FoxmailSetup_7[.]2[.]25[.]306[.]exe

Resubmissions

02/09/2024, 19:58

240902-yp65kaxcjh 6

02/09/2024, 19:50

240902-ykbg4awbrq 6

Sharing

Copy URL Twitter E-mail

General

Target

FoxmailSetup_7.2.25.306.exe
Size

121.1MB
MD5

3b35027c36cbb658249aebc2e78827b1
SHA1

f8284c9d051120e369ee533b9d28b13b5b27a998
SHA256

4f4498590e33731e790ec9e9c667cb49727047e28a158f72e4495dfcf9a4b770
SHA512

0bdc840b57ee4286ced3cd427be3ab5ceaea4f278160d5c74e432585c0acc1d4590d0740accf71576da8fa13053e1e4300fc273e0ad6032c13478c17435ae2a1
SSDEEP

3145728:l/cbcWW53JZJ4TXX5sf7S6lYyu6Fg4mEwxG1h4T+oZ5dxny:lPZwuS9TTG1hfou

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/QQDownHelper.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

FoxmailSetup_7.2.25.306.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/10/2022, 00:00

Not After

17/10/2025, 23:59

Subject

CN=Tencent Technology (Shenzhen) Company Limited,O=Tencent Technology (Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:41:b1:ec:36:29:4e:32:58:cd:5b:02:4b:e2:e0:71:48:47:86:83:59:33:eb:17:bd:9a:97:30:48:42:c3:73
Signer

Actual PE Digest

de:41:b1:ec:36:29:4e:32:58:cd:5b:02:4b:e2:e0:71:48:47:86:83:59:33:eb:17:bd:9a:97:30:48:42:c3:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FoxPlugin.dll
.dll windows:4 windows x86 arch:x86

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:5b:37:00:4a:99:81:7c:fd:1b:b7:c1:cb:ff:10:d7:35:72:7f:f2:19:67:a1:5f:cb:d8:6a:2d:d1:02:51:83
Signer

Actual PE Digest

f2:5b:37:00:4a:99:81:7c:fd:1b:b7:c1:cb:ff:10:d7:35:72:7f:f2:19:67:a1:5f:cb:d8:6a:2d:d1:02:51:83

Digest Algorithm

sha256

PE Digest Matches

true

2a:28:14:c5:ab:7c:d9:76:dd:11:fc:e3:22:92:11:79:08:c0:0a:3c
Signer

Actual PE Digest

2a:28:14:c5:ab:7c:d9:76:dd:11:fc:e3:22:92:11:79:08:c0:0a:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddEveryoneACL
CloseFoxmail
CloseFoxmailExt
ExtractFilePath
FindFoxmailInstance
FindFoxmailInstanceByName
FixDataError
FoxExec
FoxRegDll
GetExeFileVersion
GetFoxDefInstPath
GetOSLang
GetProductVersion
GetSystemDrive
GetUserDataPath
GetVersion
IsOldFoxmailPath
IsSystemPath
IsSystemVista
RemoveErrorAddrData
StrPos

Sections

CODE
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FoxmailFinish_CH.ini
$PLUGINSDIR/FoxmailFinish_EN.ini
$PLUGINSDIR/FoxmailFinish_TC.ini
$PLUGINSDIR/InstallHelper.dll
.dll windows:6 windows x86 arch:x86

e9fbea7ccf193cc06cc4749a7c0b4596

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:70:19:1f:de:6a:39:15:36:be:97:83:3a:e8:40:9c:1a:79:2a:18:fe:04:0e:59:71:cd:0f:69:ac:61:f7:d5
Signer

Actual PE Digest

bd:70:19:1f:de:6a:39:15:36:be:97:83:3a:e8:40:9c:1a:79:2a:18:fe:04:0e:59:71:cd:0f:69:ac:61:f7:d5

Digest Algorithm

sha256

PE Digest Matches

true

8a:29:f7:1a:36:74:22:e5:9f:bd:e3:eb:3c:f0:a5:cb:c0:9d:8b:e1
Signer

Actual PE Digest

8a:29:f7:1a:36:74:22:e5:9f:bd:e3:eb:3c:f0:a5:cb:c0:9d:8b:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Foxmail\rdm_Package\FoxmailSetupSource\InstallHelper\Release\InstallHelper.pdb

Imports

psapi

GetModuleBaseNameW

kernel32

K32EnumProcessModules
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
GetSystemDirectoryW
GlobalAlloc
WriteFile
GetModuleHandleExW
CreateNamedPipeW
InitializeCriticalSection
GetCurrentThreadId
UnmapViewOfFile
DisconnectNamedPipe
OutputDebugStringW
GetLocalTime
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
ConnectNamedPipe
ReadFile
IsBadWritePtr
GetStdHandle
CreatePipe
CreateProcessW
IsBadReadPtr
GetLogicalDriveStringsW
lstrcmpiW
lstrcmpW
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetCPInfo
FreeLibrary
LocalFree
FindResourceW
LoadResource
FindResourceExW
WriteConsoleW
SetEndOfFile
ReadConsoleW
SetStdHandle
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetModuleFileNameW
ExitProcess
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetStringTypeW
LCMapStringEx
EncodePointer
IsDebuggerPresent
GlobalFree
Process32FirstW
LockResource
Process32NextW
CreateToolhelp32Snapshot
InitializeCriticalSectionEx
K32GetModuleFileNameExW
WaitForMultipleObjects
TerminateProcess
GetLongPathNameW
SizeofResource
MultiByteToWideChar
CreateFileW
DeviceIoControl
ConvertThreadToFiber
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
CreateThread
CloseHandle
TerminateThread
SetEvent
CreateEventW
OpenProcess
lstrcpyW
DuplicateHandle
GetVersionExW
WaitForSingleObject
DeleteFiber
GetCurrentProcess
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree

user32

GetParent
DialogBoxParamW
FillRect
GetDesktopWindow
GetDlgItem
GetClientRect
BringWindowToTop
MapWindowPoints
GetMonitorInfoW
IsWindow
GetShellWindow
SetWindowTextW
EndDialog
SendMessageW
MonitorFromWindow
SetWindowPos
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
wsprintfW
SetFocus
MoveWindow
DestroyWindow
PostMessageW
PostThreadMessageW
InvalidateRect
SetWindowLongW
TrackMouseEvent
ShowWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
EnableWindow
GetFocus
SetWindowRgn
CallNextHookEx
GetSystemMetrics
UnhookWindowsHookEx
LoadCursorW
EnumThreadWindows
SetWindowsHookExW
IsZoomed
GetAncestor
DrawTextW
UpdateLayeredWindow
GetDC
IsWindowVisible
MessageBoxW
ScreenToClient
SetTimer
ClientToScreen
GetDlgItemTextW
GetClassNameW
GetWindowDC
SetCursor
KillTimer
SetScrollPos
PtInRect
IsIconic
ReleaseDC
BeginPaint
EndPaint
GetWindowTextW

gdi32

TextOutW
Rectangle
ExtSelectClipRgn
SetDCPenColor
SetTextColor
GetTextMetricsW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
GetStockObject
CreateFontW
SetStretchBltMode
SetBkMode
GetStretchBltMode
CreateRoundRectRgn
CreatePatternBrush
CreateRectRgnIndirect

advapi32

RegOpenKeyExA
DuplicateTokenEx
RegCloseKey
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CLSIDFromProgID
OleRun
CoInitializeEx
CoCreateGuid
CoInitialize

oleaut32

GetErrorInfo
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
StrStrIW

msimg32

AlphaBlend

ws2_32

socket
closesocket
WSACleanup
htonl
htons
gethostbyname
WSAStartup
sendto

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipGetImageWidth
GdipCreateFromHDC
GdipDrawImageRectRectI
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipCloneImage
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Exports

Exports

AddRule
CheckClickFastInstall
CheckFileLocked
CheckInstallType
CreateCustomPage
CreateFinishPage
CreateInstallPage
CreateWelcomePage
DestroyWnd
DirVerify
GentlyKillQQMusic
GetCheck
GetFileVersion
GetGUID
GetNetCardID
GetOSVersionStringInfo
GetParentProcessName
InitInstallDir
InitLangName
InitSkin
InitUpdateOrFastInstall
IsQQMusicRunning
KillProcessbyPath
Log
MoveWindowRect
NeedRunAfterInstall
RemoveRule
Report
ReportInstallProgress
RunAppAsUser
SetCheck
SetDirectoryAndCheckDrive
SetDirectoryText
SetFocusWnd
UIUpdateInstallProgress
UnInitSkin

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/QQDownHelper.dll
.dll windows:4 windows x86 arch:x86

4cee3464b08c1e785678cbc153d535f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

ws2_32

htonl
ntohl

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord5731
ord561
ord815
ord858
ord4129
ord2818
ord2764
ord4202
ord6648
ord5683
ord668
ord2781
ord2770
ord939
ord941
ord356
ord4277
ord940
ord535
ord922
ord6663
ord5710
ord6282
ord6283
ord4278
ord1255
ord1253
ord2512
ord2554
ord4486
ord6375
ord4274
ord2740
ord2801
ord1570
ord1197
ord6141
ord5859
ord713
ord414
ord3662
ord5821
ord882
ord879
ord3663
ord6571
ord269
ord826
ord600
ord1871
ord823
ord860
ord540
ord926
ord800
ord537
ord924
ord2915
ord5572
ord825
ord2864
ord326
ord2086
ord1768
ord6215
ord4123
ord2642
ord2446
ord641
ord6467
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord3738
ord1578

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
_stat
_access
time
srand
strcpy
strcat
strcmp
atoi
strstr
sscanf
strncpy
_splitpath
_mbsnbcat
_local_unwind2
_except_handler3
_stricmp
strlen
_mbsicmp
memset
memcpy
_mbscmp
_EH_prolog
__CxxFrameHandler
__dllonexit

kernel32

GetVersionExA
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
CloseHandle
FreeLibrary
lstrlenW
WideCharToMultiByte
lstrlenA
GetLastError
GetTickCount
Sleep
GetEnvironmentVariableA
GlobalFree
lstrcpyA
ProcessIdToSessionId
LocalFree
WritePrivateProfileStringA
GetPrivateProfileStringA
TerminateProcess
WaitForSingleObject
LocalAlloc
GetCurrentProcessId
GetModuleHandleA
FindClose
FindNextFileA
MoveFileExA
FindFirstFileA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
CreateFileA
CopyFileA
MultiByteToWideChar
GetLogicalDriveStringsA
GetDiskFreeSpaceExA

user32

GetDesktopWindow
SetActiveWindow
GetActiveWindow
RedrawWindow
FindWindowA
IsWindow
RegisterWindowMessageA
GetWindowThreadProcessId
PostMessageA
EnumWindows
SendMessageA
wsprintfA
EnableWindow
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowTextA
SendMessageTimeoutA
GetLastActivePopup
IsWindowEnabled

advapi32

RegDeleteValueA
GetUserNameA
LookupAccountNameA
ConvertSidToStringSidA
RegCreateKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CLSIDFromString

oleaut32

SysFreeString
SysAllocString
SysStringLen

shlwapi

wnsprintfA
SHDeleteValueA
SHDeleteKeyA

msvcp60

??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

Exports

Exports

AddBTSetting
CanFileBeDeleted
CloseFoxmailInstance
CloseQQDownUpdateInstance
CopyDir
DefaultCLSIDMinusOne
DeleteDirectoryWithFile
DeleteHKCUKey
DeleteHKCUValue
ExtractFilePath
FindFoxmailInstance
FindProcessInstance
GetAppDataOwnDir
GetFoxDefInstPath
GetParentProcessName
IsDefaultTools
IsSystemVista
KillProcessInstance
MoveDirNoOverwriteUntilReboot
MoveFileDelayUntilReboot
MoveFileNoOverwriteUntilReboot
OpenFirewall
OpenUrlUseDefaultExplore
PostMutualUpdateMsg
QQCopyFile
ReadHKCUDWORD
ReadHKCUString
ReadVersionByFile
RecoverDefaultTools
RemoveFirewall
SetAsDefaultTools
ShowUpdatingInfo
TranferOldSetting
WaitFileBeDeleted
WriteHKCUDWORD
WriteHKCUString

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WPS_CH.ini
$PLUGINSDIR/WPS_EN.ini
$PLUGINSDIR/WPS_TC.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7.2.25.306/Help/OnlineHelp.url
7.2.25.306/Info/MXServerConf.txt
7.2.25.306/Info/Readme.txt
7.2.25.306/Info/ServerConf.txt
7.2.25.306/Languages/Chinese.lgb
7.2.25.306/Languages/Chinese_big5.lgb
7.2.25.306/Languages/English.lgb
7.2.25.306/Plugins/IM/rtx.dll
.dll windows:1 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:5a:ea:6f:02:40:36:33:9c:0c:73:ba:e4:fd:e1:8a:91:1a:50:91
Signer

Actual PE Digest

17:5a:ea:6f:02:40:36:33:9c:0c:73:ba:e4:fd:e1:8a:91:1a:50:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

BeginGetUserStatusIcon
DoAction
EndGetUserStatusIcon
FreeUserInfo
GetActionCount
GetActionName
GetOneUserStatusIcon
GetServiceName
GetUserInfo
GetUserStatus
GetUserStatusIcon
IsServiceLogin
IsValidUser

Sections

CODE
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7.2.25.306/RSS/RssRecommendation.xsl
.xml
7.2.25.306/RSS/Styles/Images/0087.gif
.gif
7.2.25.306/RSS/Styles/Images/0089.gif
.gif
7.2.25.306/RSS/Styles/Images/comments.gif
.gif
7.2.25.306/RSS/Styles/Images/comments2.gif
.gif
7.2.25.306/RSS/Styles/cell.xsl
7.2.25.306/RSS/Styles/clear.xsl
.xml
7.2.25.306/RSS/Styles/silent.xsl
7.2.25.306/RSS/Styles/watermark.xsl
.xml
7.2.25.306/RSS/class.txt
7.2.25.306/RSS/images/rss.png
.png
7.2.25.306/RSS/images/rssdefault.png
.png
7.2.25.306/RSS/style.css
7.2.25.306/Template/Rss/RSS_Body.html
7.2.25.306/icos/126.com.ico
7.2.25.306/icos/163.com.ico
7.2.25.306/icos/foxmail.com.ico
7.2.25.306/icos/foxmail.ico
7.2.25.306/icos/gmail.com.ico
7.2.25.306/icos/hotmail.com.ico
7.2.25.306/icos/live.cn.ico
7.2.25.306/icos/live.com.ico
7.2.25.306/icos/qq.com.ico
Global/Address/Images/contact.png
.png
Global/CEF/Dictionaries/en-US-8-0.bdic
Global/Stationery/033/bg.jpg
.jpg
Global/Stationery/033/index.htm
.html
Global/Stationery/033/thumb.bmp
Global/Stationery/034/bg.jpg
.jpg
Global/Stationery/034/index.htm
.html
Global/Stationery/034/thumb.bmp
Global/Stationery/035/bg.jpg
.jpg
Global/Stationery/035/index.htm
.html
Global/Stationery/035/thumb.bmp
Global/Stationery/036/bg.jpg
.jpg
Global/Stationery/036/index.htm
.html
Global/Stationery/036/thumb.bmp
Global/Stationery/037/bg.jpg
.jpg
Global/Stationery/037/index.htm
.html
Global/Stationery/037/thumb.bmp
Global/Stationery/038/bg.jpg
.jpg
Global/Stationery/038/index.htm
.html
Global/Stationery/038/thumb.bmp
Global/Stationery/039/bg.jpg
.jpg
Global/Stationery/039/index.htm
.html
Global/Stationery/039/thumb.bmp
Global/Stationery/040/bg.jpg
.jpg
Global/Stationery/040/index.htm
.html
Global/Stationery/040/thumb.bmp
Global/Stationery/1.gif
.gif
Global/Stationery/2.jpg
.jpg
Global/Stationery/3.gif
.gif
Global/Stationery/4.gif
.gif
Global/Stationery/5.jpg
.jpg
Global/Stationery/6.gif
.gif
Global/Stationery/7.gif
.gif
Global/Stationery/8.gif
.gif
Global/Stationery/stationery.xml
Global/Stationery/suo.bmp
Global/favIcons/mail.126.com.ico
Global/favIcons/mail.163.com.ico
Global/favIcons/mail.foxmail.com.ico
Global/favIcons/mail.google.com.ico
Global/favIcons/mail.live.com.ico
Global/favIcons/mail.outlook.com.ico
Global/favIcons/mail.qq.com.ico
Global/favIcons/mail.sina.com.ico
Global/favIcons/qqbizdomain.ico

Resubmissions

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fcCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

de:41:b1:ec:36:29:4e:32:58:cd:5b:02:4b:e2:e0:71:48:47:86:83:59:33:eb:17:bd:9a:97:30:48:42:c3:73Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.2MB

.rsrc Size: 82KB - Virtual size: 82KB

.reloc Size: 4KB - Virtual size: 3KB

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

f2:5b:37:00:4a:99:81:7c:fd:1b:b7:c1:cb:ff:10:d7:35:72:7f:f2:19:67:a1:5f:cb:d8:6a:2d:d1:02:51:83Signer

2a:28:14:c5:ab:7c:d9:76:dd:11:fc:e3:22:92:11:79:08:c0:0a:3cSigner

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 95KB - Virtual size: 94KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.edata Size: 1024B - Virtual size: 578B

.reloc Size: 7KB - Virtual size: 7KB

.rsrc Size: 5KB - Virtual size: 5KB

e9fbea7ccf193cc06cc4749a7c0b4596

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fc
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

de:41:b1:ec:36:29:4e:32:58:cd:5b:02:4b:e2:e0:71:48:47:86:83:59:33:eb:17:bd:9a:97:30:48:42:c3:73
Signer

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.2MB

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 4KB - Virtual size: 3KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

f2:5b:37:00:4a:99:81:7c:fd:1b:b7:c1:cb:ff:10:d7:35:72:7f:f2:19:67:a1:5f:cb:d8:6a:2d:d1:02:51:83
Signer

2a:28:14:c5:ab:7c:d9:76:dd:11:fc:e3:22:92:11:79:08:c0:0a:3c
Signer

CODE
Size: 95KB - Virtual size: 94KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.edata
Size: 1024B - Virtual size: 578B

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 5KB - Virtual size: 5KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

bd:70:19:1f:de:6a:39:15:36:be:97:83:3a:e8:40:9c:1a:79:2a:18:fe:04:0e:59:71:cd:0f:69:ac:61:f7:d5
Signer

8a:29:f7:1a:36:74:22:e5:9f:bd:e3:eb:3c:f0:a5:cb:c0:9d:8b:e1
Signer

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB