEnvi
glDrawArrays
glMatrixMode
glLightf
glPolygonOffset
glVertexPointer
glColor4ub
glColorMaterial
glDisable
glLightModeli
glFrontFace
glRectf
glPopAttrib
glClearColor
glMaterialfv
glBindTexture
glStencilOp
glCullFace
glClearDepth
glPointSize
glStencilMask
glLightfv
glBlendFunc
glColorPointer
glLightModelfv
glPolygonMode
glIsEnabled

Exports

Exports

?IdentityMaterial@video@irr@@3VSMaterial@12@A
?IdentityMatrix@core@irr@@3V?$CMatrix4@M@12@B
?createIrrXMLReader@io@irr@@YAPAV?$IIrrXMLReader@DVIXMLBase@io@irr@@@12@PAU_iobuf@@@Z
?createIrrXMLReader@io@irr@@YAPAV?$IIrrXMLReader@DVIXMLBase@io@irr@@@12@PAVIFileReadCallBack@12@_N@Z
?createIrrXMLReader@io@irr@@YAPAV?$IIrrXMLReader@DVIXMLBase@io@irr@@@12@PBD@Z
?createIrrXMLReaderUTF16@io@irr@@YAPAV?$IIrrXMLReader@GVIXMLBase@io@irr@@@12@PAU_iobuf@@@Z
?createIrrXMLReaderUTF16@io@irr@@YAPAV?$IIrrXMLReader@GVIXMLBase@io@irr@@@12@PAVIFileReadCallBack@12@_N@Z
?createIrrXMLReaderUTF16@io@irr@@YAPAV?$IIrrXMLReader@GVIXMLBase@io@irr@@@12@PBD@Z
?createIrrXMLReaderUTF32@io@irr@@YAPAV?$IIrrXMLReader@KVIXMLBase@io@irr@@@12@PAU_iobuf@@@Z
?createIrrXMLReaderUTF32@io@irr@@YAPAV?$IIrrXMLReader@KVIXMLBase@io@irr@@@12@PAVIFileReadCallBack@12@_N@Z
?createIrrXMLReaderUTF32@io@irr@@YAPAV?$IIrrXMLReader@KVIXMLBase@io@irr@@@12@PBD@Z
createDevice
createDeviceEx

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/Mydrivers.DAT
Zhuangji/Mydrivers.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:84:03:47:5b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

16/07/2009, 13:59

Not After

16/07/2012, 13:59

Subject

CN=REALiX,O=REALiX,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:1d:ea:ef:2f:4c:00:13:f9:61:b8:ad:56:73:f2:2b:1e:e8:90:75
Signer

Actual PE Digest

0e:1d:ea:ef:2f:4c:00:13:f9:61:b8:ad:56:73:f2:2b:1e:e8:90:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 329KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Zhuangji/Mydrivers32.SYS
.sys windows:5 windows x86 arch:x86

533fdf5771580c443681dde2cec859a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:84:03:47:5b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

16/07/2009, 13:59

Not After

16/07/2012, 13:59

Subject

CN=REALiX,O=REALiX,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:10:a3:4b:b3:3d:31:f9:3c:a4:4b:d4:80:e5:29:c7:55:7f:87:ac
Signer

Actual PE Digest

c3:10:a3:4b:b3:3d:31:f9:3c:a4:4b:d4:80:e5:29:c7:55:7f:87:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\hwinfo32\sys\i386\HWiNFO32.pdb

Imports

ntoskrnl.exe

_except_handler3
_alldiv
_allmul
IoDeleteDevice
IoDeleteSymbolicLink
ExFreePoolWithTag
memmove
ExfInterlockedRemoveHeadList
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
RtlInitUnicodeString
ZwOpenFile
ZwDeviceIoControlFile
ZwClose
IofCompleteRequest
MmMapIoSpace
ExAllocatePoolWithTag
MmUnmapIoSpace
ExfInterlockedInsertTailList

hal

HalSetBusDataByOffset
HalGetBusData
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor
HalGetBusDataByOffset

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 850B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/Mydrivers64A.SYS
.sys windows:5 windows x64 arch:x64

20b5153009d0538e018a6f00f2b16f65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:84:03:47:5b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

16/07/2009, 13:59

Not After

16/07/2012, 13:59

Subject

CN=REALiX,O=REALiX,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:98:7a:c0:0e:21:6a:f4:4c:39:5a:41:44:50:73:5e:2d:ac:62:f1
Signer

Actual PE Digest

1c:98:7a:c0:0e:21:6a:f4:4c:39:5a:41:44:50:73:5e:2d:ac:62:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

s:\hwinfo32\sys\amd64\HWiNFO32.pdb

Imports

ntoskrnl.exe

KeAcquireSpinLockRaiseToDpc
IofCompleteRequest
__C_specific_handler
ZwClose
ZwDeviceIoControlFile
ZwOpenFile
RtlInitUnicodeString
KeReleaseSpinLock
IoDeleteSymbolicLink
ExFreePoolWithTag
MmUnmapIoSpace
ExInterlockedRemoveHeadList
IoCreateSymbolicLink
IoCreateDevice
MmMapIoSpace
ExAllocatePoolWithTag
IoDeleteDevice
ExInterlockedInsertTailList

hal

HalSetBusDataByOffset
KeStallExecutionProcessor
HalGetBusDataByOffset

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/Mydrivers64I.SYS
Zhuangji/dict.ini
Zhuangji/graphicbench.exe
.exe windows:4 windows x86 arch:x86

afec9a8a0515ee22dbf4506fa00d0d18

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:39:23:de:70:a1:04:d4:50:71:3a:15:87:6a:f7:40:1c:22:4c:c7
Signer

Actual PE Digest

5c:39:23:de:70:a1:04:d4:50:71:3a:15:87:6a:f7:40:1c:22:4c:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\graphicbench.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
MultiByteToWideChar
LeaveCriticalSection
WideCharToMultiByte
QueryPerformanceCounter
ReleaseMutex
SetLastError
RaiseException
LoadLibraryA
WaitForSingleObject
SetCurrentDirectoryW
CreateFileMappingW
GetLastError
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryW
CreateMutexW
GetCommandLineW
UnmapViewOfFile
MapViewOfFileEx
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
GetModuleFileNameW
GetTickCount
CreateFileA
SetStdHandle
FreeEnvironmentStringsW
WriteConsoleW
GetConsoleOutputCP
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedIncrement
InterlockedDecrement
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetModuleHandleA
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameA
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
WriteConsoleA

user32

GetSystemMetrics
UnregisterClassA

shell32

CommandLineToArgvW

shlwapi

PathRemoveFileSpecW

irrlicht

createDevice

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zhuangji/hwinfores.dll
.dll windows:4 windows x86 arch:x86

e05764d02c128246b6cae3da8f8e2d1b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:ec:a2:77:a8:65:66:2a:ce:df:03:b3:ec:3f:e9:42:da:cd:4d:d9
Signer

Actual PE Digest

5b:ec:a2:77:a8:65:66:2a:ce:df:03:b3:ec:3f:e9:42:da:cd:4d:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\hwinfores.pdb

Imports

kernel32

GetTempPathW
GetTickCount
FindResourceW
LoadResource
LockResource
SizeofResource
CreateDirectoryW
GetFileAttributesW
CloseHandle
ReadFile
LocalFileTimeToFileTime
CreateFileW
MultiByteToWideChar
GetCurrentDirectoryW
SetFileTime
WriteFile
SetFilePointer
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetCurrentProcessId
HeapDestroy

user32

wsprintfW

msvcr80

_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
?terminate@@YAXXZ
wcsstr
malloc
calloc
free
memmove_s
??2@YAPAXI@Z
vswprintf_s
_vscwprintf
memcpy_s
??3@YAXPAX@Z
memcpy
_CxxThrowException
__CxxFrameHandler3
memset

Exports

Exports

CreateResDataObject

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 676KB - Virtual size: 673KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/kbkeng.dll
.dll windows:4 windows x86 arch:x86

cd040a37810b29f30add59f940076878

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:0e:e6:82:3c:12:a7:bd:06:55:37:fd:1a:ae:0a:b8:c5:a0:61:48
Signer

Actual PE Digest

63:0e:e6:82:3c:12:a7:bd:06:55:37:fd:1a:ae:0a:b8:c5:a0:61:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\ksafe_kbkeng_released_rb\product\win32\kbkeng.pdb

Imports

kernel32

GetSystemTimeAsFileTime
WriteFile
GetProcAddress
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
MoveFileW
SetFileAttributesW
GetFileTime
SetFileTime
SetFilePointer
FlushFileBuffers
GetDiskFreeSpaceExW
GetComputerNameW
LoadLibraryW
FreeLibrary
RaiseException
CopyFileW
CreateFileA
GetFileAttributesW
GetCurrentDirectoryW
CreateDirectoryW
LocalFileTimeToFileTime
CreateProcessW
GetVersionExW
GetModuleFileNameW
SystemTimeToFileTime
RemoveDirectoryW
DeviceIoControl
GetVolumeInformationW
lstrcmpiW
SetLastError
TerminateProcess
GetModuleHandleA
WritePrivateProfileStringW
GetPrivateProfileStringW
SetErrorMode
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetTempPathW
GetEnvironmentVariableW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocalTime
ExpandEnvironmentStringsW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LocalFree
lstrlenA
ReadFile
GetFileSize
CreateFileW
MultiByteToWideChar
lstrlenW
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateThread
OutputDebugStringA
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
GetCurrentThreadId
SetEvent
OutputDebugStringW
CreateThread
GetLastError
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
WideCharToMultiByte
LockResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
Sleep
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrcpyW
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
SetStdHandle
CompareStringW
CompareStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
VirtualAlloc
VirtualFree
HeapCreate
TlsFree
TlsSetValue
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc

user32

SystemParametersInfoW
GetSystemMetrics
GetDesktopWindow
wsprintfW
UnregisterClassA

advapi32

RegCreateKeyW
RegEnumValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathIsDirectoryW
PathAppendW
PathSkipRootW
PathFileExistsW
PathIsNetworkPathW
PathAddExtensionW
PathStripToRootW
PathFindExtensionW
PathRemoveExtensionW
PathStripPathW
PathIsRootW
PathRenameExtensionW
PathRemoveBackslashW

rpcrt4

UuidCreate

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

CreateEngine

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/kbkext.dll
.dll windows:4 windows x86 arch:x86

fee1a4ae09eb981081ca06ab8f4b7032

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:fe:e0:b0:f0:80:1a:a9:bb:05:84:f5:87:2d:29:b4:3e:90:77:d6
Signer

Actual PE Digest

11:fe:e0:b0:f0:80:1a:a9:bb:05:84:f5:87:2d:29:b4:3e:90:77:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\ksafe_kbkeng_released_rb\product\win32\kbkext.pdb

Imports

crypt32

CertGetEnhancedKeyUsage
PFXImportCertStore
CertCloseStore
CertFreeCertificateContext
PFXExportCertStoreEx
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertOpenStore

kernel32

OpenProcess
TerminateProcess
FindResourceW
lstrcmpW
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceExW
LoadLibraryA
OutputDebugStringA
GetEnvironmentVariableW
CopyFileW
WriteConsoleW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleA
GetFileSize
ReadFile
SetLastError
GetFileAttributesW
Sleep
GetCurrentProcess
GetLastError
GetModuleHandleW
GetProcAddress
WriteFile
CreateFileW
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
FlushFileBuffers
LeaveCriticalSection
SetFilePointer
EnterCriticalSection
lstrlenW
CreateProcessW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
CompareStringA
LCMapStringA
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
ExitProcess
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

wsprintfW
UnregisterClassA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW
ImpersonateLoggedOnUser
DuplicateTokenEx
LookupAccountNameW
GetUserNameW
ConvertSidToStringSidW

shell32

SHGetFolderPathW
SHChangeNotify

ole32

StgCreateDocfile
StgOpenStorage

shlwapi

PathAppendW
StrCpyNW

userenv

GetUserProfileDirectoryW

Exports

Exports

RegistLuaFunction

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/kbkvss60.dll
.dll windows:4 windows x86 arch:x86

1f0664dfa7ddc3bed9cbedd8913066e1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:f2:c3:81:7c:7a:0a:2f:56:21:a8:7d:88:4c:8b:d3:06:36:41:36
Signer

Actual PE Digest

25:f2:c3:81:7c:7a:0a:2f:56:21:a8:7d:88:4c:8b:d3:06:36:41:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\ksafe_kbkeng_released_rb\product\win32\kbkvss60.pdb

Imports

kernel32

TerminateProcess
GetModuleHandleA
GetSystemDirectoryW
LoadLibraryW
OutputDebugStringW
GetComputerNameW
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
SetLastError
Sleep
GetCurrentProcess
GetLastError
GetProcAddress
FlushFileBuffers
SetFilePointer
WriteFile
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

UnregisterClassA

ole32

CoUninitialize
CoInitialize

shlwapi

PathAppendW

Exports

Exports

CreateEngine

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/kdump.dll
.dll windows:4 windows x86 arch:x86

3bda738ba8780ab896064a95ae163339

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:bf:23:a5:0f:b2:b7:54:fb:8a:d8:dc:4c:8e:6c:66:d7:cc:35:c9
Signer

Actual PE Digest

7e:bf:23:a5:0f:b2:b7:54:fb:8a:d8:dc:4c:8e:6c:66:d7:cc:35:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kcloud\kcloud\src\kdump\dump\Release\kdump.pdb

Imports

kernel32

LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetModuleHandleW
lstrcatW
GetTempPathW
GetCurrentProcess
OutputDebugStringA
GetProcessTimes
SystemTimeToFileTime
GetSystemTime
CreateEventW
TerminateThread
WaitForSingleObject
SetEvent
WriteFile
CreateFileW
CreateDirectoryW
ReadFile
CloseHandle
lstrlenW
MultiByteToWideChar
lstrlenA
GetWindowsDirectoryW
ExpandEnvironmentStringsW
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
OpenThread
WritePrivateProfileStringW
FlushFileBuffers
GetCurrentProcessId
SetEndOfFile
CreateProcessW
CreateThread
CopyFileW
lstrcpynW
lstrcpyW
GetCurrentThreadId
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDriveStringsW
VirtualQuery
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
GetModuleFileNameW
GetPrivateProfileIntW
WideCharToMultiByte
GetFileAttributesW
GetConsoleOutputCP
WriteConsoleA
WriteConsoleW
SetStdHandle
LoadLibraryA
InterlockedExchange
GetConsoleMode
VirtualProtect
GetThreadLocale
InterlockedCompareExchange
CreateFileA
GetLocaleInfoW
GetConsoleCP
SetFilePointer
RaiseException
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedDecrement
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
LCMapStringA
LCMapStringW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW

user32

wsprintfW
UnregisterClassA

advapi32

RegSetValueExW
RegCreateKeyExW
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

shlwapi

PathAddBackslashW
PathStripPathW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
PathAppendW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

userenv

ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetModuleInformation

Exports

Exports

KxEOpenDumpMonitor
KxEOpenDumpMonitorEx
KxEOpenDumpMonitorEx2
KxESetPostServer
KxESetTrialMode
KxRegisterUnhandledExceptionFilter
KxUnregisterUnhandledExceptionFilter

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/kdumprep.exe
.exe windows:4 windows x86 arch:x86

dad0cb147d16c17ed81a5ae668ac79cc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f2:ce:d2:91:59:c5:09:c3:d9:7f:00:3d:b9:25:41:d3:d3:26:89:c0
Signer

Actual PE Digest

f2:ce:d2:91:59:c5:09:c3:d9:7f:00:3d:b9:25:41:d3:d3:26:89:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kingsoft_duba\build\build_src\kcloud\kcloud\src\product\win32\kdumprep.pdb

Imports

kernel32

GetTickCount
TerminateThread
GetCurrentProcess
Sleep
FlushInstructionCache
GetExitCodeThread
GetProcAddress
GetModuleHandleW
RaiseException
OpenProcess
SetLastError
WritePrivateProfileStringW
OutputDebugStringA
GetModuleFileNameW
GetPrivateProfileStringW
GetCommandLineW
FreeLibrary
GetTempPathW
CreateDirectoryW
InitializeCriticalSection
CopyFileW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetSystemDirectoryW
CreateProcessW
DeleteCriticalSection
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetFileInformationByHandle
SetFilePointer
SystemTimeToFileTime
WriteFile
FileTimeToSystemTime
ReadFile
GetLocalTime
GetVersionExW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalMemoryStatusEx
GetThreadLocale
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LeaveCriticalSection
InterlockedExchange
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsFree
EnterCriticalSection
GetCurrentThreadId
LoadLibraryW
GetCurrentProcessId
GetPrivateProfileIntW
MultiByteToWideChar
GetPrivateProfileStringA
WideCharToMultiByte
GetFileAttributesW
CreateFileW
lstrlenA
lstrcpyW
FindResourceW
lstrlenW
FindResourceExW
LoadResource
LockResource
SizeofResource
CreateThread
WaitForSingleObject
UnmapViewOfFile
GetFileSize
MapViewOfFile
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CloseHandle
CreateFileMappingW
GetLastError
SetStdHandle

user32

GetDlgCtrlID
GetCursorPos
GetActiveWindow
GetDlgItem
SetWindowLongW
EnableWindow
SetDlgItemTextW
EndPaint
RedrawWindow
GetWindowDC
SetCursor
GetWindowTextW
LoadCursorW
ReleaseDC
wsprintfW
DispatchMessageW
TranslateMessage
PeekMessageW
LoadBitmapW
InvalidateRect
DrawIcon
UpdateWindow
ShowWindow
SetWindowTextW
BeginPaint
DestroyWindow
LoadStringW
EndDialog
GetDesktopWindow
CharNextW
wvsprintfA
IsWindowVisible
MessageBoxW
PostQuitMessage
wsprintfA
CreateDialogParamW
DialogBoxParamW
wvsprintfW
GetWindowTextLengthW
PostMessageW
GetMessageW
SetForegroundWindow
EnableMenuItem
GetWindowRect
GetMenuItemID
CallWindowProcW
GetMenuItemCount
MoveWindow
GetSystemMenu
GetWindowLongW
DefWindowProcW
SendMessageW
ScreenToClient
UnregisterClassA

gdi32

BitBlt
CreateCompatibleDC
DeleteDC
SetBkColor
CreateSolidBrush
TextOutW
SelectObject
SetBkMode
SetTextColor
CreateFontW
DeleteObject
CreateBitmap

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

ShellExecuteA
SHGetFolderPathW
ShellExecuteW
SHGetFileInfoW
CommandLineToArgvW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
PathStripPathW

comctl32

ImageList_Destroy
ImageList_LoadImageW
ImageList_DrawEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
inet_addr
gethostbyname
connect
WSAAsyncSelect
socket
WSACleanup
closesocket
WSAStartup
WSAGetLastError
send

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessMemoryInfo

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zhuangji/ksafedb.dll
.dll windows:4 windows x86 arch:x86

3d18b85fda54c2cdb55092cbd29e05ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:79:4d:cf:51:e8:a7:7b:ae:38:0a:ea:64:8c:2e:f5:fd:83:1f:de
Signer

Actual PE Digest

df:79:4d:cf:51:e8:a7:7b:ae:38:0a:ea:64:8c:2e:f5:fd:83:1f:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\ksafe_2.5_rb\product\win32\ksafedb.pdb

Imports

kernel32

CreateFileA
GetProcAddress
InitializeCriticalSection
DeleteFileW
GetFileSize
GetCurrentProcessId
WideCharToMultiByte
GetTempPathA
SetFilePointer
LoadLibraryW
LockFileEx
GetSystemTime
EnterCriticalSection
AreFileApisANSI
SetEndOfFile
GetDiskFreeSpaceW
DeleteFileA
Sleep
FreeLibrary
LoadLibraryA
GetVersionExW
InterlockedIncrement
LeaveCriticalSection
GetFileAttributesA
QueryPerformanceCounter
GetFileAttributesW
GetDiskFreeSpaceA
ReadFile
UnlockFile
LockFile
CreateFileW
MultiByteToWideChar
GetTickCount
DeleteCriticalSection
GetCurrentThreadId
GetFullPathNameW
GetSystemTimeAsFileTime
FlushFileBuffers
FormatMessageA
GetFullPathNameA
GetTempPathW
WriteFile
CloseHandle
GetLastError
FindResourceW
GetModuleFileNameW
GetPrivateProfileIntW
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
InterlockedDecrement
lstrlenW
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
HeapSize
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA

shlwapi

PathFindFileNameW
PathAppendW
PathAddBackslashW
PathRemoveFileSpecW

user32

UnregisterClassA

Exports

Exports

BKDbCreateObject
BKDbInitialize
BKDbUninitialize

Sections

.text
Size: 420KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/ksdriverC.dll
.dll windows:5 windows x86 arch:x86

efd51898bac3580dbbb8b8b6ecb205f5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:cc:ca:c9:6f:5c:dd:80:3c:f9:b3:7c:7e:91:0d:f7:da:a8:ab:6a
Signer

Actual PE Digest

2f:cc:ca:c9:6f:5c:dd:80:3c:f9:b3:7c:7e:91:0d:f7:da:a8:ab:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\新建文件夹 (4)\bin\MydriversC.pdb

Imports

kernel32

SetFilePointer
FlushFileBuffers
GetCurrentProcess
CreateFileA
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
WriteFile
Sleep
ExitProcess
HeapSize
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalAddAtomA
GlobalFlags
WritePrivateProfileStringA
GetCurrentProcessId
InterlockedIncrement
GetModuleHandleW
GlobalGetAtomNameA
CloseHandle
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
SetErrorMode
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetProcAddress
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
GetModuleHandleA
GetCommandLineA
lstrlenA
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
VirtualAlloc
WideCharToMultiByte

advapi32

RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
DestroyMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
PostQuitMessage
PostMessageA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
SendMessageA
IsWindowVisible
MessageBoxA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow

gdi32

CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
DeleteDC
ScaleWindowExtEx
GetStockObject
SetViewportOrgEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
OffsetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

??4Ccrypt@@QAEAAV0@ABV0@@Z
EncryptData_

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/ksdriverI.dll
.dll windows:4 windows x86 arch:x86

0d317bcbd6dcad44bb63f4e05d19a490

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:d7:52:de:ac:54:f5:ae:c4:a0:6c:93:ff:94:02:d2:28:50:7e:55
Signer

Actual PE Digest

dc:d7:52:de:ac:54:f5:ae:c4:a0:6c:93:ff:94:02:d2:28:50:7e:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupFindNextLine
SetupOpenInfFileA
SetupCloseInfFile
SetupGetLineCountA
SetupGetLineByIndexA
SetupGetLineTextA
SetupFindFirstLineA
SetupGetStringFieldA
SetupGetFieldCount
SetupDiGetClassImageList
CM_Get_Sibling_Ex
SetupDiGetClassImageIndex
CM_Get_Child_Ex
CM_Get_DevNode_Registry_Property_ExA
SetupDiDestroyClassImageList
CM_Locate_DevNodeA
CM_Get_DevNode_Status
CM_Get_DevNode_Status_Ex
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Connect_MachineA
CM_Locate_DevNode_ExA
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiGetDeviceInfoListDetailA
CM_Get_Device_ID_ExA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA

newdev

UpdateDriverForPlugAndPlayDevicesA

cabinet

ord20
ord23
ord21
ord22
ord13
ord11
ord14
ord10

kernel32

lstrcpynA
lstrcmpiA
WaitForSingleObject
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThreadId
SuspendThread
CreateEventA
FindNextFileA
IsBadWritePtr
IsBadReadPtr
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GetVolumeInformationA
lstrcatA
GetVersion
lstrcmpA
GetFileSize
GetFileTime
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetFileType
GetCommandLineA
ExitThread
HeapSize
GetTimeZoneInformation
GetACP
HeapReAlloc
ExitProcess
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetDriveTypeA
IsBadCodePtr
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
LocalFree
InterlockedIncrement
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
WideCharToMultiByte
GetLocaleInfoA
GlobalLock
GlobalUnlock
GetEnvironmentVariableA
GetWindowsDirectoryA
GetModuleHandleA
GetFullPathNameA
GetModuleFileNameA
MultiByteToWideChar
CreateDirectoryA
MoveFileA
InterlockedDecrement
GlobalAlloc
OutputDebugStringA
FreeLibrary
SetLastError
TerminateThread
GetTempPathA
SetCurrentDirectoryA
GetPrivateProfileStringA
GetVersionExA
GetComputerNameA
lstrlenA
GetLastError
Sleep
CreateThread
GetCurrentProcess
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
SetErrorMode

user32

DrawTextA
TabbedTextOutA
DestroyMenu
PostQuitMessage
ClientToScreen
PtInRect
GetClassNameA
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorA
SetWindowTextA
LoadIconA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
ExitWindowsEx
SendMessageA
FindWindowA
FindWindowExA
PostMessageA
wsprintfA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
GetWindowRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
GrayStringA
CheckMenuItem
EnableMenuItem
MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
ShowWindow
SetForegroundWindow
SystemParametersInfoA
GetKeyState
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetFocus
GetNextDlgTabItem
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMessageA
GetActiveWindow
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetSystemMetrics
CharUpperA
GetParent
SetWindowPos

gdi32

SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SetViewportOrgEx
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
OffsetViewportOrgEx
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExA
RegEnumValueA
RegOpenKeyA
AdjustTokenPrivileges

comctl32

ord17

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysFreeString
VariantCopy
VariantClear
SafeArrayCreateVector
SysAllocString
GetErrorInfo

rpcrt4

UuidFromStringA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kspatchcore

ord208

Exports

Exports

AddFile2Cab_
Compress_
CreateCabinet_
CreateDriver
CreateSoft
DeInitHw
Decompress_
DestroyCabinet_
DestroyDriver
DestroySoft
DevError
FindTarget
FlushCab_
GetDevicePropertyByDeviceID
GetDeviceStatus
GetDriverXMLLength
GetDriverXMLOutput
GetMydriversInfo
GetMydriversInfoLen
GetPrimeDeviceList
GetPrimeDeviceListStatus
GetServerRet
GetServerRetLen
GetSoft
GetSoftLen
GetTemperature
InitHw
IsDeviceExist
PostDriverToServer
Rescan2
ShowDeviceProperties
cmdDisable
cmdEnable
cmdReboot
cmdRemove
cmdRescan
cmdStatus
cmdUpdate

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/ksoft/Dataicon/soft.png
.png
Zhuangji/ksoft/Dataicon/ttype.png
.png
Zhuangji/ksoft/Dataicon/ttype_av.png
.png
Zhuangji/ksoft/Dataicon/ttype_browser.png
.png
Zhuangji/ksoft/Dataicon/ttype_coder.png
.png
Zhuangji/ksoft/Dataicon/ttype_compress.png
.png
Zhuangji/ksoft/Dataicon/ttype_desktop.png
.png
Zhuangji/ksoft/Dataicon/ttype_dictionary.png
.png
Zhuangji/ksoft/Dataicon/ttype_digital.png
.png
Zhuangji/ksoft/Dataicon/ttype_downer.png
.png
Zhuangji/ksoft/Dataicon/ttype_driver.png
.png
Zhuangji/ksoft/Dataicon/ttype_editor.png
.png
Zhuangji/ksoft/Dataicon/ttype_else.png
.png
Zhuangji/ksoft/Dataicon/ttype_email.png
.png
Zhuangji/ksoft/Dataicon/ttype_game.png
.png
Zhuangji/ksoft/Dataicon/ttype_im.png
.png
Zhuangji/ksoft/Dataicon/ttype_input_method.png
.png
Zhuangji/ksoft/Dataicon/ttype_music.png
.png
Zhuangji/ksoft/Dataicon/ttype_network.png
.png
Zhuangji/ksoft/Dataicon/ttype_photo.png
.png
Zhuangji/ksoft/Dataicon/ttype_stock.png
.png
Zhuangji/ksoft/Dataicon/ttype_study.png
.png
Zhuangji/ksoft/Dataicon/ttype_tool.png
.png
Zhuangji/ksoft/Dataicon/ttype_vedio.png
.png
Zhuangji/ksoft/Dataicon/type.png
.png
Zhuangji/ksoft/Dataicon/type_av.png
.png
Zhuangji/ksoft/Dataicon/type_browser.png
.png
Zhuangji/ksoft/Dataicon/type_coder.png
.png
Zhuangji/ksoft/Dataicon/type_compress.png
.png
Zhuangji/ksoft/Dataicon/type_desktop.png
.png
Zhuangji/ksoft/Dataicon/type_dictionary.png
.png
Zhuangji/ksoft/Dataicon/type_digital.png
.png
Zhuangji/ksoft/Dataicon/type_downer.png
.png
Zhuangji/ksoft/Dataicon/type_driver.png
.png
Zhuangji/ksoft/Dataicon/type_editor.png
.png
Zhuangji/ksoft/Dataicon/type_else.png
.png
Zhuangji/ksoft/Dataicon/type_email.png
.png
Zhuangji/ksoft/Dataicon/type_game.png
.png
Zhuangji/ksoft/Dataicon/type_im.png
.png
Zhuangji/ksoft/Dataicon/type_input_method.png
.png
Zhuangji/ksoft/Dataicon/type_music.png
.png
Zhuangji/ksoft/Dataicon/type_network.png
.png
Zhuangji/ksoft/Dataicon/type_photo.png
.png
Zhuangji/ksoft/Dataicon/type_stock.png
.png
Zhuangji/ksoft/Dataicon/type_study.png
.png
Zhuangji/ksoft/Dataicon/type_tool.png
.png
Zhuangji/ksoft/Dataicon/type_vedio.png
.png
Zhuangji/ksoft/data/autoinst.dat
Zhuangji/ksoft/data/fonts.dat
Zhuangji/ksoft/data/rank.dat
Zhuangji/ksoft/data/softmgr.dat
Zhuangji/ksoft/data/softmgrup.dat
Zhuangji/ksoft/data/softnecess.dat
Zhuangji/ksoft/data/softuninst2.dat
Zhuangji/ksoft/html/error.html
.html .js polyglot
Zhuangji/ksoft/html/images/icon_1.jpg
.jpg
Zhuangji/ksoft/kauins.exe
.exe windows:4 windows x86 arch:x86

3233a9b67677bcb412467dad2e719bbc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

29:08:bd:51:a3:9f:ca:36:00:d8:84:22:89:47:68:f2:9e:bb:ee:80
Signer

Actual PE Digest

29:08:bd:51:a3:9f:ca:36:00:d8:84:22:89:47:68:f2:9e:bb:ee:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\ksafe_2.5_rb\product\win32\ksoft\kauins.pdb

Imports

kernel32

MultiByteToWideChar
CreateFileW
GetFileSize
SetEvent
lstrlenW
WideCharToMultiByte
TerminateProcess
WaitForMultipleObjects
CreateToolhelp32Snapshot
GetCurrentProcess
Process32FirstW
Process32NextW
TerminateThread
Sleep
CreateProcessW
OpenProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
OpenMutexW
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
GetLocalTime
WriteFile
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetProcAddress
ReadFile
GetFileAttributesW
GetModuleFileNameW
SetLastError
lstrcpyW
ReadProcessMemory
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetPrivateProfileIntW
WaitForSingleObject
lstrlenA
OpenEventW
GetLastError
SetFilePointer
CloseHandle
ResetEvent
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
VirtualAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
RtlUnwind
GetCPInfo
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree

user32

EnumWindows
GetWindowTextW
UnregisterClassA
GetClassNameW
EnumChildWindows
IsWindowEnabled
GetWindowThreadProcessId
PostMessageW
GetDlgItem
SendMessageTimeoutW
SendMessageW
GetWindowLongW
IsWindowVisible

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zhuangji/ksoft/kauinsc.dll
.dll windows:4 windows x86 arch:x86

b5f98f3770b440f46b6851d5859fc3cf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:9d:70:50:e5:f4:78:11:fb:ee:db:0c:3c:42:20:a1:5a:48:85:62
Signer

Actual PE Digest

b8:9d:70:50:e5:f4:78:11:fb:ee:db:0c:3c:42:20:a1:5a:48:85:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\ksafe_2.5_rb\product\win32\ksoft\kauinsc.pdb

Imports

kernel32

WaitForMultipleObjects
GetPrivateProfileStringW
LocalFree
CreateFileMappingW
GetPrivateProfileIntW
CreateMutexW
InterlockedIncrement
TerminateThread
ResetEvent
MapViewOfFile
CreateEventW
UnmapViewOfFile
InterlockedDecrement
EnterCriticalSection
FlushFileBuffers
CreateFileW
GetLocalTime
WriteFile
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
lstrlenW
LeaveCriticalSection
GetProcAddress
GetFileAttributesW
GetModuleFileNameW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
Process32NextW
Process32FirstW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
SetEvent
MultiByteToWideChar
CloseHandle
OpenProcess
GetCurrentProcess
GetExitCodeProcess
Sleep
WaitForSingleObject
lstrlenA
SetLastError
TerminateProcess
CreateProcessW
GetLastError
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
LCMapStringW

user32

CloseWindowStation
CloseDesktop
GetWindowThreadProcessId
EnumDesktopWindows
OpenDesktopW
PostMessageW
EnumDesktopsW
OpenWindowStationW
CreateDesktopW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
GetSecurityDescriptorSacl

ole32

CoCreateGuid

Exports

Exports

KSAICreateModule

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/ksoft/softmgr.dll
.dll windows:4 windows x86 arch:x86

05ffb48f7713fdf6137647e33a6fac53

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:5b:4c:a5:f9:bf:f0:c2:cc:2d:44:a0:cc:69:83:57:51:4c:58:90
Signer

Actual PE Digest

ae:5b:4c:a5:f9:bf:f0:c2:cc:2d:44:a0:cc:69:83:57:51:4c:58:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\softmgr.pdb

Imports

kernel32

CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryA
FormatMessageA
LocalFree
GetLogicalDriveStringsW
SetFilePointer
QueryDosDeviceW
CreateToolhelp32Snapshot
RaiseException
Process32FirstW
Sleep
Process32NextW
MoveFileExW
GetTempPathW
VirtualAllocEx
lstrcmpiW
ReadProcessMemory
VirtualFreeEx
CreateProcessW
MoveFileW
GetModuleFileNameW
GetSystemDirectoryW
OpenProcess
RemoveDirectoryW
FindResourceExW
WritePrivateProfileStringW
GetEnvironmentVariableW
CopyFileW
GetCurrentProcessId
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
OutputDebugStringW
lstrlenA
FindFirstFileW
FindNextFileW
WideCharToMultiByte
FindClose
lstrlenW
SetThreadLocale
LoadLibraryW
GetPrivateProfileIntW
InitializeCriticalSection
CreateEventW
DeleteCriticalSection
GetTempFileNameW
FindFirstFileExW
ExpandEnvironmentStringsW
GetFullPathNameW
GetProcessTimes
GetVersionExW
WaitForMultipleObjects
GetLongPathNameW
GetModuleHandleW
GetCurrentProcess
GetFileAttributesExW
IsDebuggerPresent
GetFileSize
LoadResource
LockResource
SizeofResource
WriteFile
FindResourceW
ReadFile
CreateFileW
MultiByteToWideChar
GetLastError
InterlockedIncrement
DeleteFileW
TerminateThread
WaitForSingleObject
ResumeThread
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
SetEvent
CloseHandle
InterlockedDecrement
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidLocale
EnumSystemLocalesA
SetUnhandledExceptionFilter
GetUserDefaultLCID
GetCurrentDirectoryA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
GetDriveTypeW
FileTimeToLocalFileTime
UnhandledExceptionFilter
TerminateProcess
CreateDirectoryW
SetFileAttributesW
SetLastError
GetTickCount
GetDiskFreeSpaceExW
CreateWaitableTimerW
SetWaitableTimer
ResetEvent
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
ExitThread
GetCurrentThreadId
CreateThread
FileTimeToSystemTime

user32

GetDesktopWindow
FindWindowW
FindWindowExW
GetWindowThreadProcessId
UnregisterClassA
SendMessageW

advapi32

RegEnumValueW
GetSidSubAuthority
CopySid
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetLengthSid
IsValidSid
RegDeleteValueW
RegDeleteKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitializeAcl
AddAce
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathGetDriveNumberW
PathCombineW
PathRemoveFileSpecW
StrRChrW
PathIsDirectoryW
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW
PathFindFileNameW
StrStrNIW
PathFindExtensionW
PathRemoveBackslashW
StrStrIW
StrCmpNIW
PathFileExistsW
StrCmpNW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

wininet

InternetQueryOptionW
InternetSetOptionW
InternetCrackUrlW
HttpSendRequestExW
HttpEndRequestW
InternetReadFileExA
InternetOpenW
InternetConnectW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetCloseHandle
HttpOpenRequestW

sqlite3

sqlite3_column_text16
sqlite3_column_count
sqlite3_column_name16
sqlite3_bind_text16
sqlite3_reset
sqlite3_bind_blob
sqlite3_open16
sqlite3_column_int
sqlite3_close
sqlite3_prepare16_v2
sqlite3_column_blob
sqlite3_step
sqlite3_finalize

Exports

Exports

CreateSoftMgrObject
CreateUpdateHelper

Sections

.text
Size: 724KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/ksoft/softmgr.ico
Zhuangji/kspatchcore.dll
.dll windows:4 windows x86 arch:x86

923dccb6f908c16531f85157900391cc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:7e:d7:c6:d0:6d:54:4f:3d:e7:ea:c8:ef:64:18:56:53:83:fe:04
Signer

Actual PE Digest

cd:7e:d7:c6:d0:6d:54:4f:3d:e7:ea:c8:ef:64:18:56:53:83:fe:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord1089
ord4424
ord3738
ord815
ord561
ord535
ord2818
ord537
ord2915
ord539
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord823
ord825
ord5186
ord6385
ord1979
ord354
ord665
ord540
ord4622
ord800
ord342

msvcrt

_CxxThrowException
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
strcmp
strncpy
strcat
strlen
wcstombs
strcpy
__CxxFrameHandler
memset
memcpy

kernel32

MultiByteToWideChar
lstrlenA
LocalAlloc
LocalFree
GetVersionExA
CreateProcessA
WaitForSingleObject
InterlockedDecrement
GetLastError

user32

wsprintfA
GetDesktopWindow

advapi32

RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHFileOperationA

ole32

CoInitializeSecurity
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Exports

Exports

GetHDSN
GetHardInfo

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MyData
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/kstray.exe
.exe windows:4 windows x86 arch:x86

b9571779849ec166165dfebd0be08138

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:26:03:45:08:4a:3c:c4:10:d3:52:35:49:61:d6:0a:03:aa:c0:83
Signer

Actual PE Digest

cd:26:03:45:08:4a:3c:c4:10:d3:52:35:49:61:d6:0a:03:aa:c0:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
GetTickCount
QueryPerformanceCounter
InterlockedIncrement
lstrlenW
lstrlenA
MultiByteToWideChar
GetVersion
GetCurrentThreadId
GetPrivateProfileIntW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
SetFileAttributesW
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
WideCharToMultiByte
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
CreateThread
ResumeThread
ExitThread
Sleep
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLongPathNameW
LocalFree
GetVersionExW
ExpandEnvironmentStringsW
CreateEventW
WaitForMultipleObjects
ResetEvent
WritePrivateProfileStringW
GlobalMemoryStatus
SetEvent
SetCurrentDirectoryW
GlobalAddAtomW
ReleaseMutex
GetFileAttributesW
GetPrivateProfileStringW
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileW
GetFileSize
ReadFile
TerminateThread
GetModuleFileNameW
LoadLibraryExW
FreeResource
WaitForSingleObject
SetLastError
lstrcmpiW
GetStartupInfoA
InterlockedDecrement
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
FlushInstructionCache
GlobalFindAtomW
GlobalDeleteAtom
CreateMutexW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
CloseHandle
FindResourceExW
FindResourceW
RaiseException
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetLocaleInfoA
GetACP
InterlockedExchange
GetThreadLocale
OpenProcess
WriteFile
EnterCriticalSection
GetLastError
HeapCreate

user32

OffsetRect
SetWindowLongW
CreateWindowExW
GetWindowLongW
SendMessageW
MoveWindow
SetWindowPos
GetWindowRect
UnregisterClassA
GetWindowThreadProcessId
WindowFromPoint
GetForegroundWindow
GetAncestor
GetClientRect
InvalidateRect
MapWindowPoints
SystemParametersInfoW
GetWindow
GetParent
SetFocus
SetForegroundWindow
PostMessageW
IsIconic
ShowWindow
IsWindowVisible
RegisterWindowMessageW
DispatchMessageW
TranslateMessage
GetMessageW
IsWindow
PeekMessageW
GetClassInfoExW
LoadCursorW
CopyRect
GetSystemMetrics
EnableMenuItem
PostThreadMessageW
CheckMenuItem
FindWindowW
SetTimer
GetCursorPos
GetSubMenu
SetRect
GetKeyState
MonitorFromWindow
TrackPopupMenu
SetMenuDefaultItem
GetMenuItemID
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
ReleaseCapture
UpdateLayeredWindow
EndPaint
BeginPaint
CallWindowProcW
SetCapture
GetActiveWindow
IsWindowEnabled
EnableWindow
SetActiveWindow
LoadMenuW
IsRectEmpty
DrawIconEx
LoadIconW
DrawFrameControl
GetDlgCtrlID
EqualRect
DestroyIcon
GetDesktopWindow
DrawTextW
SetCursor
PtInRect
LoadImageW
LoadBitmapW
RegisterClassExW
GetDC
ReleaseDC
CharNextW
DefWindowProcW
DestroyWindow
GetDlgItem
InflateRect

gdi32

GetTextExtentPoint32W
TextOutW
LineTo
MoveToEx
GetClipRgn
CreateRectRgnIndirect
RoundRect
RectInRegion
SetBkMode
CreateCompatibleBitmap
CreateBitmap
StretchBlt
SetTextColor
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteDC
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteObject
CreateRectRgn
CreatePen
SetBkColor
ExtTextOutW
Rectangle
SelectClipRgn
SelectObject
RestoreDC
SaveDC
CombineRgn

advapi32

GetSidSubAuthority
GetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
SetNamedSecurityInfoW
InitializeAcl
AddAce
CopySid
IsValidSid
GetLengthSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

StrCpyNW
PathFindFileNameW
SHSetValueW
StrToIntA
SHGetValueW
StrToIntW
PathRemoveFileSpecW
StrCmpNIW
StrCmpNW
StrRChrW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipFree
GdipDrawImageRectRectI
GdipCloneImage
GdiplusStartup
GdipSetSmoothingMode
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipSetPageUnit
GdipSetPageScale
GdipLoadImageFromStream
GdipDeleteGraphics
GdipAlloc
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipDisposeImage

wininet

HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
InternetSetOptionW
InternetOpenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zhuangji/ksver.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:e5:bb:d1:af:f6:fe:19:f3:1b:aa:8a:e9:36:51:3f:83:02:b4:5b
Signer

Actual PE Digest

10:e5:bb:d1:af:f6:fe:19:f3:1b:aa:8a:e9:36:51:3f:83:02:b4:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\ksver.pdb

Sections

.rdata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/ksvul.dll
.dll windows:4 windows x86 arch:x86

05079557530608ff625cf5059ec3145f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:91:b0:51:b3:71:fd:a5:df:36:79:be:cf:2b:20:90:ee:de:58:37
Signer

Actual PE Digest

2f:91:b0:51:b3:71:fd:a5:df:36:79:be:cf:2b:20:90:ee:de:58:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\ksvul.pdb

Imports

kernel32

ExpandEnvironmentStringsW
CreateFileW
LocalFree
GetLastError
GetModuleFileNameW
SetFileAttributesW
CreateDirectoryW
GetVersionExW
FindNextFileW
FindClose
FindFirstFileW
FindResourceExW
LoadResource
LockResource
ExitThread
SetWaitableTimer
CreateWaitableTimerW
ResetEvent
GetDiskFreeSpaceExW
WaitForMultipleObjects
GetSystemDirectoryW
CloseHandle
GetSystemDefaultUILanguage
MoveFileExA
GetFileAttributesA
GetSystemWindowsDirectoryW
SizeofResource
FindResourceW
SetLastError
RaiseException
InterlockedDecrement
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
LoadLibraryA
GetFileAttributesW
GetProcessTimes
GetExitCodeThread
SuspendThread
TerminateThread
GetThreadLocale
SetThreadLocale
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringW
FileTimeToSystemTime
GetPrivateProfileStringW
WaitForSingleObject
GetWindowsDirectoryW
GetPrivateProfileIntW
Sleep
DeleteFileW
FreeLibrary
SetEvent
ReadFile
CreateEventW
CreateThread
GetModuleHandleW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
WriteFile
SetFilePointer
GetFileSize
MoveFileW
lstrlenW
lstrlenA
GetTempPathW
GetTempFileNameW
MoveFileExW
CreateProcessW
GetExitCodeProcess
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetStdHandle
RtlUnwind
InterlockedIncrement

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
CopySid
GetSidSubAuthority
InitializeSid
GetAce
GetSidLengthRequired
GetAclInformation
AddAce
InitializeAcl
IsValidSid
SetNamedSecurityInfoW
GetLengthSid
GetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
GetErrorInfo
VariantInit
VariantChangeType
VariantClear
SysAllocString

shlwapi

SHDeleteValueW
PathAppendA
SHEnumValueW
SHEnumKeyExW
PathFindFileNameW
PathAppendW
PathFileExistsW
SHGetValueW
StrCmpNW
StrCmpNIW
StrRChrW
SHSetValueW
PathRemoveFileSpecW
PathFileExistsA
PathStripToRootW
PathGetDriveNumberW
PathIsDirectoryW

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCrackUrlW
InternetQueryOptionW
InternetReadFileExA
HttpEndRequestW
HttpSendRequestExW
InternetReadFile
InternetSetStatusCallbackW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

UnregisterClassA

Exports

Exports

CreateObject
CreateObjectEx
CreateRepairVul
CreateSoftVulFix
CreateUpdateHelper
CreateVulFix
CreateVulFixed
ExpressScanLeak

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/kszz.exe
.exe windows:4 windows x86 arch:x86

3a05624cb98dc96a0241406dfd08e363

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:6a:6d:2c:a9:87:39:12:7a:1a:02:d1:67:13:b1:03:6c:42:6b:77
Signer

Actual PE Digest

90:6a:6d:2c:a9:87:39:12:7a:1a:02:d1:67:13:b1:03:6c:42:6b:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\kszz.pdb

Imports

kernel32

CreateFileA
CreateThread
InterlockedCompareExchange
SystemTimeToFileTime
GetLocalTime
GetVolumeInformationW
InterlockedExchange
GetLogicalDriveStringsW
GetSystemDirectoryW
GetTickCount
CreateDirectoryW
WaitForSingleObject
CreateProcessW
SetFilePointer
CopyFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GlobalAddAtomW
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetFileInformationByHandle
GetStringTypeW
GetStringTypeA
TlsFree
GetFileTime
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
HeapCreate
GetCPInfo
SetFileTime
LCMapStringA
RtlUnwind
GetConsoleMode
GetConsoleCP
VirtualQuery
GetModuleHandleA
VirtualProtect
ResumeThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetLocaleInfoA
GetACP
SetWaitableTimer
CreateWaitableTimerW
MoveFileExW
LocalAlloc
GetTempFileNameW
GetThreadLocale
GetStdHandle
LocalFileTimeToFileTime
GetCurrentThread
LocalFree
GetLongPathNameW
GetDriveTypeW
OpenProcess
GetPrivateProfileSectionW
WritePrivateProfileSectionW
lstrcmpW
MulDiv
GetDiskFreeSpaceExW
GetCurrentDirectoryW
FlushFileBuffers
GetExitCodeProcess
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
CompareFileTime
UnmapViewOfFile
MapViewOfFileEx
FreeLibrary
CreateFileMappingW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
SetCurrentDirectoryW
GetSystemTime
SetEndOfFile
GlobalFindAtomW
ReleaseMutex
CreateMutexW
WaitForMultipleObjects
SetThreadPriority
MoveFileW
GetExitCodeThread
SetThreadLocale
GetEnvironmentVariableW
GetComputerNameW
GlobalMemoryStatusEx
GetSystemInfo
GetSystemDefaultUILanguage
GetSystemTimeAsFileTime
GetFileSizeEx
TerminateProcess
GetStartupInfoW
GetWindowsDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
RemoveDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateEventW
DeleteFileW
SetEvent
ResetEvent
GetFileAttributesExW
SetFileAttributesW
WriteFile
LCMapStringW
FileTimeToSystemTime
ExitProcess
TlsSetValue
GetPrivateProfileSectionNamesW
lstrcmpiW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalGetAtomNameW
TerminateThread
GetFileAttributesW
Sleep
lstrlenA
GlobalDeleteAtom
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSection
GetLastError
GetVersion
GetCurrentProcess
GlobalUnlock
CreateFileW
RaiseException
GetFileSize
GetPrivateProfileIntW
FindResourceExW
ReadFile
GlobalAlloc
LoadResource
GlobalLock
LeaveCriticalSection
LockResource
FreeResource
FlushInstructionCache
SizeofResource
EnterCriticalSection
FindResourceW
SetLastError
GetModuleFileNameW
GetProcAddress
lstrlenW
CloseHandle
WideCharToMultiByte
GetModuleHandleW
GetCurrentThreadId
SetStdHandle

user32

GetWindowThreadProcessId
SendMessageTimeoutW
EnumWindows
EndMenu
GetWindowDC
ValidateRect
GetClassNameW
GetWindowTextW
GetFocus
InvalidateRgn
RedrawWindow
IsChild
CreateAcceleratorTableW
EnumDisplaySettingsW
EnumChildWindows
BeginPaint
PostThreadMessageW
ClientToScreen
DestroyIcon
DrawFrameControl
UpdateWindow
IsWindow
DestroyWindow
IsWindowEnabled
SetCursor
RegisterWindowMessageW
CallWindowProcW
GetMenu
GetCapture
UnregisterClassA
LoadCursorW
IsWindowVisible
SystemParametersInfoW
DefWindowProcW
LoadImageW
KillTimer
GetDlgCtrlID
AdjustWindowRectEx
SetWindowRgn
PtInRect
SetCapture
GetClientRect
EndPaint
MonitorFromWindow
InflateRect
GetWindowLongW
GetWindowRect
GetMonitorInfoW
SetWindowLongW
SetWindowPos
GetKeyState
UpdateLayeredWindow
ReleaseCapture
LoadIconW
ScrollWindowEx
ChangeDisplaySettingsW
MoveWindow
SetScrollPos
ExitWindowsEx
EnumDisplayDevicesW
GetForegroundWindow
EqualRect
CopyRect
DrawEdge
DrawFocusRect
GetCursorPos
GetSysColor
DestroyAcceleratorTable
FillRect
AttachThreadInput
WaitForInputIdle
GetDesktopWindow
OffsetRect
GetDC
SetTimer
RegisterClassExW
DrawTextW
GetDlgItem
InvalidateRect
LoadBitmapW
SetFocus
SendMessageW
GetClassInfoExW
ReleaseDC
IsRectEmpty
GetParent
ScreenToClient
GetSystemMetrics
GetWindow
MapWindowPoints
GetWindowTextLengthW
wsprintfW
SetRect
PostMessageW
DrawIconEx
CreateWindowExW
ShowWindow
UnregisterHotKey
CloseClipboard
SetClipboardData
RegisterHotKey
EmptyClipboard
OpenClipboard
SetWindowTextW
CharNextW
SetForegroundWindow
IsIconic
SetActiveWindow
EnableWindow
GetActiveWindow
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetScrollInfo
SetScrollInfo

gdi32

CreateSolidBrush
SetViewportOrgEx
TextOutW
DeleteDC
CreateCompatibleBitmap
SetBkMode
BitBlt
RestoreDC
CreateCompatibleDC
RoundRect
CreateDIBSection
LineTo
MoveToEx
GetClipRgn
CreateBitmap
CreateRectRgnIndirect
Pie
StretchBlt
CreatePen
SelectClipRgn
DeleteObject
CreateFontIndirectW
SaveDC
OffsetRgn
SetRectRgn
RectInRegion
GetStockObject
GetObjectW
CombineRgn
GetTextExtentPoint32W
ExtTextOutW
CreateRectRgn
SetBkColor
SetTextColor
Rectangle
GetDeviceCaps
GetPixel
SelectObject
GetTextColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumKeyW
SetThreadToken
RevertToSelf
ImpersonateSelf
OpenThreadToken
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetNamedSecurityInfoW
GetAce
GetNamedSecurityInfoW
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSaveKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
QueryServiceConfigW
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
UnlockServiceDatabase
LockServiceDatabase
QueryServiceLockStatusW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHFileOperationW
ExtractIconExW
ShellExecuteExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetFolderPathW

ole32

IIDFromString
CoSetProxyBlanket
CoInitialize
StringFromGUID2
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
CoCreateGuid
CoTaskMemRealloc
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleLockRunning

oleaut32

DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantClear
VarBstrCmp
SysStringByteLen
SysAllocStringLen
SysStringLen
VariantInit
OleCreateFontIndirect
VarUI4FromStr
SysFreeString

shlwapi

StrFormatByteSizeW
SHGetValueW
SHSetValueW
PathFileExistsW
PathRemoveExtensionW
PathRenameExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
StrStrA
PathAppendW
PathIsUNCW
PathIsRelativeW
StrCmpNIW
StrCpyNW
StrCmpNW
StrChrW
StrRChrW
PathStripToRootW
PathGetDriveNumberW
StrToIntW
StrToIntA

comctl32

ImageList_EndDrag
ImageList_DragMove
ImageList_Add
ImageList_GetIconSize
ImageList_Create
_TrackMouseEvent
ImageList_Destroy
ImageList_DragLeave
ImageList_AddMasked
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_Draw
ImageList_DragEnter
ImageList_DragShowNolock

msimg32

TransparentBlt

gdiplus

GdipSetPageScale
GdiplusStartup
GdipDrawImageRectRectI
GdiplusShutdown
GdipDeleteGraphics
GdipFree
GdipCreateFromHDC
GdipAlloc
GdipCloneImage
GdipGetImageWidth
GdipResetWorldTransform
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipLoadImageFromStream
GdipSetSmoothingMode
GdipGetImageHeight
GdipReleaseDC
GdipCreateBitmapFromHICON
GdipLoadImageFromFile
GdipDisposeImage
GdipSetPageUnit

userenv

UnloadUserProfile

wininet

HttpSendRequestExW
InternetSetStatusCallbackW
InternetQueryOptionW
InternetQueryDataAvailable
InternetOpenUrlW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
HttpEndRequestW
HttpQueryInfoW
InternetReadFileExA

psapi

GetModuleFileNameExW

d3d8

Direct3DCreate8

crypt32

CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertOpenStore
CertEnumSystemStore
CertCloseStore

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
CM_Disconnect_Machine
CM_Locate_DevNode_ExW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList
CM_Get_DevNode_Registry_Property_ExW
CM_Connect_MachineW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

rpcrt4

UuidFromStringA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

mpr

WNetGetResourceInformationW

msi

ord70
ord45

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zhuangji/kszzprep.exe
.exe windows:4 windows x86 arch:x86

f136839f633ca9e18f6226a1caaa6eae

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:21:d8:a4:d8:1f:2d:e3:c2:3a:9a:a1:04:16:99:ca:e6:5f:cb:28
Signer

Actual PE Digest

98:21:d8:a4:d8:1f:2d:e3:c2:3a:9a:a1:04:16:99:ca:e6:5f:cb:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\kszzprep.pdb

Imports

kernel32

LockResource
SizeofResource
FindResourceExW
CreateProcessW
WaitForSingleObject
GetModuleFileNameW
Sleep
InterlockedExchange
GetStartupInfoW
CreateDirectoryW
CreateThread
GetCurrentProcess
InterlockedCompareExchange
GetPrivateProfileStringW
GetDateFormatW
GetNumberFormatW
GetVersionExW
GlobalMemoryStatus
GetLocaleInfoW
GetWindowsDirectoryW
GetModuleHandleW
GetComputerNameW
GetSystemDirectoryW
GetTickCount
GetTimeZoneInformation
GetTimeFormatW
GetSystemInfo
InterlockedDecrement
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
CloseHandle
GetLastError
LoadResource
WideCharToMultiByte
WriteFile
MultiByteToWideChar
CreateFileW
SetFilePointer
LoadLibraryA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FindResourceW
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
GetUserDefaultLCID
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
GetStdHandle
GetModuleFileNameA
IsValidLocale

user32

UnregisterClassA
GetWindowTextW
SendMessageW
LoadStringW
ShowWindow
EnumWindows
IsWindowVisible

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegRestoreKeyW
RegCloseKey
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
SysAllocString

shlwapi

StrToIntW
ord487
PathFileExistsW
PathIsDirectoryW

iphlpapi

GetAdaptersAddresses

ws2_32

WSAAddressToStringW

netapi32

NetGetJoinInformation
NetApiBufferFree

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zhuangji/kzbinstaller.exe
.exe windows:4 windows x86 arch:x86

49237dc9d0035382134edf09aa658df4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:9d:dd:45:42:97:12:62:9e:da:53:9f:ab:23:c1:03:77:09:fd:cd
Signer

Actual PE Digest

7e:9d:dd:45:42:97:12:62:9e:da:53:9f:ab:23:c1:03:77:09:fd:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\kzbinstaller.pdb

Imports

kernel32

CloseHandle
SetEvent
UnmapViewOfFile
GetCurrentProcess
CreateFileW
FlushInstructionCache
RaiseException
WaitForSingleObject
FreeLibrary
LoadLibraryW
WriteFile
GetModuleFileNameW
GetProcAddress
TerminateThread
SetLastError
GetPrivateProfileSectionNamesW
FindResourceW
GetSystemDirectoryW
lstrlenW
LoadResource
GetPrivateProfileStringW
SizeofResource
CreateProcessW
GetTempPathW
GlobalAddAtomW
GetCurrentThreadId
DeleteFileW
MapViewOfFileEx
GetLastError
LeaveCriticalSection
FindResourceExW
ReadFile
FlushFileBuffers
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileMappingW
LockResource
EnterCriticalSection
CreateEventW
Sleep
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
GetFileType
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStdHandle
GetModuleFileNameA
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount

user32

SystemParametersInfoW
EndDialog
PostMessageW
SetWindowLongW
DialogBoxParamW
GetActiveWindow
SendMessageW
FindWindowW
SetFocus
SetForegroundWindow
UnregisterClassA
IsIconic
ShowWindow
LoadIconW
IsWindowVisible
MapWindowPoints
MessageBoxW
GetDlgItem
GetClientRect
GetWindowRect
GetParent
SetWindowPos
GetWindowLongW
GetWindow

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

shlwapi

PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zhuangji/mksys/Jsonreg.dll
.dll windows:5 windows x86 arch:x86

8eaefb50351bdecab3ee86368a318c06

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:50:ab:44:5e:13:6c:0a:8a:98:01:ce:28:16:4e:b9:74:53:ab:b4
Signer

Actual PE Digest

1a:50:ab:44:5e:13:6c:0a:8a:98:01:ce:28:16:4e:b9:74:53:ab:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\kszz\product\win32\Jsonreg.pdb

Imports

ntdll

RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
sprintf
vsprintf
_vsnprintf
NtClose
RtlInitUnicodeString
RtlCreateHeap
NtWriteFile
RtlDestroyHeap
NtSetInformationFile
NtQueryInformationFile
NtCreateFile
memset
memcpy

Exports

Exports

AddValueToJson
Clear
Native_Init
Native_Uninit
ToFile

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/mksys/kbootgdi.sys
.sys windows:5 windows x86 arch:x86

9a39f8c7a89cc2a10b04c8608775cb42

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:7e:70:48:75:4d:d7:51:26:0a:49:d6:34:ed:1c:84:e7:06:83:7f
Signer

Actual PE Digest

d5:7e:70:48:75:4d:d7:51:26:0a:49:d6:34:ed:1c:84:e7:06:83:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
RtlInitUnicodeString
IoDeleteSymbolicLink
IofCompleteRequest
ExFreePoolWithTag
ZwClose
wcsstr
RtlUpcaseUnicodeString
memcpy
IoCreateSymbolicLink
ExAllocatePoolWithTag
ZwQueryValueKey
ZwOpenKey
ZwSetValueKey
ZwQueryFullAttributesFile
NtCreateFile
NtClose
NtSetInformationFile
wcscpy
memset
IoDeleteDevice

bootvid

VidDisplayStringXY

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/mksys/kfilemgr.exe
.sys windows:5 windows x86 arch:x86

15c9d118a8f192826274a13534da38df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:f2:f9:a6:cf:1a:95:da:dd:07:05:35:6e:c0:bd:43:0f:09:89:56
Signer

Actual PE Digest

be:f2:f9:a6:cf:1a:95:da:dd:07:05:35:6e:c0:bd:43:0f:09:89:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtClose
_wtoi
memset
wcscat
wcscpy
RtlAllocateHeap
RtlFreeHeap
wcsncat
_wcsicmp
wcslen
strlen
RtlGetVersion
NtLoadDriver
RtlInitUnicodeString
NtDeviceIoControlFile
strcpy
RtlFreeUnicodeString
NtDisplayString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
NtTerminateProcess
RtlCreateHeap
RtlDestroyHeap
NtSetInformationFile
NtQueryInformationFile
NtWriteFile
NtReadFile
NtShutdownSystem
NtAdjustPrivilegesToken
NtOpenProcessToken
NtCreateFile
NtQueryFullAttributesFile
memcpy
wcscmp
NtQueryDirectoryFile
_snwprintf

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/mksys/kregmgr.dat
.exe windows:5 windows x86 arch:x86

f9c46842757ebac74cdea2bd1885378d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:fd:dc:8c:28:f5:b6:22:17:7d:17:76:c7:9b:ab:60:48:c6:46:8b
Signer

Actual PE Digest

2a:fd:dc:8c:28:f5:b6:22:17:7d:17:76:c7:9b:ab:60:48:c6:46:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
strncmp
strchr
isspace
_vsnprintf
vsprintf
sscanf
RtlReAllocateHeap
NtReadFile
NtQueryFullAttributesFile
NtCreateFile
wcsrchr
NtQueryInformationFile
NtCreateKey
NtSetInformationFile
RtlInitAnsiString
RtlDestroyHeap
NtWriteFile
RtlCreateHeap
RtlAnsiStringToUnicodeString
NtSetValueKey
RtlAllocateHeap
NtClose
RtlFreeUnicodeString
NtQueryDirectoryFile
wcsncat
RtlInitUnicodeString
RtlFreeHeap
_strnicmp
_wcsicmp
_stricmp
wcsstr
_wcsnicmp
wcschr

kernel32

CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
InitializeCriticalSection
OpenEventA
SetEvent
FlushFileBuffers
GetProcessHeap
CreateFileA
lstrlenA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetModuleHandleA
GetConsoleMode
GetConsoleCP
RaiseException
LoadLibraryA
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
VirtualAlloc
SetFilePointer
FindResourceExW
FindResourceW
LoadResource
WriteFile
GetSystemDirectoryW
WideCharToMultiByte
SizeofResource
GetFileAttributesW
ReadFile
CreateFileW
LockResource
CloseHandle
SetFileAttributesW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
HeapReAlloc
HeapSize
HeapAlloc
GetModuleFileNameW
GetCommandLineA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapValidate
IsBadReadPtr
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
GetProcAddress
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetLastError
GetCurrentThread
LCMapStringW
DebugBreak
GetStdHandle
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
Sleep
ExitProcess
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
InitializeCriticalSectionAndSpinCount

advapi32

OpenThreadToken
RevertToSelf
SetThreadToken

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/mksys/kssetup.exe
.exe windows:5 windows x86 arch:x86

c94d312ba80134e4baf262adc9259154

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

af:90:53:41:be:ca:e9:c3:dc:39:e8:b8:00:fe:3b:12:f1:5d:1a:c9
Signer

Actual PE Digest

af:90:53:41:be:ca:e9:c3:dc:39:e8:b8:00:fe:3b:12:f1:5d:1a:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\kszz\product\win32\kssetup.pdb

Imports

kernel32

GetFileSize
ReadFile
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
lstrcmpiA
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
WideCharToMultiByte
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileW
SetStdHandle
CreateFileA
GetModuleHandleA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetWindowsDirectoryW
GetFileAttributesW
GetSystemDirectoryW
GetCommandLineW
DeleteFileW
GetLastError
SetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
CloseHandle
WaitForSingleObject
CreateProcessW
FlushFileBuffers
lstrlenW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
SetFilePointer
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetStartupInfoW
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile

user32

SendMessageW
SetParent
FindWindowW
LoadBitmapW
GetDC
SetTimer
PostQuitMessage
KillTimer
EndPaint
ReleaseDC
DefWindowProcW
DestroyWindow
EnableWindow
UpdateWindow
ShowWindow
GetSystemMetrics
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
LoadStringW
BeginPaint

gdi32

StretchBlt
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW

shlwapi

PathFileExistsW
PathAppendW

netapi32

NetLocalGroupAddMembers
NetUserAdd

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zhuangji/mksys/mksys.dll
.dll windows:5 windows x86 arch:x86

a9c69d294a8ce3acf84c93e453a51284

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:2b:c9:46:bb:19:56:40:c1:95:3d:1c:0a:db:36:72:bc:8f:86:87
Signer

Actual PE Digest

ba:2b:c9:46:bb:19:56:40:c1:95:3d:1c:0a:db:36:72:bc:8f:86:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\kszz\product\win32\mksys.pdb

Imports

kernel32

CreateFileW
GetFileSize
ReadFile
SetFilePointer
SetEndOfFile
WriteFile
lstrlenA
LocalAlloc
FlushFileBuffers
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetVersionExW
GetModuleHandleW
FreeResource
GetSystemDefaultUILanguage
Sleep
HeapFree
SystemTimeToFileTime
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
UnmapViewOfFile
GetTickCount
GetLocalTime
GetFileInformationByHandle
lstrcmpiA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RemoveDirectoryW
FileTimeToLocalFileTime
GetFileTime
MoveFileW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
MultiByteToWideChar
lstrcpynW
SetLastError
GetBinaryTypeW
LocalFree
GetModuleFileNameA
FileTimeToSystemTime
GetCurrentProcess
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetLastError
WideCharToMultiByte
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
GetTempPathW
GetFileAttributesW
CopyFileW
HeapAlloc
SetFileAttributesW
GetModuleFileNameW
GetComputerNameExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDirectoryW
WaitForSingleObject
DeleteFileW
CloseHandle
CreateThread
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeA
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
VirtualFree
HeapCreate
CreateFileA
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetStringTypeW
LCMapStringW
GetProcessHeap
ResetEvent
SetEvent
CreateEventW
DeleteCriticalSection
LCMapStringA
RtlUnwind
ExitThread
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetCPInfo
VirtualAlloc
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
GetPrivateProfileIntW
WaitForMultipleObjects
MoveFileExW
GetDiskFreeSpaceExW
CreateWaitableTimerW
SetWaitableTimer
InterlockedCompareExchange
InterlockedExchange
GetLocaleInfoA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

GetDesktopWindow
wsprintfW
ExitWindowsEx

advapi32

InitializeSid
GetSidSubAuthority
InitializeAcl
AddAce
SetNamedSecurityInfoW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
OpenProcessToken
RegOpenKeyW
RegQueryValueExA
RegOpenKeyA
GetAclInformation
GetAce
IsValidSid
CopySid
LookupPrivilegeValueW
GetNamedSecurityInfoW
AdjustTokenPrivileges
GetLengthSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
GetSidLengthRequired

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

shlwapi

StrStrIA
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
SHEnumKeyExW
StrStrIW
StrCmpIW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathStripPathW
StrCmpNIW
SHGetValueW
StrCmpNW
StrRChrW
PathIsDirectoryW
PathGetDriveNumberW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

imagehlp

MapFileAndCheckSumW

setupapi

SetupOpenInfFileW
SetupGetLineTextW
SetupGetTargetPathW
SetupFindFirstLineW
SetupGetStringFieldW
SetupGetFieldCount
SetupFindNextMatchLineW
SetupCloseInfFile
SetupSetDirectoryIdW

wininet

InternetCrackUrlW
HttpSendRequestExW
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetSetOptionW
InternetConnectW
HttpQueryInfoW
HttpOpenRequestW
InternetOpenW
HttpEndRequestW
InternetQueryOptionW

Exports

Exports

CreateObject

Sections

.text
Size: 582KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/mksys/mksyscfg.dat
Zhuangji/mksys/sysfree.dat
.exe windows:5 windows x86 arch:x86

93634b3ee3deefe1de886ec4e59d6b0b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8f:a6:75:a0:4c:b1:ed:44:c3:d2:72:73:f1:0e:15:5d:9f:9e:71:b7
Signer

Actual PE Digest

8f:a6:75:a0:4c:b1:ed:44:c3:d2:72:73:f1:0e:15:5d:9f:9e:71:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\kszz\product\win32\sysfree.pdb

Imports

kernel32

RemoveDirectoryW
SizeofResource
LockResource
MoveFileW
FindResourceW
FindResourceExW
CloseHandle
ReadFile
GetFileSize
CreateFileW
CreateDirectoryW
LoadResource
lstrcpynW
LCMapStringW
LCMapStringA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetLastError
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
Sleep
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
GetLocaleInfoA
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

shlwapi

StrStrIW
PathFileExistsW
PathIsDirectoryW
PathAppendW

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/scriptgroup.xml
.xml
Zhuangji/sqlite3.dll
.dll windows:4 windows x86 arch:x86

f374cefaf6cc24a19345fa2d7aad4b05

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:41:0e:34:9e:92:0c:54:2c:e0:cc:43:54:2e:0b:b2:e1:af:d9:b0
Signer

Actual PE Digest

21:41:0e:34:9e:92:0c:54:2c:e0:cc:43:54:2e:0b:b2:e1:af:d9:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
CloseHandle
ReadFile
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
LockFileEx
GetVersionExA
CreateFileA
CreateFileW
GetTempPathA
GetTempPathW
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryA
LoadLibraryW
FormatMessageA
LocalFree
FormatMessageW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/uplive.dll
.dll windows:4 windows x86 arch:x86

e709902e716587bd0eb17302f13b0283

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:c6:5f:7b:11:bf:f4:43:57:03:a7:46:81:1b:0c:83:a9:6d:93:e2
Signer

Actual PE Digest

b4:c6:5f:7b:11:bf:f4:43:57:03:a7:46:81:1b:0c:83:a9:6d:93:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workspace\daily_build\kszz\v1.0_beta2_r3\bin\release\uplive.pdb

Imports

kernel32

SetFilePointer
GetProcAddress
FreeLibrary
LoadLibraryW
GetFileAttributesW
WaitForSingleObject
Sleep
ResumeThread
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
CreateDirectoryW
GetPrivateProfileStringW
GetFileAttributesExW
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
SetLastError
GetVersionExW
SetFileAttributesW
LocalFree
InitializeCriticalSection
SetEndOfFile
MoveFileExW
CopyFileW
MoveFileW
DeleteFileW
WriteFile
DeleteCriticalSection
GetLastError
GetPrivateProfileIntW
GetSystemDirectoryW
GetModuleFileNameW
ReadFile
FindResourceExW
GetFileSize
LoadResource
LockResource
SizeofResource
CloseHandle
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
FindResourceW
EnterCriticalSection
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
lstrlenW
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
TlsFree
GetCurrentProcess
RaiseException
FindClose
FindFirstFileW
GetThreadLocale
GetWindowsDirectoryW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
ExitProcess
HeapCreate
VirtualFree
VirtualAlloc
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue

advapi32

IsValidSid
GetLengthSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetAce
GetAclInformation
AddAce
InitializeAcl
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFindFileNameW
SHGetValueW
SHSetValueW
StrToIntW
StrCmpNW
StrRChrW
StrCmpNIW
PathAppendW
PathStripToRootW
PathFileExistsW

wininet

HttpAddRequestHeadersW
InternetCrackUrlW
InternetReadFile
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
InternetSetOptionW
InternetOpenW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

UnregisterClassA

Exports

Exports

CreateObject

Sections

.text
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zhuangji/zlib1.dll
.dll windows:4 windows x86 arch:x86

007c3e6d617b75c529b6eb2742337a72

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:e0:c8:08:37:ab:ff:ed:3d:eb:a9:2d:93:46:61:79:a0:b3:e7:da
Signer

Actual PE Digest

79:e0:c8:08:37:ab:ff:ed:3d:eb:a9:2d:93:46:61:79:a0:b3:e7:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ReadFile
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
CloseHandle
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
FlushFileBuffers
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
GetModuleFileNameA
Sleep
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
LoadLibraryA
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
SetEndOfFile

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9b614ded403577bde60a663d4547144

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

0bbb04de18f86a2d1ac8d1d580c5be48

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4Certificate

Extended Key Usages

Key Usages

b5:3c:25:6a:47:ff:f8:34:a3:0f:d0:7e:68:b8:45:4a:55:63:bd:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

ntdll

shell32

setupapi

wintrust

ole32

oleaut32

comctl32

comdlg32

crypt32

version

Sections

.text Size: 391KB - Virtual size: 390KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 348KB - Virtual size: 352KB

.reloc Size: 23KB - Virtual size: 22KB

4584aed10fdc1d558a53d7cc2371df14

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4Certificate

Extended Key Usages

Key Usages

89:33:8d:36:ef:11:03:b8:62:ee:1a:e6:a7:80:0b:58:5e:c0:9f:caSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

b5:3c:25:6a:47:ff:f8:34:a3:0f:d0:7e:68:b8:45:4a:55:63:bd:08
Signer

.text
Size: 391KB - Virtual size: 390KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 348KB - Virtual size: 352KB

.reloc
Size: 23KB - Virtual size: 22KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

89:33:8d:36:ef:11:03:b8:62:ee:1a:e6:a7:80:0b:58:5e:c0:9f:ca
Signer

.text
Size: 517KB - Virtual size: 516KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 348KB - Virtual size: 352KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 316KB - Virtual size: 313KB

.data
Size: 76KB - Virtual size: 91KB

.rsrc
Size: 4KB - Virtual size: 916B

.reloc
Size: 76KB - Virtual size: 73KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

01:00:00:00:00:01:22:84:03:47:5b
Certificate

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

0e:1d:ea:ef:2f:4c:00:13:f9:61:b8:ad:56:73:f2:2b:1e:e8:90:75
Signer

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 329KB - Virtual size: 332KB

.rsrc
Size: 3KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate