cf002368103398d7502c9dfd9dd926d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf002368103398d7502c9dfd9dd926d2_JaffaCakes118
Size

12.8MB
MD5

cf002368103398d7502c9dfd9dd926d2
SHA1

03b170823567baa471ce9594ae63a395957a3e6c
SHA256

0b619123b4dd3c7c634fca1e9a6c3f05854bedaf7d8962d0094c06f58d483b63
SHA512

8dcff4922991af8411cb4475a53e5f53ab01aea0e38bfa181c1ab32b2f4a15994e6afbabc3a9364f0d702d6a980713a4b590440effb98dd54eff04a90befdb1a
SSDEEP

393216:n2ntufzt91iFqWljW8hr1mr1az3KGsOqz428:nUYtu1lDhr1mpamca428

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/迅游2105/libeay32.dll	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/迅游2105/XXXXXX.dll
unpack001/迅游2105/unnstale.exe
unpack001/迅游2105/迅游2015/迅游破解.exe
unpack001/迅游2105/迅游破解.exe

Files

cf002368103398d7502c9dfd9dd926d2_JaffaCakes118
.rar
迅游2105/FlowSta.dll
.dll windows:4 windows x86 arch:x86

df47fdd3a5ee744453677cc31de76afe

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files (x86)\xunyou_2012\FlowSta.pdb

Imports

kernel32

Process32First
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
GetProcAddress
LoadLibraryA
Process32Next
GetModuleFileNameA
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapSize

ws2_32

recvfrom
ntohl
inet_addr
htonl
select
htons
ntohs
setsockopt
sendto
socket
gethostbyname

Exports

Exports

SetUdpDataDestinationInfo
setAccelDestIpAndPort
setAccelInfoModel
setAccelInfoUserName
setAccelInfoUserRealIp
setAccelInfoVpnClientIp
setAccelInfoVpnServerIp
setFormHandle

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/Game_Find.dll
.dll windows:4 windows x86 arch:x86

c9183adccb7c2419934a31acd5f59c25

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouPlatform2012_unicode\game_find\output\Game_Find.pdb

Imports

winmm

timeGetTime

kernel32

InterlockedDecrement
FindFirstFileW
GetLogicalDrives
WaitForSingleObject
GetCurrentThreadId
CloseHandle
InterlockedExchangeAdd
Sleep
FindFirstFileA
GetLastError
SetLastError
ReadFile
CreateFileA
GetModuleFileNameW
WriteFile
FindClose
WideCharToMultiByte
GetModuleFileNameA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
FindNextFileA
SetStdHandle
LoadLibraryA
GetCurrentProcessId
lstrlenW
lstrcmpW
GetDriveTypeW
GetLogicalDriveStringsW
InterlockedIncrement
GetDiskFreeSpaceExW
InterlockedExchange
lstrcpyW
lstrcatW
FindNextFileW
SetEndOfFile
MultiByteToWideChar
SetEnvironmentVariableA
GetTickCount
QueryPerformanceCounter
GetLocaleInfoW
CreateFileW
WriteConsoleW
GetConsoleOutputCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleA
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
HeapSize
InterlockedCompareExchange
GetLocaleInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitThread
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
GetModuleHandleA
ExitProcess
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

user32

PostMessageW
SendMessageTimeoutA
PostMessageA
wsprintfW

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDecrypt
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
CryptDeriveKey

shell32

SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CheckGameId
CheckGamePath
CheckGamePath_Id
GetCount
GetCount_
GetFindIsEnd
GetGameInfo
GetGameInfo_
SearchExePath
SearchExePathStop
StartFind
StartFindManual
StopFind
StopFindManual

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/GamesUpdateInterface.dll
.dll windows:5 windows x86 arch:x86

91a68240c3f1cb422bdef364811088d1

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\XunYouGU\output\GamesUpdateInterface.pdb

Imports

kernel32

InterlockedDecrement
FlushFileBuffers
CloseHandle
lstrlenW
CreateNamedPipeW
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
CreateFileW
ReadFile
WriteFile
GetOverlappedResult
CreateThread
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateProcessW
CreateDirectoryW
OpenProcess
WideCharToMultiByte
Sleep
TerminateProcess
GetModuleFileNameW
MultiByteToWideChar
GetLocalTime
Process32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
GetCurrentProcessId
lstrcpyW
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
RaiseException
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
HeapFree
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetLocaleInfoW
HeapAlloc
SetHandleCount
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapReAlloc
LoadLibraryW
RtlUnwind
SetStdHandle
WriteConsoleW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
GetProcessHeap

user32

wsprintfW
LoadStringW
IsWindow
FindWindowW

Exports

Exports

fnChangeGamePath
fnChangeSkinEx
fnCloseUpdateWindow
fnEnableIdleTimeUpdate
fnEnterSelectNode
fnGetEnableIdleTimeUpdate
fnGetGameUpdateStatus
fnGetUpdateGameNumber
fnGetUpdateProgress
fnIsGameUpdateSupported
fnOpenUpdateWindow
fnPauseUpdate
fnSetAccelateStatus
fnSetAttachedWindow
fnSetCallBack
fnSetCurrentGameId
fnSetMessageWindow
fnStartXunYouGU
fnStartXunYouGUFromUinstall

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/InstallLsp.exe
.exe windows:5 windows x64 arch:x64

d0e346cc74a63f134ec21e3255847920

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\XunYouPlatForm2010_x64\Output\InstallLsp.pdb

Imports

kernel32

GetFullPathNameW
GlobalAlloc
GetSystemDirectoryW
GetSystemDirectoryA
GlobalFree
GetModuleFileNameA
MoveFileExA
Sleep
GetModuleFileNameW
GetLastError
CopyFileA
GetTempFileNameA
MoveFileA
CloseHandle
FlushFileBuffers
CreateFileA
HeapReAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW

user32

wsprintfW

ws2_32

WSCDeinstallProvider
WSCWriteProviderOrder
WSCInstallProvider
WSCEnumProtocols

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/ProTraMon.dll
.dll windows:4 windows x86 arch:x86

b0deaace16e79d5c3d95861bb5ef55d3

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouPlatform2012_unicode\output\ProTraMon.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
DeleteCriticalSection
CreateEventW
CloseHandle
InitializeCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateProcessW
DeleteFileW
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeProcess
OpenProcess
InterlockedIncrement
DebugBreak
OutputDebugStringW
lstrlenA
lstrlenW
InterlockedDecrement
GetLocalTime
GetTickCount
GetLastError
TerminateProcess
FlushFileBuffers
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
ReadFile
WriteFile
GetOverlappedResult
CreateThread
WaitForMultipleObjects
TerminateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
GetVersionExA
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
ExitProcess
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
FreeLibrary
VirtualQuery
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

LoadStringW
CharNextW
UnregisterClassA

shlwapi

PathFileExistsW
StrCmpIW

Exports

Exports

Exit
GamePathChg
GetAccelerateDownReflux
GetAccelerateTotalReflux
GetAccelerateUpReflux
GetAlarmState
GetBackList
GetFirstAccelerateStartTime
GetLastAccelerateExitTime
GetLocalDownReflux
GetLocalTotalReflux
GetLocalUpReflux
GetProcessDownRefluxBetweenTimeById
GetProcessDownRefluxBetweenTimeByName
GetProcessDownRefluxByPId
GetProcessDownRefluxByProcessName
GetProcessExitTimeByPId
GetProcessExitTimeByProcessName
GetProcessStartTimeByPId
GetProcessStartTimeByProcessName
GetProcessTotalTime
GetProcessUpRefluxBetweenTimeById
GetProcessUpRefluxBetweenTimeByName
GetProcessUpRefluxByPId
GetProcessUpRefluxByProcessName
GetReflux
GetSuspensionDlgState
IsShowSuspensionDlgTmp
IsSvcProcessActive
Pause
Resume
SetAccFlux
SetAccNetBreakRate
SetAccNetDelayReduceRate
SetAccNetPacketLossRate
SetAccNetworkCondition
SetAccNetworkDelay
SetAccState
SetAccelerateProcess
SetAlarmState
SetGameInfo
SetSuspensionDlgState
SetUnclearProcessName
ShowBackList
ShowSuspensionDlg
ShowSuspensionDlgEx
ShowSuspensionDlgTmp
ShowTriffic
Start
StopAlarm
XchSkin
XchSkinEx

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/ProTraMonIF.dll
.dll windows:4 windows x86 arch:x86

083c9f79cfae053a2e1090822c683a1f

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouBase\output\ProTraMonIF.pdb

Imports

iphlpapi

GetExtendedUdpTable
GetExtendedTcpTable
GetAdaptersInfo

psapi

GetModuleFileNameExW
EnumProcessModules

ws2_32

inet_addr
socket
htons
setsockopt
bind
ntohs
recv
inet_ntoa
gethostbyname
WSACleanup
gethostname
closesocket
WSAIoctl
WSAGetLastError
WSAStartup

kernel32

CreateFileA
CreateFileW
SetFilePointer
LoadLibraryA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
DebugBreak
InterlockedDecrement
OutputDebugStringW
lstrlenA
InterlockedIncrement
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
OpenProcess
TerminateProcess
GetLastError
GetLocalTime
GetTickCount
CreateThread
LoadLibraryW
GetProcAddress
SetEvent
WideCharToMultiByte
GetExitCodeThread
WriteConsoleA
TerminateThread
CloseHandle
FreeLibrary
CreateEventW
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetCurrentThreadId
MultiByteToWideChar
RaiseException
GetModuleHandleW
SizeofResource
GetPrivateProfileIntW
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
Module32FirstW
Module32NextW
GetExitCodeProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FlushFileBuffers
GetConsoleMode
FreeEnvironmentStringsA
GetConsoleCP
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
GetConsoleOutputCP
WriteConsoleW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualAlloc
SetEndOfFile
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
Sleep
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
VirtualFree
ExitProcess
HeapSize
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapReAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

CharNextW
LoadStringW
UnregisterClassA
DestroyWindow

advapi32

RegQueryInfoKeyW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr

Exports

Exports

PTM_GetClassObjectFunc

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/UIView.dll
.dll windows:4 windows x86 arch:x86

b546959cc40df64895012651107f4c31

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouBase\output\UIView.pdb

Imports

kernel32

GetDriveTypeA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
GetCurrentDirectoryA
GetFullPathNameW
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
SetEndOfFile
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FindClose
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteFile
CreateDirectoryW
FileTimeToSystemTime
GetFileSizeEx
OutputDebugStringW
GetFileAttributesExW
GetTickCount
TryEnterCriticalSection
GlobalUnlock
MulDiv
LoadResource
GetModuleFileNameW
lstrcpynA
GetLastError
lstrlenA
lstrcatW
DeleteCriticalSection
LoadLibraryExW
MultiByteToWideChar
InitializeCriticalSection
lstrcmpW
lstrcpyA
GlobalFree
CreateThread
InterlockedExchange
GlobalLock
GlobalAlloc
FreeLibrary
lstrcpynW
TlsFree
InitializeCriticalSectionAndSpinCount
FindResourceW
TerminateThread
lstrcmpiW
FlushInstructionCache
SizeofResource
GetCurrentProcess
GetModuleHandleW
SetLastError
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrcpyW
CloseHandle
GetCurrentThreadId
lstrlenW
LeaveCriticalSection
EnterCriticalSection
Sleep
ReadFile
CreateFileW
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
InterlockedCompareExchange
SetFilePointer
HeapSize

user32

PtInRect
SendMessageW
DefWindowProcW
IsRectEmpty
MessageBoxW
SetFocus
GetClassInfoExW
GetWindow
DestroyIcon
GetCapture
CreateAcceleratorTableW
CallWindowProcW
EndPaint
GetDlgItem
BeginPaint
SetCapture
SetRect
HideCaret
UpdateWindow
DrawTextW
CopyRect
RegisterClassExW
TrackMouseEvent
GetClientRect
RedrawWindow
DestroyAcceleratorTable
InvalidateRect
GetParent
MoveWindow
CreateWindowExW
GetDC
SetRectEmpty
ReleaseDC
SetWindowPos
GetClassNameW
OffsetRect
DrawIconEx
IsWindow
GetWindowTextLengthW
PostMessageW
GetSysColor
GetWindowTextW
GetScrollInfo
LoadCursorW
LoadImageW
ClientToScreen
SetWindowLongW
SetWindowTextW
LoadIconW
RegisterWindowMessageW
ScreenToClient
DestroyWindow
ReleaseCapture
GetFocus
InflateRect
InvalidateRgn
GetCursorPos
EqualRect
GetWindowRect
GetSystemMetrics
IsZoomed
IntersectRect
MapWindowPoints
wsprintfW
SetCursor
GetDesktopWindow
IsChild
GetWindowLongW
CharNextW
UnregisterClassA
IsIconic
CreateIconFromResourceEx
SystemParametersInfoW
FillRect

gdi32

CreateRectRgnIndirect
CombineRgn
SetBrushOrgEx
EnumFontFamiliesW
GetStretchBltMode
CreateDIBSection
CreateFontIndirectW
SetDIBColorTable
LineTo
SetBkColor
MoveToEx
Pie
GetObjectA
SelectObject
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
TextOutW
SetViewportOrgEx
GetDeviceCaps
GetDIBColorTable
DeleteDC
GetStockObject
StretchBlt
SetBkMode
CreateSolidBrush
CreatePen
SetStretchBltMode
CreateCompatibleDC
SetTextColor
ExtTextOutW
CreateFontW
GetObjectW
DeleteObject

advapi32

CryptCreateHash
RegEnumKeyExW
CryptReleaseContext
CryptAcquireContextW
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
CryptDecrypt
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey

shell32

ExtractIconW
ShellExecuteW

ole32

OleUninitialize
StringFromGUID2
OleInitialize
CoTaskMemFree
CLSIDFromProgID
CoTaskMemAlloc
OleLockRunning
CLSIDFromString
CoTaskMemRealloc
CoCreateGuid
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject

oleaut32

VariantClear
SysAllocString
SysStringByteLen
SysFreeString
VariantInit
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipDisposeImage
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateBitmapFromScan0
GdiplusStartup
GdipDeletePen
GdipGetImageHeight
GdipAlloc
GdipDrawImageRectI
GdipFree
GdipGetImageGraphicsContext
GdipCreateFontFromDC
GdipCreateFromHDC
GdipDeleteBrush
GdipDrawLineI
GdipCloneImage
GdipCreateBitmapFromStream
GdipSetStringFormatFlags
GdipDrawImageI
GdipGetImagePalette
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDeleteGraphics
GdipSetStringFormatLineAlign
GdipGetImagePaletteSize
GdipCreateSolidFill
GdipCreateBitmapFromFile
GdiplusShutdown
GdipFillRectangleI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDeleteFont
GdipDeleteStringFormat
GdipDrawString
GdipCreateFontFromLogfontA
GdipCreatePen1
GdipGetImagePixelFormat
GdipCloneBrush
GdipGetImageWidth
GdipCreateBitmapFromHICON

winmm

timeGetTime

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpReadData

Exports

Exports

uiview_add_skin_resource
uiview_create_control_by_example
uiview_create_icon
uiview_create_window_by_example
uiview_destory_window
uiview_destroy_dialog
uiview_draw_client
uiview_enable_window
uiview_get_background_bitmap_position
uiview_get_check
uiview_get_dialog_style
uiview_get_dlg_item
uiview_get_shadow_width
uiview_get_skin_info
uiview_get_skin_info_count
uiview_get_text_extent_by_index
uiview_get_text_extent_point32
uiview_get_text_height_by_width
uiview_get_window_rect
uiview_get_window_rect_by_index
uiview_get_window_text
uiview_init_dialog
uiview_is_control_visible
uiview_load_xml
uiview_move_window
uiview_move_window_by_index
uiview_play_movie
uiview_process_dialog_message
uiview_select_skin_resource
uiview_set_acc_network_condition
uiview_set_accel_result_movie_info
uiview_set_bitmap_path
uiview_set_bitmap_path_by_index
uiview_set_check
uiview_set_extend_panel_state
uiview_set_logo_file_path
uiview_set_movie
uiview_set_progressbar_percent
uiview_set_progressbar_status
uiview_set_selected
uiview_set_selected_pos
uiview_set_suspension_gamelogo_animation_path
uiview_set_text_color
uiview_set_text_font
uiview_set_tip_text
uiview_set_tip_text_by_index
uiview_set_transprarent_window
uiview_set_window_exstyle
uiview_set_window_text
uiview_show_background_bitmap
uiview_show_check_box
uiview_show_window
uiview_show_window_part_by_index
uiview_update_skin_info

Sections

.text
Size: 536KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/Uninstall.exe
.exe windows:5 windows x86 arch:x86

09e127d897e71ce7dd53c99e08199055

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
LoadLibraryW
CreateThread
GetCurrentProcessId
CopyFileW
GetTempFileNameW
GetTempPathW
WriteFile
CreateFileW
CreateMutexW
CreateFileA
InitializeCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
SetStdHandle
WriteConsoleW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetProcAddress
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
InterlockedExchange
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetFileType
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
EncodePointer
DecodePointer
ExitProcess
VirtualQuery
lstrlenW
lstrcmpW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
OutputDebugStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindResourceW
LoadResource
FreeResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
LCMapStringW
GlobalFree
Sleep
RaiseException
SetLastError
GetCurrentThreadId
DeleteFileW
RemoveDirectoryW
CreateProcessW
WaitForSingleObject
lstrcpyW
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
SetCurrentDirectoryW
GetCurrentProcess
FlushInstructionCache
OpenProcess
TerminateProcess
CloseHandle
GetLastError
LeaveCriticalSection
GetSystemInfo
VirtualProtect
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
EnterCriticalSection
HeapReAlloc
SetEndOfFile

user32

TrackMouseEvent
SetCursor
LoadCursorW
CallWindowProcW
BeginPaint
EndPaint
PostMessageA
DialogBoxParamW
GetParent
PostMessageW
SendMessageW
MoveWindow
GetDlgItem
SetWindowRgn
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetClassInfoExW
GetWindowLongW
DefWindowProcW
UnregisterClassA
SetWindowLongW
CreateWindowExW
MessageBoxW
wsprintfW
GetSystemMetrics
KillTimer
LoadImageW
IsDialogMessageW
CreateDialogParamW
SetTimer
GetWindowTextLengthW
SetWindowTextW
ScreenToClient
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
GetActiveWindow
RegisterClassExW
ReleaseDC
GetDC
EndDialog

gdi32

TextOutW
CreateDIBSection
BitBlt
SetBkColor
ExtTextOutW
CreateFontW
CreateCompatibleBitmap
CreatePolygonRgn
SetBkMode
SetTextColor
GetStockObject
GetObjectW
SetDIBColorTable
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
StretchBlt

advapi32

CryptReleaseContext
CryptDecrypt
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptAcquireContextW

shell32

ShellExecuteA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

psapi

EnumProcessModules
GetModuleFileNameExW

gdiplus

GdipBitmapLockBits
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipFree

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/UninstallLsp.exe
.exe windows:4 windows x86 arch:x86

13ec1bd87fdad60693f2faf512222c8a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\xunyouplatform_new\output\uninstallLsp.pdb

Imports

kernel32

CreateProcessA
CloseHandle
MultiByteToWideChar
WaitForSingleObject
OpenProcess
GetModuleFileNameA
GlobalAlloc
GetLastError
CreateFileA
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
Sleep
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

ws2_32

WSCDeinstallProvider
WSCEnumProtocols

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/VersionCollect.exe
.exe windows:5 windows x86 arch:x86

dd42df50d43de3075cec3f8056bad967

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VersionCollectWin32\Release\VersionStatistics.pdb

Imports

kernel32

SetLastError
GetModuleFileNameA
GetModuleHandleA
WaitForSingleObject
Sleep
CreateEventA
SetThreadPriority
ResumeThread
FlushFileBuffers
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
CloseHandle
DeviceIoControl
LoadLibraryA
GetProcAddress
GetLastError
GetCurrentProcess
SetEvent
CreateFileA
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
LoadLibraryW
HeapReAlloc
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetFileType
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
HeapSize
GetModuleHandleW
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount

user32

PostMessageA
wsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA

ws2_32

WSACleanup
bind
WSAStartup
sendto
WSAGetLastError
htons
socket
closesocket
gethostbyname
ntohs
htonl
recvfrom
inet_addr
inet_ntoa

psapi

GetModuleFileNameExA
EnumProcessModules

winmm

timeGetTime

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/XXXXXX.dll
.dll windows:5 windows x86 arch:x86

4b9208765eadf4fdfdf50736a16b6afd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\破解迅游\Lib\xxxxxx.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
CreateFileA
lstrlenA
WriteFile
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryW
Sleep
GetSystemDirectoryA
MultiByteToWideChar
lstrlenW
GetCurrentDirectoryW
CopyFileA
LoadLibraryA
VirtualProtect
GetCurrentDirectoryA
CloseHandle
InterlockedDecrement
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetProcessHeap
HeapFree
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcess

ole32

CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantClear

msvcr90

??3@YAXPAX@Z
??2@YAPAXI@Z
rand
srand
memcpy_s
wcsncmp
strcat_s
_encode_pointer
_malloc_crt
free
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_encoded_null
malloc
__CxxFrameHandler3
_CxxThrowException
memset

winmm

timeGetTime

shlwapi

StrCatW

Exports

Exports

InitGameWindow
ProcMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/XYCrashReport.exe
.exe windows:4 windows x86 arch:x86

1dd417c3fbd53fbff6d4bd1555074928

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\XunYouBase\output\XYCrashReport.pdb

Imports

kernel32

lstrlenW
WideCharToMultiByte
lstrlenA
GetPrivateProfileStringW
CloseHandle
CreateFileW
MultiByteToWideChar
FindNextFileW
DeleteFileW
ReadFile
GetModuleFileNameW
FindClose
GetFileSize
FindFirstFileW
WaitForSingleObject
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSection
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
Sleep
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
InterlockedExchange
GetThreadLocale

shlwapi

PathFileExistsW
PathRemoveFileSpecW

wininet

InternetOpenW
InternetWriteFile
HttpSendRequestExW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
HttpEndRequestW

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/XYDump.dll
.dll windows:4 windows x86 arch:x86

e611d6a57546523bf9e3a29b0a72313b

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouBase\output\XYDump.pdb

Imports

kernel32

FindClose
FindNextFileW
lstrcpyW
MoveFileExW
SizeofResource
FindFirstFileW
GetSystemDirectoryW
DeleteFileW
GetLastError
FindResourceExW
FindResourceW
lstrcatW
LoadResource
GetModuleFileNameW
FileTimeToSystemTime
ReadFile
CreateFileW
GetLocalTime
GetFileType
CloseHandle
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileSize
SetFilePointer
SetUnhandledExceptionFilter
UnmapViewOfFile
SystemTimeToFileTime
GetCurrentProcess
WriteFile
WideCharToMultiByte
GetSystemInfo
GlobalMemoryStatus
VirtualQuery
IsDebuggerPresent
GetFileTime
CreateProcessW
GetCurrentThreadId
CreateDirectoryW
OutputDebugStringA
FileTimeToLocalFileTime
GetCurrentProcessId
OutputDebugStringW
GetSystemTimeAsFileTime
lstrlenW
RaiseException
GetVersionExW
lstrcpynW
SetEnvironmentVariableA
CompareStringW
CompareStringA
LockResource
FlushFileBuffers
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
GetTimeZoneInformation
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
LoadLibraryA
Sleep
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
RtlUnwind
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

UnregisterClassA
wvsprintfW
wsprintfW

advapi32

GetUserNameW

shell32

ShellExecuteW

dbghelp

MiniDumpWriteDump

shlwapi

PathFileExistsW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

InitXYDump
InitXYDumpEx
RecordExceptionInfo

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/XYQuick.exe
.exe windows:4 windows x86 arch:x86

2c3b63913051044c0e349d59d0fb4125

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\XunYouPlatform2013\output\XYQuick.pdb

Imports

kernel32

LoadResource
FindResourceW
EnumResourceNamesW
LoadLibraryExW
FindClose
FindFirstFileW
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
SetLastError
GetCurrentThreadId
RaiseException
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
CreateThread
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
SetEvent
TerminateProcess
DebugBreak
OutputDebugStringW
OutputDebugStringA
WaitForMultipleObjects
WaitForSingleObject
GlobalFree
GlobalReAlloc
GlobalAlloc
GlobalUnlock
GlobalLock
InterlockedExchange
FreeResource
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
CreateMutexA
lstrcmpA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleMode
LockResource
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
HeapSize
FatalAppExitA
HeapCreate
HeapDestroy
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
VirtualQuery
GetSystemInfo
VirtualProtect
ExitProcess
GetModuleHandleA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MoveFileA
GetSystemTimeAsFileTime
RtlUnwind
InterlockedIncrement
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
SizeofResource
FreeLibrary
SetFilePointer
GetLastError
WriteFile
DeleteFileA
GetModuleFileNameW
GetModuleHandleW
SetEndOfFile
GetProcAddress
GetFileAttributesW
CreateDirectoryW
GetCurrentProcess
SetCurrentDirectoryW
Sleep
CreateProcessW
GetVersion
WideCharToMultiByte
GetPrivateProfileStringW
lstrlenW
DeleteFileW
GetPrivateProfileIntW
lstrcmpiA
MultiByteToWideChar
lstrlenA
CreateFileW
GetFileSize
CloseHandle
ReadFile
GetConsoleCP
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA

user32

MonitorFromRect
GetMonitorInfoW
GetForegroundWindow
GetSystemMetrics
CreateIconIndirect
DrawIconEx
FillRect
GetDC
CreateIconFromResource
GetWindowRect
GetIconInfo
SetFocus
SetWindowPos
SendMessageW
GetWindowThreadProcessId
GetDesktopWindow
GetShellWindow
MoveWindow
ShowWindow
SetParent
PtInRect
CreateDialogParamW
DestroyWindow
SetWindowLongW
ReleaseDC
ScreenToClient
SetTimer
InvalidateRect
IsWindow
BeginPaint
EndPaint
LoadImageW
DestroyIcon
FindWindowW
FindWindowExW
PostMessageW
CreateIconFromResourceEx
RedrawWindow
EnumChildWindows
EnumWindows
GetPropW
FindWindowA
FindWindowExA
LoadStringW
UnregisterClassA
DestroyCursor
EndDialog
DialogBoxIndirectParamW
CreateDialogIndirectParamW
DrawTextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
SendMessageA
GetCursorPos
GetParent
GetWindow
SystemParametersInfoW
MapWindowPoints
SetForegroundWindow
SetWindowTextW
SetPropW
UpdateLayeredWindow
GetClientRect
MessageBoxW
KillTimer
GetWindowLongW
IsWindowVisible
CharNextW

gdi32

GetDIBColorTable
SetDIBColorTable
CreateDIBSection
StretchBlt
BitBlt
SetTextColor
SetBkMode
DeleteObject
GetDIBits
GetObjectW
GetStockObject
CreateBitmap
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
CreateFontW
DeleteDC

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

shlwapi

StrCmpIW
StrCmpNIA
PathRemoveFileSpecA
PathRemoveFileSpecW
StrStrIW
PathFileExistsW

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipGetImageGraphicsContext
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromHICON
GdipAlloc
GdipCloneImage
GdipFree
GdipDisposeImage
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC

ws2_32

WSAStartup
closesocket
socket
inet_addr
htons
sendto
gethostbyname
inet_ntoa

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/XYQuick64.exe
.exe windows:4 windows x64 arch:x64

3a4493b8c5eb92499cc27340630d9235

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\XunYouPlatform2013\output\XYQuick64.pdb

Imports

kernel32

LoadResource
FindResourceW
EnumResourceNamesW
LoadLibraryExW
FindClose
FindFirstFileW
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
SetLastError
GetCurrentThreadId
RaiseException
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
CreateThread
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
SetEvent
TerminateProcess
DebugBreak
OutputDebugStringW
OutputDebugStringA
WaitForMultipleObjects
WaitForSingleObject
GlobalFree
GlobalReAlloc
GlobalAlloc
GlobalUnlock
GlobalLock
FreeResource
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
CreateMutexA
lstrcmpA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
LockResource
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
LoadLibraryA
GetModuleFileNameA
GetStdHandle
HeapSize
HeapCreate
HeapSetInformation
RtlVirtualUnwind
FlsAlloc
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
VirtualQuery
GetSystemInfo
VirtualProtect
ExitProcess
GetModuleHandleA
HeapReAlloc
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlPcToFileHeader
MoveFileA
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
GetThreadLocale
SizeofResource
FreeLibrary
SetFilePointer
GetLastError
WriteFile
DeleteFileA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetFileAttributesW
CreateDirectoryW
GetCurrentProcess
SetEndOfFile
SetCurrentDirectoryW
Sleep
CreateProcessW
GetVersion
WideCharToMultiByte
GetPrivateProfileStringW
lstrlenW
DeleteFileW
GetPrivateProfileIntW
lstrcmpiA
MultiByteToWideChar
lstrlenA
CreateFileW
GetFileSize
CloseHandle
ReadFile
EnumSystemLocalesA
GetLocaleInfoA
GetACP
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
GetVersionExA

user32

GetWindowRect
GetForegroundWindow
GetSystemMetrics
CreateIconIndirect
DrawIconEx
FillRect
GetDC
CreateIconFromResource
CreateIconFromResourceEx
MonitorFromRect
SetFocus
SetWindowPos
SendMessageW
GetWindowThreadProcessId
GetMonitorInfoW
GetShellWindow
MoveWindow
ShowWindow
SetParent
PtInRect
CreateDialogParamW
DestroyWindow
SetWindowLongPtrW
ReleaseDC
ScreenToClient
LoadImageW
DestroyIcon
FindWindowW
SetTimer
InvalidateRect
IsWindow
BeginPaint
EndPaint
CharNextW
FindWindowExW
GetDesktopWindow
PostMessageW
GetIconInfo
EnumChildWindows
EnumWindows
GetPropW
FindWindowA
FindWindowExA
LoadStringW
RedrawWindow
DestroyCursor
EndDialog
DialogBoxIndirectParamW
CreateDialogIndirectParamW
DrawTextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
SendMessageA
GetCursorPos
GetParent
GetWindow
SystemParametersInfoW
MapWindowPoints
SetForegroundWindow
SetWindowTextW
SetPropW
UpdateLayeredWindow
GetClientRect
SetWindowLongW
MessageBoxW
KillTimer
GetWindowLongW
IsWindowVisible
UnregisterClassA

gdi32

GetDIBColorTable
SetDIBColorTable
CreateDIBSection
StretchBlt
BitBlt
SetBkMode
DeleteObject
GetDIBits
DeleteDC
GetObjectW
GetStockObject
CreateBitmap
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
CreateFontW
SetTextColor

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathRemoveFileSpecA
StrCmpIW
StrCmpNIA
StrStrIW

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipGetImageGraphicsContext
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromHICON
GdipAlloc
GdipCloneImage

ws2_32

gethostbyname
sendto
htons
inet_addr
socket
WSAStartup
closesocket
inet_ntoa

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/XYQuickLink.dll
.dll windows:4 windows x86 arch:x86

24e70f0503c6253117f3f9d3821623bd

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouBase\output\XYQuickLink.pdb

Imports

kernel32

GlobalReAlloc
GlobalAlloc
GlobalFree
FlushInstructionCache
FindFirstFileW
FindClose
SetFilePointer
LoadLibraryExW
EnumResourceNamesW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
MulDiv
LoadLibraryW
DeleteCriticalSection
lstrcmpiW
InitializeCriticalSection
lstrcmpW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
FlushFileBuffers
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
GetOEMCP
LeaveCriticalSection
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
MoveFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
EnterCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
GetPrivateProfileStringW
DeleteFileW
lstrcmpiA
GetPrivateProfileIntW
SetEndOfFile
DeleteFileA
ReadFile
CreateProcessW
GetFileSize
WriteFile
CreateFileW
GetModuleFileNameW
GetVersion
Sleep
GetModuleHandleW
SetCurrentDirectoryW
GetProcAddress
GetCurrentProcess
WideCharToMultiByte
lstrlenW
CreateDirectoryW
GetFileAttributesW
CloseHandle
MultiByteToWideChar
GetLastError
lstrlenA
GetCPInfo

user32

FindWindowExW
FindWindowW
DestroyIcon
PostMessageW
LoadImageW
GetWindowRect
SetWindowPos
DialogBoxIndirectParamW
SendMessageW
DestroyCursor
SetPropW
SetWindowTextW
GetCursorPos
MessageBoxW
EndDialog
SetForegroundWindow
SetWindowLongW
GetParent
GetWindow
GetWindowLongW
RegisterClassExW
MoveWindow
DestroyWindow
GetDlgItem
GetClassNameW
DefWindowProcW
CallWindowProcW
SetCapture
ReleaseCapture
IsChild
GetFocus
CreateWindowExW
SetFocus
RegisterWindowMessageW
GetSysColor
BeginPaint
InvalidateRect
CreateAcceleratorTableW
GetWindowTextLengthW
DestroyAcceleratorTable
InvalidateRgn
RedrawWindow
IsWindow
EndPaint
LoadCursorW
GetDesktopWindow
GetWindowTextW
GetActiveWindow
ClientToScreen
ReleaseDC
GetClassInfoExW
ScreenToClient
CharNextW
GetIconInfo
GetDC
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
DrawIconEx
FillRect
MapWindowPoints
GetClientRect
SystemParametersInfoW
UnregisterClassA

gdi32

BitBlt
DeleteObject
DeleteDC
GetDIBits
GetObjectW
CreateCompatibleDC
CreateBitmap
GetStockObject
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
GetDeviceCaps

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW

ole32

OleUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoGetClassObject
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
OleLockRunning

oleaut32

SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
VarUI4FromStr
SysStringLen
OleCreateFontIndirect

shlwapi

PathFileExistsA
PathIsFileSpecW
PathRemoveFileSpecW
StrStrIW
PathFileExistsW

comctl32

InitCommonControlsEx

gdiplus

GdipCloneImage
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHICON
GdipDrawImageRectI

Exports

Exports

CreateLink
CreateLinkDefault
CreateLinkDirectly
CreateLinkEx
CreateLinkNow
ExtraIcoFromPE
ExtraIcoFromPEByWidth
GetIcoIndexByWidth
IsIconDeleted
ModifyCreatedFlag

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/XunYouGU/GameUpdateTask.dll
.dll windows:4 windows x86 arch:x86

68b48f115adeddd626e0c912c2633fbd

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\GameUpdate\output\GameUpdateTask.pdb

Imports

kernel32

GetLastError
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
Sleep
GetModuleFileNameA
GetFileSize
CloseHandle
ReadFile
CreateFileA
GetPrivateProfileStringA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
VirtualAlloc
GetProcAddress
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
DeleteFileA
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetFileAttributesA
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEndOfFile

ws2_32

closesocket
htons
inet_addr
WSAStartup
freeaddrinfo
getnameinfo
getaddrinfo
send
recv
select
connect
ioctlsocket
socket

Exports

Exports

CheckGameIdIsUpdate
GetAllGame
GetDownLoadNeedFileList
GetVersionInfo
Pause
Stop

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/XunYouGU/XunYouGU.exe
.exe windows:5 windows x86 arch:x86

cee39d0ad36c917fb0238a0d5bd30fc2

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\XunYouGU\output\XunYouGU.pdb

Imports

kernel32

WaitNamedPipeW
SetNamedPipeHandleState
EnterCriticalSection
LeaveCriticalSection
lstrcpyW
GetProcAddress
CreateDirectoryW
GetModuleFileNameW
InitializeCriticalSection
WideCharToMultiByte
GetLocalTime
lstrcmpW
WritePrivateProfileStringW
MultiByteToWideChar
SetFilePointerEx
SetLastError
lstrlenA
GetFileSizeEx
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
DeleteCriticalSection
DeleteFileW
SetThreadPriority
SuspendThread
ResumeThread
GetFileSize
FindNextFileW
FindFirstFileW
Sleep
OutputDebugStringW
CopyFileW
GetPrivateProfileStringW
OutputDebugStringA
RaiseException
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
GetCurrentProcess
LoadLibraryW
lstrcatW
FreeLibrary
GlobalFree
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
GetModuleHandleW
InterlockedIncrement
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReleaseMutex
OpenProcess
CreateMutexW
GetDiskFreeSpaceExW
CreateProcessW
TerminateProcess
RemoveDirectoryW
lstrcpynW
WaitForMultipleObjects
CreateFileW
GetConsoleCP
FatalAppExitA
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
GetLocaleInfoW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
ExitProcess
MoveFileW
ExitThread
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
SetFilePointer
GetTimeZoneInformation
HeapSize
SetConsoleCtrlHandler
HeapReAlloc
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
CreateNamedPipeW
WaitForSingleObject
IsValidLocale
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
SetEvent
GetOverlappedResult
FlushFileBuffers
InterlockedDecrement
CreateEventW
CreateThread
DeviceIoControl
lstrlenW
WriteFile
ReadFile
GetLastError
CloseHandle
DisconnectNamedPipe
ConnectNamedPipe
GetTickCount
lstrcmpA

user32

LoadIconW
LoadCursorW
RegisterClassExW
DefWindowProcW
CreateWindowExW
TranslateAcceleratorW
LoadAcceleratorsW
GetSystemMetrics
GetActiveWindow
PostQuitMessage
SetPropW
SetForegroundWindow
SystemParametersInfoW
EndDialog
DialogBoxIndirectParamW
GetCursorPos
TrackPopupMenu
LoadImageW
MonitorFromPoint
SetRect
AppendMenuW
DestroyMenu
SetScrollInfo
GetScrollInfo
EnumWindows
PostMessageA
GetWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsDialogMessageW
GetDlgItem
GetParent
RedrawWindow
GetClientRect
MoveWindow
SetWindowTextW
IsWindow
GetWindowRect
UpdateLayeredWindow
GetWindowLongW
KillTimer
SetTimer
IsWindowVisible
ShowWindow
ReleaseDC
GetDC
SetWindowPos
CreateDialogIndirectParamW
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
MessageBoxW
SetWindowLongW
SendMessageW
wsprintfW
PostMessageW
CreatePopupMenu
UnregisterClassA

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
DeleteDC

advapi32

RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW

shell32

SHFileOperationW
Shell_NotifyIconW
ShellExecuteW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

SystemTimeToVariantTime
SysFreeString
VarUI4FromStr

ws2_32

socket
htons
sendto
gethostbyname

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
StrStrIW

comctl32

InitCommonControlsEx

wininet

HttpSendRequestA
InternetReadFile
InternetConnectA
HttpOpenRequestA
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoA
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/XunYouGU/config/GameUpdate.ini
迅游2105/XunYouGU/log/02-19.17.26.log
迅游2105/XunYouGU/log/02-19.18.17.log
迅游2105/XunYouGU/log/02-22.46.51.log
迅游2105/XunYouGU/log/02-22.49.20.log
迅游2105/XunYouGU/log/02-22.59.33.log
迅游2105/XunYouGU/log/02-23.08.28.log
迅游2105/XunYouGU/log/02-23.09.21.log
迅游2105/XunYouGU/log/02-23.20.36.log
迅游2105/XunYouGU/log/02-23.21.52.log
迅游2105/XunYouGU/log/02-23.22.03.log
迅游2105/XunYouGU/log/04-18.38.33.log
迅游2105/XunYouTM.exe
.exe windows:4 windows x86 arch:x86

c3ebe2dfb1efbad339195d520d935623

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\xunyouplatform2013\output\XunYouTM.pdb

Imports

ws2_32

WSAStartup
gethostbyname
socket
closesocket
sendto
htons
inet_ntoa

kernel32

GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GlobalReAlloc
GlobalAlloc
OutputDebugStringW
DebugBreak
GetLastError
ExitProcess
CreateThread
WriteFile
ReadFile
FlushFileBuffers
DisconnectNamedPipe
SetNamedPipeHandleState
GetOverlappedResult
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
SetEvent
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileStringW
LoadLibraryExW
CreateMutexW
DeleteCriticalSection
lstrcmpiW
InitializeCriticalSection
FreeLibrary
GetModuleHandleW
SizeofResource
LoadResource
FindResourceW
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
lstrlenW
GetCommandLineA
GetLocalTime
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
HeapSize
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapReAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetTickCount
GlobalFree
MultiByteToWideChar
CloseHandle
GetFileSize
CreateFileW
InterlockedIncrement
lstrlenA
InterlockedDecrement
GetEnvironmentStringsW
WideCharToMultiByte
GetProcAddress
GetModuleFileNameW
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
GetCommandLineW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
CreateFileA
GetLocaleInfoW
SetFilePointer

user32

DefWindowProcW
MessageBoxW
RedrawWindow
GetMessageW
TranslateMessage
DispatchMessageW
EnumDisplaySettingsW
PeekMessageW
UnregisterClassA
LoadCursorW
PtInRect
SetCursor
EqualRect
GetMonitorInfoW
MonitorFromRect
GetForegroundWindow
PostQuitMessage
ScreenToClient
SetFocus
EnumChildWindows
SetDlgItemTextW
EndDialog
CharNextW
ClientToScreen
DialogBoxIndirectParamW
GetCursorPos
DestroyIcon
InvalidateRect
CreateWindowExW
UpdateLayeredWindow
MoveWindow
GetSystemMetrics
ReleaseDC
IsWindowVisible
GetClientRect
GetWindowLongW
EnumWindows
GetPropW
GetDC
CreateDialogIndirectParamW
SetForegroundWindow
SendMessageW
IsWindow
SetScrollInfo
GetScrollInfo
SetScrollRange
SetScrollPos
GetDlgItem
ShowWindow
GetWindowRect
SetWindowPos
SetTimer
KillTimer
GetParent
DestroyWindow
LoadStringW
SetWindowLongW
PostMessageW
LoadImageW
EnumDisplayMonitors

gdi32

CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
SetBkMode

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHAppBarMessage
SHGetFileInfoW
ExtractIconExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

_TrackMouseEvent
ImageList_Create
InitCommonControlsEx
ImageList_ReplaceIcon

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/areanode.txt
迅游2105/ca.crt
迅游2105/config/Game_Info.txt
迅游2105/config/Game_Path.txt
迅游2105/config/Hf_Platform.txt
迅游2105/config/VS_PlatForm.txt
迅游2105/config/Whitelist.txt
迅游2105/config/alarm.txt
迅游2105/config/blacklist.txt
迅游2105/config/gameAreaDR.txt
迅游2105/config/gameDataConfig.txt
迅游2105/config/gameareaspf.txt
迅游2105/config/gameareaspro.txt
迅游2105/config/gamelist.txt
迅游2105/config/gamesUdpEnable.txt
迅游2105/config/gamesdata.txt
迅游2105/config/gameserverorder.txt
迅游2105/config/gamespf.txt
迅游2105/config/gametype.txt
迅游2105/config/interCfg.txt
迅游2105/config/mode4route.txt
迅游2105/config/newexcluderoute.txt
迅游2105/config/newgamelist.txt
迅游2105/config/nodeNameOnArea.txt
迅游2105/config/nodeareas.txt
迅游2105/config/nodelinename.txt
迅游2105/config/nodes2.txt
迅游2105/config/p2ppf.txt
迅游2105/config/privilegeGameTip.txt
迅游2105/config/startHistoryDataGameArea.txt
迅游2105/config/subgames.txt
迅游2105/config/updateserver.txt
迅游2105/config/verify.txt
迅游2105/config/webgameareas.txt
迅游2105/config/webgames.txt
迅游2105/config/webgametype.txt
迅游2105/config/webgr.txt
迅游2105/config/webp2p.txt
迅游2105/config/weibo.txt
迅游2105/config/xunyou.txt
迅游2105/conncfg.bin
迅游2105/conncfg6.bin
迅游2105/data/bmnet.inf
迅游2105/data/bmnet.sys
.sys windows:6 windows x64 arch:x64

5656451644eb67b677e2521bd39f7718

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:6d:9d:45:40:c2:bb:90:5e:32:e8:8c:3c:cc:3a:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/06/2010, 00:00

Not After

08/06/2013, 23:59

Subject

CN=Sichuan Xunyou Network Technology Co.\, Ltd\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sichuan Xunyou Network Technology Co.\, Ltd\ ,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

88:a1:fe:ae:99:9b:9c:94:78:91:db:9c:23:28:21:73:80:ac:af:7b
Signer

Actual PE Digest

88:a1:fe:ae:99:9b:9c:94:78:91:db:9c:23:28:21:73:80:ac:af:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\src\21\tap-win32\amd64\tap0901.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeAcquireSpinLockRaiseToDpc
KeRemoveQueueDpc
RtlCreateSecurityDescriptor
IoReleaseCancelSpinLock
ZwOpenFile
RtlFreeAnsiString
ZwSetSecurityObject
IofCompleteRequest
ZwClose
KeInsertQueueDpc
MmMapLockedPagesSpecifyCache
RtlFreeUnicodeString
KeReleaseSpinLock
KeInitializeDpc
RtlUnicodeStringToAnsiString
MmMapLockedPages
RtlAnsiStringToUnicodeString
DbgPrint
RtlUnicodeToMultiByteN
__C_specific_handler

ndis.sys

NdisMRegisterAdapterShutdownHandler
NdisAllocateMemoryWithTag
NdisReadConfiguration
NdisTerminateWrapper
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisInitializeWrapper
NdisFreeMemory
NdisMRegisterMiniport
NdisCloseConfiguration
NdisMRegisterDevice
NdisMRegisterUnloadHandler
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMSleep
NdisOpenConfiguration

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/data/bmnet32.inf
迅游2105/data/bmnet32.txt
.sys windows:6 windows x86 arch:x86

ef773706eaab7bb0196b252c61d5d6cc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:6d:9d:45:40:c2:bb:90:5e:32:e8:8c:3c:cc:3a:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/06/2010, 00:00

Not After

08/06/2013, 23:59

Subject

CN=Sichuan Xunyou Network Technology Co.\, Ltd\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sichuan Xunyou Network Technology Co.\, Ltd\ ,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:cb:0e:a0:52:9c:57:c1:2b:26:30:dd:ee:7f:f3:69:5b:7f:63:29
Signer

Actual PE Digest

5f:cb:0e:a0:52:9c:57:c1:2b:26:30:dd:ee:7f:f3:69:5b:7f:63:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\21\tap-win32\i386\tap0901.pdb

Imports

ntoskrnl.exe

RtlFreeAnsiString
memset
KeRemoveQueueDpc
KeBugCheckEx
KeTickCount
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
KeInitializeDpc
MmMapLockedPagesSpecifyCache
MmMapLockedPages
RtlCreateSecurityDescriptor
ZwOpenFile
ZwSetSecurityObject
ZwClose
KeInsertQueueDpc
IoReleaseCancelSpinLock
IofCompleteRequest
memcpy
RtlFreeUnicodeString
RtlUnwind
DbgPrint
RtlUnicodeToMultiByteN

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

ndis.sys

NdisMRegisterMiniport
NdisTerminateWrapper
NdisMRegisterUnloadHandler
NdisMSetAttributesEx
NdisMRegisterAdapterShutdownHandler
NdisOpenConfiguration
NdisReadConfiguration
NdisCloseConfiguration
NdisMRegisterDevice
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMSleep
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisInitializeWrapper

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/data/bmnet64.inf
迅游2105/data/bmnet64.txt
.sys windows:6 windows x64 arch:x64

5656451644eb67b677e2521bd39f7718

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:6d:9d:45:40:c2:bb:90:5e:32:e8:8c:3c:cc:3a:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/06/2010, 00:00

Not After

08/06/2013, 23:59

Subject

CN=Sichuan Xunyou Network Technology Co.\, Ltd\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sichuan Xunyou Network Technology Co.\, Ltd\ ,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

88:a1:fe:ae:99:9b:9c:94:78:91:db:9c:23:28:21:73:80:ac:af:7b
Signer

Actual PE Digest

88:a1:fe:ae:99:9b:9c:94:78:91:db:9c:23:28:21:73:80:ac:af:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\src\21\tap-win32\amd64\tap0901.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeAcquireSpinLockRaiseToDpc
KeRemoveQueueDpc
RtlCreateSecurityDescriptor
IoReleaseCancelSpinLock
ZwOpenFile
RtlFreeAnsiString
ZwSetSecurityObject
IofCompleteRequest
ZwClose
KeInsertQueueDpc
MmMapLockedPagesSpecifyCache
RtlFreeUnicodeString
KeReleaseSpinLock
KeInitializeDpc
RtlUnicodeStringToAnsiString
MmMapLockedPages
RtlAnsiStringToUnicodeString
DbgPrint
RtlUnicodeToMultiByteN
__C_specific_handler

ndis.sys

NdisMRegisterAdapterShutdownHandler
NdisAllocateMemoryWithTag
NdisReadConfiguration
NdisTerminateWrapper
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisInitializeWrapper
NdisFreeMemory
NdisMRegisterMiniport
NdisCloseConfiguration
NdisMRegisterDevice
NdisMRegisterUnloadHandler
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMSleep
NdisOpenConfiguration

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/data/bmnetx64.cat
迅游2105/data/bmnetx86.cat
迅游2105/data/drvinst.exe
.exe windows:6 windows x64 arch:x64

ce4a5cfcfb0452b87e013f07f4d59f9c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\src\21\tapinstall\objfre_wnet_amd64\amd64\tapinstall.pdb

Imports

advapi32

OpenProcessToken
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegDeleteValueW
RegSetValueExW

kernel32

GetCurrentProcess
FormatMessageW
lstrlenW
GetLastError
CloseHandle
LocalFree
GetDateFormatW
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
GetFullPathNameW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
GetWindowsDirectoryW
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter

msvcrt

wcschr
_wcsicmp
towlower
_wcsnicmp
fputs
__iob_func
wcsrchr
fputws
?terminate@@YAXXZ
memset
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wprintf
??2@YAPEAX_K@Z
towupper
??3@YAXPEAX@Z
iswalpha

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CLSIDFromString

setupapi

SetupScanFileQueueW
SetupDiGetClassDevsExW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidExW
CM_Reenumerate_DevNode_Ex
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
CM_Disconnect_Machine
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetSelectedDriverW
SetupGetStringFieldW
CM_Get_Res_Des_Data_Size_Ex
SetupDiEnumDriverInfoW
CM_Free_Log_Conf_Handle
CM_Get_Device_ID_ExW
CM_Get_Next_Res_Des_Ex
SetupCloseFileQueue
SetupDiGetDriverInstallParamsW
CM_Get_Res_Des_Data_Ex
SetupDiOpenClassRegKeyExW
SetupCloseInfFile
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupOpenInfFileW
CM_Free_Res_Des_Handle
CM_Get_First_Log_Conf_Ex
SetupDiSetDeviceInstallParamsW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW
SetupDiGetClassDescriptionExW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/data/drvinst32.exe
.exe windows:6 windows x86 arch:x86

d06468ab9c11b378b5ddeb17e2b95db7

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\21\tapinstall\objfre_w2k_x86\i386\tapinstall.pdb

Imports

advapi32

InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW

kernel32

LocalFree
FormatMessageW
CloseHandle
GetCurrentProcess
GetLastError
lstrlenW
GetDateFormatW
FileTimeToSystemTime
FreeLibrary
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

?terminate@@YAXXZ
fputws
fputs
??3@YAXPAX@Z
_controlfp
memset
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_iob
wprintf
wcsrchr
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
??2@YAPAXI@Z

ntdll

RtlUnwind

ole32

CLSIDFromString

setupapi

SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiBuildClassInfoListExW
SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiSetClassInstallParamsW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupDiGetClassDescriptionExW
SetupCloseInfFile
SetupDiOpenClassRegKeyExW
SetupDiGetDriverInstallParamsW
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiGetDeviceRegistryPropertyW
SetupScanFileQueueW
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
CM_Get_First_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
SetupDiClassGuidsFromNameExW
SetupDiCreateDeviceInfoListExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/data/drvinst64.exe
.exe windows:6 windows x64 arch:x64

ce4a5cfcfb0452b87e013f07f4d59f9c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\src\21\tapinstall\objfre_wnet_amd64\amd64\tapinstall.pdb

Imports

advapi32

OpenProcessToken
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegDeleteValueW
RegSetValueExW

kernel32

GetCurrentProcess
FormatMessageW
lstrlenW
GetLastError
CloseHandle
LocalFree
GetDateFormatW
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
GetFullPathNameW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
GetWindowsDirectoryW
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter

msvcrt

wcschr
_wcsicmp
towlower
_wcsnicmp
fputs
__iob_func
wcsrchr
fputws
?terminate@@YAXXZ
memset
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wprintf
??2@YAPEAX_K@Z
towupper
??3@YAXPEAX@Z
iswalpha

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CLSIDFromString

setupapi

SetupScanFileQueueW
SetupDiGetClassDevsExW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidExW
CM_Reenumerate_DevNode_Ex
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
CM_Disconnect_Machine
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetSelectedDriverW
SetupGetStringFieldW
CM_Get_Res_Des_Data_Size_Ex
SetupDiEnumDriverInfoW
CM_Free_Log_Conf_Handle
CM_Get_Device_ID_ExW
CM_Get_Next_Res_Des_Ex
SetupCloseFileQueue
SetupDiGetDriverInstallParamsW
CM_Get_Res_Des_Data_Ex
SetupDiOpenClassRegKeyExW
SetupCloseInfFile
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupOpenInfFileW
CM_Free_Res_Des_Handle
CM_Get_First_Log_Conf_Ex
SetupDiSetDeviceInstallParamsW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW
SetupDiGetClassDescriptionExW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/dialconfig.ini
迅游2105/gameareas.txt
迅游2105/gameconfig.txt
迅游2105/gamelogo/15865.ico
迅游2105/gamelogo/15866.ico
迅游2105/gamelogo/1616.ico
迅游2105/games.txt
迅游2105/gr.txt
迅游2105/js.dll
.dll windows:4 windows x86 arch:x86

7c626ff704d9d836856f63f2d11e49d3

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouBase\output\js.pdb

Imports

kernel32

GetSystemDirectoryA
WriteFile
GetPrivateProfileStringW
WritePrivateProfileStringW
MapViewOfFile
WaitForSingleObject
SetEvent
OutputDebugStringA
CreateFileMappingA
FreeLibrary
LoadLibraryA
GetVersionExA
GetVersionExW
SuspendThread
ResumeThread
Sleep
GlobalFree
GetSystemDirectoryW
GetFullPathNameW
GetTempFileNameW
CopyFileW
MoveFileExW
MoveFileW
TerminateProcess
OpenProcess
GetSystemInfo
GetModuleHandleW
CreateEventW
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
WaitForMultipleObjects
GetOverlappedResult
CreateNamedPipeW
CreateThread
CreateProcessA
GetProcessHeap
HeapAlloc
HeapFree
GlobalReAlloc
ExpandEnvironmentStringsA
CreateFileMappingW
SetPriorityClass
SetCurrentDirectoryA
GetCurrentThread
DeleteFileW
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetThreadLocale
ReadFile
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetFilePointer
RtlUnwind
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStdHandle
GetTimeZoneInformation
ExitProcess
HeapSize
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileAttributesExW
GetFileSizeEx
CreateDirectoryW
GetProcAddress
Module32NextW
LoadLibraryW
Module32FirstW
SetThreadPriority
CreateProcessW
MulDiv
InterlockedIncrement
SetCurrentDirectoryW
GlobalAlloc
Process32FirstW
EnterCriticalSection
SetLastError
FlushInstructionCache
FreeResource
LeaveCriticalSection
CreateFileW
GetCurrentProcess
RaiseException
GetCurrentThreadId
lstrlenW
InitializeCriticalSection
WinExec
GetCurrentDirectoryW
InterlockedDecrement
DeviceIoControl
InterlockedExchange
WideCharToMultiByte
GlobalUnlock
CloseHandle
GetLastError
GlobalLock
CreateToolhelp32Snapshot
MultiByteToWideChar
Process32NextW
GetCurrentProcessId
lstrcmpW
DeleteCriticalSection
GetModuleFileNameW
GetTickCount
lstrcpyA
SizeofResource
LoadResource
LockResource
FindResourceW
lstrcpynA
lstrlenA
InterlockedCompareExchange

user32

GetWindow
SetFocus
RegisterClassExW
DestroyAcceleratorTable
IsChild
CreateAcceleratorTableW
SetWindowLongW
DefWindowProcW
GetClientRect
RegisterWindowMessageW
ReleaseDC
GetClassNameW
PostMessageW
CallWindowProcW
GetWindowTextW
MoveWindow
InvalidateRgn
GetClassInfoExW
GetDC
GetWindowLongW
InvalidateRect
SetWindowPos
BeginPaint
CharNextW
ClientToScreen
RedrawWindow
GetDlgItem
GetParent
FillRect
IsWindow
GetDesktopWindow
SetCapture
wsprintfW
ExitWindowsEx
SetPropW
TranslateMessage
PeekMessageW
CreateDialogIndirectParamW
GetMessageW
DispatchMessageW
IsDialogMessageW
GetActiveWindow
FindWindowA
MessageBoxA
FindWindowExW
SetWindowTextW
GetWindowTextLengthW
ReleaseCapture
GetPropW
UnregisterClassA
EnumWindows
LoadStringW
CharLowerW
DestroyWindow
ScreenToClient
EndPaint
LoadCursorW
CreateWindowExW
GetSysColor
SendMessageW
GetFocus

gdi32

SelectObject
GetObjectW
DeleteDC
BitBlt
CreateSolidBrush
GetStockObject
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDeviceCaps

advapi32

CryptReleaseContext
RegDeleteKeyA
RegEnumKeyExA
OpenProcessToken
OpenServiceA
AdjustTokenPrivileges
QueryServiceStatusEx
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
LookupPrivilegeValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptAcquireContextW
CryptEncrypt
CryptDestroyHash
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegEnumKeyW

shell32

ShellExecuteW

ole32

OleUninitialize
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
StringFromGUID2
CoGetClassObject
OleInitialize
CoCreateInstance
OleLockRunning
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysStringByteLen
SysStringLen
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantInit
SysFreeString
SysAllocString

shlwapi

StrStrIW
StrStrIA
StrCmpNIW
PathFileExistsW

winhttp

WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpOpen
WinHttpReadData
WinHttpConnect
WinHttpReceiveResponse

ws2_32

bind
inet_ntoa
htonl
setsockopt
recvfrom
WSCDeinstallProvider
WSAEnumNetworkEvents
WSCEnumProtocols
WSCInstallProvider
WSACreateEvent
WSAEventSelect
sendto
WSACloseEvent
socket
connect
send
WSAGetLastError
__WSAFDIsSet
ioctlsocket
recv
closesocket
gethostbyname
select
WSACleanup
ntohs
htons
inet_addr
ntohl
WSAWaitForMultipleEvents
WSAStartup
WSCWriteProviderOrder

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

EnumProcessModules
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo
CreateIpForwardEntry
DeleteIpForwardEntry
GetIfTable
GetIfEntry
GetIpForwardTable

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

rasapi32

RasEnumConnectionsA
RasDialA
RasHangUpW
RasGetEntryPropertiesW
RasGetErrorStringW
RasSetEntryPropertiesA
RasGetConnectStatusW
RasHangUpA

Exports

Exports

text_match
xunyou_accel
xunyou_encode
xunyou_get_area_from_ip_address
xunyou_get_config
xunyou_get_error_text
xunyou_get_game_area_count
xunyou_get_game_area_server_info
xunyou_get_game_area_server_info_count
xunyou_get_game_areas
xunyou_get_game_catalog_count
xunyou_get_game_catalogs
xunyou_get_game_max_count_by_type
xunyou_get_game_name
xunyou_get_game_name_ex
xunyou_get_game_privilege_text
xunyou_get_game_program_names_to_accel
xunyou_get_game_program_names_to_boot
xunyou_get_game_server_count
xunyou_get_game_servers
xunyou_get_game_type
xunyou_get_game_vip_time
xunyou_get_game_weights
xunyou_get_games_by_type
xunyou_get_node_line_name
xunyou_get_node_list_max_count
xunyou_get_node_list_support_game_area_accel
xunyou_get_special_config
xunyou_get_state_line_area_info
xunyou_get_state_line_area_info_count
xunyou_get_update_server_count
xunyou_get_update_servers
xunyou_get_url_argument
xunyou_get_user_information
xunyou_get_version
xunyou_get_webgame_url
xunyou_is_privilege_game
xunyou_is_privilege_node
xunyou_is_recommend_node
xunyou_is_state_line_area
xunyou_is_valid_game
xunyou_is_valid_game_area_server
xunyou_is_valid_node_line
xunyou_load_data
xunyou_login
xunyou_logout
xunyou_need_update_game_information
xunyou_open_url
xunyou_open_url_with_key
xunyou_open_webgame_url
xunyou_process_url
xunyou_register
xunyou_search_games_by_key
xunyou_set_user_vip_time
xunyou_start_game_exe
xunyou_stop_accel
xunyou_support_game_type
xunyou_support_mode_on_game_area
xunyou_test_speed_on_game_area
xunyou_unInstall_Lsp
xunyou_unInstall_VNetCard
xunyou_update_game_information

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/libeay32.dll
.dll windows:4 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_cfbr_encrypt_block
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
ASN1_ANY_it
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_encode
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_to_generalizedtime
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_callback_ctrl
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_cipher
BIO_set_ex_data
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CBIGNUM_it
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get1_default_config_file
CONF_get_number
CONF_get_section
CONF_get_string
CONF_imodule_get_flags
CONF_imodule_get_module
CONF_imodule_get_name
CONF_imodule_get_usr_data
CONF_imodule_get_value
CONF_imodule_set_flags
CONF_imodule_set_usr_data
CONF_load
CONF_load_bio
CONF_load_fp
CONF_module_add
CONF_module_get_usr_data
CONF_module_set_usr_data
CONF_modules_finish
CONF_modules_free
CONF_modules_load
CONF_modules_load_file

Sections

.text
Size: 246KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
迅游2105/log/02-19.17.26.log
迅游2105/log/02-19.18.17.log
迅游2105/log/02-22.46.51.log
迅游2105/log/02-22.49.20.log
迅游2105/log/02-22.59.33.log
迅游2105/log/02-23.08.28.log
迅游2105/log/02-23.09.21.log
迅游2105/log/02-23.20.36.log
迅游2105/log/02-23.21.52.log
迅游2105/log/02-23.22.03.log
迅游2105/log/04-18.38.33.log
迅游2105/log/display.html
.html
迅游2105/log/jsqlog.txt
迅游2105/log/msghistory.data
迅游2105/misc.dll
.dll windows:4 windows x86 arch:x86

064d552e595188995c0ab0d082767f5a

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\xunyouplatform2013\output\misc.pdb

Imports

kernel32

CloseHandle
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GlobalLock
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
WriteFile
LoadResource
GetModuleHandleW
FindResourceW
SizeofResource
OutputDebugStringA
LoadLibraryExW
lstrcmpiW
lstrlenA
GetLastError
GetModuleFileNameW
FreeLibrary
InterlockedDecrement
GetEnvironmentStringsW
lstrcmpW
Sleep
MulDiv
LoadLibraryW
GlobalUnlock
GlobalFree
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
FlushInstructionCache
EnterCriticalSection
GlobalAlloc
GetCurrentThreadId
MultiByteToWideChar
GetProcAddress
GetCurrentProcess
LeaveCriticalSection
WideCharToMultiByte
SetLastError
RaiseException
lstrlenW
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GlobalReAlloc
GetStartupInfoA

user32

ReleaseDC
SetWindowLongW
MoveWindow
SendMessageW
GetClientRect
GetDC
SetWindowPos
GetWindowLongW
GetDlgItem
SetLayeredWindowAttributes
CreateDialogIndirectParamW
GetParent
SystemParametersInfoW
GetWindowRect
GetWindow
ShowWindow
GetWindowTextLengthW
DestroyWindow
EndPaint
IsChild
GetCursorPos
RegisterClassExW
GetFocus
ScreenToClient
PostMessageW
RegisterWindowMessageW
GetClassNameW
GetWindowTextW
InvalidateRect
GetClassInfoExW
DestroyAcceleratorTable
PtInRect
SetTimer
SetWindowTextW
GetSystemMetrics
IsDialogMessageW
DestroyCursor
CreateAcceleratorTableW
KillTimer
UnregisterClassA
CallWindowProcW
SetFocus
GetDesktopWindow
DefWindowProcW
InvalidateRgn
ClientToScreen
FillRect
SetCapture
GetSysColor
IsWindow
CreateWindowExW
ReleaseCapture
CharNextW
LoadCursorW
BeginPaint
wsprintfW
RedrawWindow
IsWindowVisible
UpdateLayeredWindow

gdi32

CreateSolidBrush
GetStockObject
DeleteObject
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
BitBlt
SelectObject
DeleteDC
GetDeviceCaps

advapi32

RegQueryInfoKeyW
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW

ole32

OleInitialize
CoGetClassObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysFreeString
DispCallFunc
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
SysStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
LoadTypeLi

comctl32

InitCommonControlsEx

gdiplus

GdiplusShutdown
GdiplusStartup

ws2_32

gethostbyname
socket
closesocket
sendto
htons

Exports

Exports

game_progress_is_run
get_miscwindow_isvisible
misc_init
set_arg
set_delay_time
set_flow
set_miscwindow_isvisible
start_js

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/misc.exe
.exe windows:4 windows x86 arch:x86

e9ac788b3dcb85f9630ca92b228534ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d5:e5:61:9f:3b:a0:67:09:14:12:a2:0a:57:14:88:34
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/12/2010, 00:00

Not After

28/12/2013, 23:59

Subject

CN=四川迅游网络科技有限公司,OU=WoSign Class 3 Code Signing,O=四川迅游网络科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\XunYouPlatform2012_unicode\output\misc.pdb

Imports

kernel32

LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
OutputDebugStringW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
SizeofResource
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
InterlockedIncrement
LCMapStringA
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
MultiByteToWideChar
FreeLibrary
SetLastError
lstrcmpiW
GetUserDefaultLCID
InterlockedDecrement
GetLastError
RaiseException
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
Sleep
GetCPInfo
GetModuleFileNameA
GetStdHandle
EnterCriticalSection
WideCharToMultiByte
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapReAlloc
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
HeapDestroy
HeapCreate
FatalAppExitA
ExitProcess
WriteFile
GetOEMCP

user32

GetParent
SetWindowLongW
CharNextW
DestroyWindow
GetWindowLongW
PostMessageW
MoveWindow
DefWindowProcW
GetActiveWindow
DialogBoxParamW
EndPaint
BeginPaint
EndDialog
LoadBitmapW
SetLayeredWindowAttributes
UnregisterClassA
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
KillTimer
SetTimer
ShowWindow

gdi32

DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
DeleteDC

advapi32

RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/mode3.dll
.dll windows:4 windows x86 arch:x86

199a7fe96c78451861e6ae915d596c6f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouPlatform2012_unicode\output\mode3.pdb

Imports

ws2_32

WSAWaitForMultipleEvents
ioctlsocket
WSASetLastError
ntohl
htonl
closesocket
listen
bind
htons
send
recv
gethostbyname
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSASendTo
WSASend
WSARecvFrom
WSARecv
inet_ntoa
accept
getsockopt
ntohs
inet_addr
WSAStartup
socket
connect
select
setsockopt
WSAGetLastError

crypt32

CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CryptAcquireCertificatePrivateKey

iphlpapi

CreateIpForwardEntry
DeleteIpForwardEntry
GetAdaptersInfo
GetInterfaceInfo
DeleteIPAddress
GetAdapterIndex
IpReleaseAddress
IpRenewAddress
AddIPAddress
FlushIpNetTable
GetIpForwardTable

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextA
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptReleaseContext
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptSetHashParam
CryptSignHashA
InitializeSecurityDescriptor

libeay32

ord206
ord395
ord82
ord281
ord151
ord654
ord109
ord89
ord95
ord67
ord333
ord323
ord258
ord259
ord222
ord257
ord965
ord964
ord2572
ord363
ord315
ord316
ord2399
ord961
ord2747
ord2784
ord256
ord2256
ord794
ord809
ord464
ord2821
ord267
ord269
ord268
ord2949
ord2504
ord2485
ord2516
ord2492
ord2708
ord2502
ord2628
ord2493
ord2490
ord2970
ord502
ord504
ord503
ord339
ord2206
ord252
ord247
ord497
ord1846
ord202
ord1309
ord1304
ord1291
ord624
ord248
ord1018
ord657
ord585
ord680
ord656
ord93
ord78
ord52
ord402
ord653
ord572
ord1654
ord1653
ord1963
ord66
ord529
ord485
ord298
ord224
ord3212
ord2147
ord784
ord2437
ord2436
ord2435
ord227
ord223
ord754
ord641
ord484
ord486
ord128
ord7

ssleay32

ord52
ord48
ord127
ord130
ord129
ord71
ord61
ord171
ord12
ord177
ord75
ord172
ord17
ord22
ord5
ord3
ord30
ord24
ord141
ord73
ord16
ord222
ord170
ord83
ord86
ord82
ord121
ord158
ord6
ord21
ord15
ord98
ord38
ord40
ord175
ord151
ord183
ord74
ord169
ord8
ord28
ord25

kernel32

SetHandleCount
InterlockedDecrement
InterlockedIncrement
TlsFree
GetStartupInfoA
TlsAlloc
TlsGetValue
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
InterlockedExchange
FlushFileBuffers
GetFileAttributesA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
TlsSetValue
GetThreadLocale
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetSystemTimeAsFileTime
GetConsoleCP
HeapFree
HeapAlloc
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
GetFileType
ReleaseSemaphore
CreateSemaphoreA
SetConsoleTitleA
GetConsoleTitleA
ReadConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
SetConsoleMode
CancelIo
GetOverlappedResult
SuspendThread
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
CreateEventA
ResetEvent
SetEvent
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleA
GetTickCount
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
ReadFile
WriteFile
DeleteFileA
SetEnvironmentVariableA
Sleep
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
DeviceIoControl
GetCurrentThreadId
CloseHandle
SetLastError
WaitForSingleObject
CreateFileA
SetFilePointer
SetStdHandle
ExitThread
GetStdHandle
GetLastError
FormatMessageA
LocalFree

Exports

Exports

Connect
GetStatus
HangUp
SetStatus

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/mode4.dll
.dll windows:4 windows x86 arch:x86

0cb2fb22deb990271b312debdf4b49cb

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\XunYouPlatform2010\output\mode4.pdb

Imports

kernel32

Sleep
CloseHandle
DeleteCriticalSection
OutputDebugStringA
InitializeCriticalSection
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LoadLibraryA
VirtualAlloc
HeapReAlloc
HeapSize

user32

GetPropW
PostMessageA
EnumWindows
RegisterWindowMessageA

ws2_32

sendto
recv
bind
recvfrom
closesocket
ntohl
inet_ntoa
inet_addr
accept
connect
htons
listen
ntohs
setsockopt
__WSAFDIsSet
send
select
socket

Exports

Exports

getListenPort
reInitListen
setCurrentGameInfo
setHttpTransTable
setModeTransRouteTable
setProxyPara

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/newskin.txt
迅游2105/nodes.txt
迅游2105/p2p.txt
迅游2105/pz.ini
迅游2105/rasRemote.exe
.exe windows:4 windows x64 arch:x64

3728bf7688071d9401fc9505003a22fb

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\rasDial\x64\release\rasRemote.pdb

Imports

kernel32

GetModuleFileNameA
WideCharToMultiByte
ReadFile
GetLastError
WaitForMultipleObjects
SetEvent
CreateFileA
GetOverlappedResult
CreateThread
CreateEventA
DisconnectNamedPipe
FlushFileBuffers
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
MultiByteToWideChar
SetLastError
LoadLibraryA
Sleep
WaitForSingleObject
CloseHandle
GetModuleHandleA
GetProcAddress
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
LCMapStringA
LCMapStringW
RtlVirtualUnwind
FlsGetValue
FlsSetValue
TlsFree
FlsFree
GetCurrentThreadId
FlsAlloc
GetStdHandle
HeapSize
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetFilePointer
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

advapi32

CryptAcquireContextA
CryptReleaseContext

ws2_32

inet_addr

iphlpapi

GetAdaptersInfo

rasapi32

RasGetConnectStatusA
RasHangUpA
RasDialA
RasEnumConnectionsA

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/skin.txt
迅游2105/skin/1616.xml
迅游2105/skin/default.xml
迅游2105/special.txt
迅游2105/splist.txt
迅游2105/ssleay32.dll
.dll windows:4 windows x86 arch:x86

19d281195717327ebb6cdb3251cf78c5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libeay32

ord52
ord2206
ord857
ord905
ord901
ord904
ord1653
ord1654
ord903
ord252
ord222
ord2201
ord490
ord176
ord641
ord2821
ord281
ord290
ord654
ord181
ord188
ord269
ord3109
ord2630
ord910
ord2411
ord754
ord911
ord493
ord464
ord289
ord3245
ord354
ord2936
ord3244
ord323
ord3067
ord2894
ord961
ord89
ord109
ord202
ord285
ord3724
ord313
ord495
ord120
ord3239
ord151
ord110
ord111
ord3178
ord3695
ord3570
ord3575
ord3550
ord3608
ord3480
ord3418
ord3422
ord203
ord128
ord31
ord830
ord727
ord2760
ord866
ord2929
ord3644
ord2578
ord3010
ord2924
ord3459
ord3512
ord3663
ord123
ord201
ord118
ord501
ord3666
ord219
ord498
ord635
ord912
ord909
ord87
ord282
ord3682
ord2877
ord3711
ord205
ord486
ord484
ord763
ord577
ord907
ord572
ord3719
ord216
ord206
ord497
ord481
ord3729
ord2915
ord256
ord1096
ord1097
ord333
ord2589
ord1145
ord1144
ord1081
ord2292
ord622
ord627
ord657
ord85
ord623
ord2784
ord965
ord964
ord2572
ord2747
ord3704
ord3758
ord3767
ord3647
ord3460
ord3766
ord3365
ord3754
ord3394
ord3454
ord1027
ord3378
ord3437
ord187
ord897
ord3414
ord3495
ord67
ord66
ord1004
ord3527
ord65
ord53
ord78
ord98
ord3559
ord3399
ord636
ord914
ord316
ord629
ord892
ord626
ord890
ord364
ord1010
ord2051
ord74
ord248
ord1655
ord575
ord1025
ord58
ord630
ord628
ord1041
ord1007
ord1005
ord246
ord1100
ord679
ord2524
ord3595
ord1023
ord3505
ord401
ord93
ord3396
ord3657
ord887
ord891
ord889
ord315
ord314
ord1147
ord189
ord774
ord279
ord283
ord956
ord280
ord400
ord751
ord750
ord2181
ord399
ord748
ord3205
ord37
ord35
ord824
ord822
ord8
ord1091
ord3700
ord3623
ord32
ord718
ord7
ord716
ord703
ord680
ord86
ord88
ord1101
ord293
ord322
ord2996
ord3155
ord2927
ord325
ord329
ord318
ord304
ord292
ord299
ord955
ord2252
ord91
ord247
ord169
ord168
ord653
ord167

msvcrt

_iob
_errno
free
_initterm
malloc
_adjust_fdiv
strncmp
memmove
time
fprintf

kernel32

GetLastError
DisableThreadLibraryCalls
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sessions
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_msg_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_SESSION_cmp
SSL_SESSION_free
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_hash
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_free
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_set_accept_state
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_shutdown
SSL_set_ssl_method
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl2_ciphers
ssl3_ciphers

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/style.xml
迅游2105/ta.key
迅游2105/tmp/lastgamesused.txt
迅游2105/tmp/protramonsetting.txt
迅游2105/traffic.log
迅游2105/uninstall.dat
迅游2105/unnstale.exe
.exe windows:5 windows x86 arch:x86

8ca0039f9d38ec4e3619b0083d4a4473

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\破解迅游\Lib\启动注入框架.pdb

Imports

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
HeapReAlloc
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
GetModuleHandleW
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FormatMessageA
LocalFree
MulDiv
MultiByteToWideChar
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomA
GlobalUnlock
lstrlenA
WritePrivateProfileStringA
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
CloseHandle
CreateRemoteThread
Sleep
ResumeThread
TerminateProcess
WriteProcessMemory
GetProcAddress
LoadLibraryA
VirtualProtect
SetThreadContext
GetThreadContext
VirtualAllocEx
GetModuleFileNameA
CreateProcessA
GetCurrentDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
SetHandleCount
WideCharToMultiByte

user32

RegisterClipboardFormatA
PostThreadMessageA
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
LoadCursorA
SetCapture
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSysColor
SystemParametersInfoA
LoadIconA
GetSystemMenu
AppendMenuA
SendMessageA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
CharUpperA
GetSysColorBrush
MessageBeep
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetDlgItemTextA
SetDlgItemTextA
EnableWindow
PostMessageA
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetPropA

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
CreateBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
ExtTextOutA
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoCreateInstance
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter
CoUninitialize

oleaut32

SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysFreeString

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/update.dll
.dll windows:4 windows x86 arch:x86

d79e771e773b70cc97a484f690283a8e

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouBase\output\update.pdb

Imports

kernel32

Sleep
ReadFile
WriteFile
CreateFileW
SetFilePointerEx
CreateDirectoryW
MoveFileW
GetFileSizeEx
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MoveFileExW
GetTempFileNameW
SetLastError
MultiByteToWideChar
GetFileAttributesExW
GetLastError
DeleteFileW
lstrlenA
GetModuleFileNameW
lstrlenW
WideCharToMultiByte
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
RaiseException
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
GetLocaleInfoA
GetLocaleInfoW
InterlockedExchange
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetThreadLocale

advapi32

CryptEncrypt
CryptDestroyHash
CryptDecrypt
CryptDeriveKey
CryptReleaseContext
CryptHashData
CryptAcquireContextW
CryptCreateHash

shlwapi

PathFileExistsW

wininet

InternetSetOptionA
HttpQueryInfoA
HttpSendRequestA
InternetReadFile
HttpOpenRequestA
InternetOpenW
InternetCloseHandle
InternetQueryDataAvailable
InternetConnectA
InternetOpenA
HttpSendRequestW

Exports

Exports

xunyou_update

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/update.exe
.exe windows:4 windows x86 arch:x86

b7aa149e84423e5f57528a66d3783d44

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\XunYouBase\output\update_exe.pdb

Imports

kernel32

lstrlenA
CreateProcessW
MultiByteToWideChar
CreateFileW
CreateDirectoryW
GetFileSizeEx
WriteFile
SetLastError
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FreeLibrary
SuspendThread
ResumeThread
GetProcAddress
LoadLibraryW
SetThreadPriority
CopyFileW
Sleep
GlobalFree
DeleteFileW
WaitForSingleObject
CloseHandle
GetLastError
lstrlenW
WideCharToMultiByte
CreateMutexW
ReadFile
GetModuleFileNameW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
GetVersionExA
HeapAlloc
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InterlockedExchange
LoadLibraryA
SetFilePointer
GetThreadLocale

shlwapi

PathFileExistsW

ws2_32

WSAStartup
sendto
gethostbyname
ntohl
socket
WSACleanup
htons
closesocket

iphlpapi

GetNetworkParams

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/update_style.xml
迅游2105/verinfo.ini
迅游2105/xunyou.exe
.exe windows:4 windows x86 arch:x86

33608a73c9223e883243d3cf4a988792

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\xunyouplatform2013\output\xunyou.pdb

Imports

ws2_32

htons
listen
accept
connect
bind
setsockopt
recv
socket
closesocket
gethostbyname
send
WSAGetLastError
WSCEnumProtocols
__WSAFDIsSet
select
ioctlsocket
sendto
inet_ntoa
inet_addr
gethostname
WSCGetProviderPath
WSACleanup
WSAStartup
recvfrom

comctl32

_TrackMouseEvent
InitCommonControlsEx

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo
GetProcessImageFileNameW

kernel32

GetProcAddress
FreeLibrary
FindClose
FindFirstFileW
LoadLibraryW
lstrlenA
GetCurrentThreadId
InterlockedIncrement
SetLastError
GetModuleFileNameW
CreateDirectoryW
CopyFileW
CloseHandle
GetFileSize
WriteFile
DeleteFileW
GetLastError
CreateFileW
CreateThread
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
InitializeCriticalSection
DeleteCriticalSection
SetThreadPriority
WaitForSingleObject
SuspendThread
ResumeThread
GetTickCount
GetSystemTime
GetVersionExW
Sleep
lstrcpynW
CreateMutexW
OutputDebugStringA
GetPrivateProfileStringW
WritePrivateProfileStringW
SetEvent
ResetEvent
CreateEventW
GlobalMemoryStatusEx
Process32NextW
Module32NextW
Module32FirstW
GetProcessIoCounters
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiA
DebugBreak
OutputDebugStringW
InterlockedExchange
CreateProcessW
GetExitCodeProcess
lstrcmpiW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
InterlockedDecrement
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetSystemDirectoryW
DeviceIoControl
LocalFree
LocalAlloc
GetCurrentProcessId
ReadFile
SetFilePointerEx
GetFileSizeEx
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
LoadLibraryA
GetVersionExA
CompareStringA
lstrcmpA
lstrcpynA
GetLocalTime
CreateEventA
TerminateProcess
CreateDirectoryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
ExitProcess
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
FatalAppExitA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
lstrlenW
GlobalAlloc
GlobalReAlloc
GlobalFree
GetCurrentProcess
FlushInstructionCache
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetModuleFileNameA
GetLocaleInfoA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
GetOEMCP
IsValidCodePage
HeapSize
IsValidLocale
SetConsoleCtrlHandler
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
SizeofResource
GetACP

user32

DispatchMessageW
AttachThreadInput
SetScrollInfo
GetScrollInfo
EnumWindows
GetPropW
RedrawWindow
CharNextW
GetGuiResources
CharLowerW
LoadImageW
PostQuitMessage
GetSystemMetrics
GetFocus
IsChild
CallWindowProcW
GetForegroundWindow
DefWindowProcW
LoadMenuW
GetSubMenu
TrackPopupMenu
DestroyIcon
RemoveMenu
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
LoadIconW
wsprintfW
SetMenuDefaultItem
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
EqualRect
IntersectRect
OffsetRect
SetRectEmpty
SetRect
OpenClipboard
GetScrollPos
IsIconic
PtInRect
ScreenToClient
SetDlgItemTextA
GetDlgItemTextA
GetWindowTextA
SetWindowTextA
ShowCaret
GetDlgItem
SetFocus
EnableWindow
ClientToScreen
SetPropW
SetForegroundWindow
MessageBoxW
GetCursorPos
SendMessageW
EndDialog
GetWindow
SystemParametersInfoW
MapWindowPoints
GetParent
GetClientRect
SetWindowTextW
DialogBoxIndirectParamW
SetParent
GetWindowTextLengthW
GetWindowTextW
EnumChildWindows
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DestroyAcceleratorTable
GetDesktopWindow
UnregisterClassA
EndPaint
FillRect
ReleaseCapture
GetClassNameW
SetCapture
InvalidateRgn
InvalidateRect
GetActiveWindow
AnimateWindow
GetTopWindow
GetDlgItemTextW
EmptyClipboard
SetClipboardData
CloseClipboard
IsDialogMessageW
SetScrollPos
CreateDialogIndirectParamW
GetWindowRect
UpdateLayeredWindow
GetWindowLongW
KillTimer
SetTimer
IsWindowVisible
ReleaseDC
GetDC
SetWindowPos
DestroyWindow
LoadStringW
IsWindow
ShowWindow
MoveWindow
PostMessageW
SetWindowLongW
GetSysColor
PeekMessageW
GetMessageW
IsRectEmpty
TranslateMessage
RegisterWindowMessageW
BeginPaint

gdi32

SetTextColor
SetBkMode
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryInfoKeyW
RegCreateKeyExA
RegQueryValueExA
CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
CloseServiceHandle
CryptAcquireContextW
CryptReleaseContext
OpenSCManagerW
EnumServicesStatusW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathA

ole32

CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
StringFromGUID2
CoSetProxyBlanket
CoGetClassObject

oleaut32

SafeArrayGetLBound
VariantInit
VariantClear
SysStringLen
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringByteLen
VarUI4FromStr
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SafeArrayGetUBound
SysAllocString
SysAllocStringLen
VarBstrCat
LoadTypeLi
LoadRegTypeLi
DispCallFunc

shlwapi

StrCmpNIA
PathFindFileNameA
PathRemoveFileSpecW
PathFileExistsW
StrCmpW
StrCmpNIW
StrStrIA
StrStrIW

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIpForwardTable

pdh

PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhAddCounterW
PdhMakeCounterPathW
PdhOpenQueryW
PdhCloseQuery

winmm

timeGetTime

winhttp

WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

version

GetFileVersionInfoW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/xunyouat.dll
.dll windows:4 windows x86 arch:x86

f9d455275294e14408ae208ab8ec2c32

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetLastError
Process32Next
GlobalAlloc
GlobalFree
MapViewOfFile
SetEvent
DeleteCriticalSection
LoadLibraryW
GetProcAddress
GetTickCount
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateEventA
OpenFileMappingA
WaitForSingleObject
ExpandEnvironmentStringsW
GetVersionExA
CreateFileMappingA
Process32First
GetCurrentProcess
CreateMutexA
CloseHandle
GetModuleFileNameW
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
MultiByteToWideChar
CreateFileA
SetStdHandle
IsValidCodePage
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCurrentThreadId
GetCommandLineA
HeapFree
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
Sleep
HeapSize
ExitProcess
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP

user32

PostMessageA
RegisterWindowMessageA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

iphlpapi

CreateIpForwardEntry
GetAdaptersInfo
GetNetworkParams

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

inet_ntoa
select
getsockopt
ntohl
inet_addr
htons
closesocket
WSCEnumProtocols
socket
sendto
WSCGetProviderPath
setsockopt
ntohs

psapi

GetModuleFileNameExA

Exports

Exports

GetData
SetData
WSPStartup
_addAccId@4

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/xunyouip.dll
.dll windows:4 windows x86 arch:x86

77d0cfdec086c6b159dd22a57e061c53

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetLastError
Process32Next
GlobalAlloc
GlobalFree
SetEvent
MapViewOfFile
DeleteCriticalSection
LoadLibraryW
GetProcAddress
GetTickCount
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateEventA
OpenFileMappingA
WaitForSingleObject
ExpandEnvironmentStringsW
GetVersionExA
CreateFileMappingA
Process32First
GetCurrentProcess
CreateMutexA
CloseHandle
GetModuleFileNameW
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
MultiByteToWideChar
CreateFileA
SetStdHandle
LoadLibraryA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCurrentThreadId
GetCommandLineA
HeapFree
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

RegisterWindowMessageA
PostMessageA

advapi32

InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SetSecurityDescriptorDacl

iphlpapi

CreateIpForwardEntry
GetAdaptersInfo
GetNetworkParams

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

select
ntohl
inet_ntoa
setsockopt
sendto
getsockopt
htons
closesocket
socket
ntohs
inet_addr

psapi

GetModuleFileNameExA

Exports

Exports

GetData
SetData
WSPStartup
_addAccId@4

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/xunyount64.dll
.dll windows:4 windows x64 arch:x64

7274ef699335267ab7ab2484e3b9a843

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
CloseHandle
MapViewOfFile
WaitForSingleObject
SetEvent
GetTickCount
GlobalAlloc
LoadLibraryW
CreateEventA
GetModuleFileNameW
CreateMutexA
GlobalFree
DeleteCriticalSection
GetCurrentProcessId
OpenFileMappingA
ExpandEnvironmentStringsW
GetVersionExA
CreateFileMappingA
Process32Next
GetLastError
InitializeCriticalSection
Process32First
GetProcAddress
GetCurrentProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
LoadLibraryA
HeapReAlloc
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
MultiByteToWideChar
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP

user32

PostMessageA
RegisterWindowMessageA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

iphlpapi

CreateIpForwardEntry
GetAdaptersInfo
GetNetworkParams

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

sendto
socket
setsockopt
closesocket
WSCGetProviderPath
ntohs
htons
inet_addr
select
ntohl
WSCEnumProtocols
inet_ntoa
getsockopt

psapi

GetModuleFileNameExA

Exports

Exports

GetData
SetData
WSPStartup
addAccId

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/xunyouplatform.txt
迅游2105/xyweibo.dll
.dll windows:4 windows x86 arch:x86

0750226367450a74f5dbb945d67ef01d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XunYouPlatform2012_unicode\output\xyweibo.pdb

Imports

wininet

InternetReadFile
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA

crypt32

CertOpenSystemStoreA
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore

kernel32

GetConsoleOutputCP
WriteConsoleA
CreateFileA
WriteConsoleW
CloseHandle
OutputDebugStringA
GetTickCount
GetLastError
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
ExitProcess
WriteFile
GetModuleFileNameA
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
CreateFileW
InitializeCriticalSection
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile

Exports

Exports

sendsinaweibo
sendtxweibo
sinaweiboaddfriend
txweiboaddfriend

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
迅游2105/绿软基地.url
.url
迅游2105/迅游2015/迅游破解.exe
.exe windows:4 windows x86 arch:x86

c81af0f084dfd5a66ba6f5b7982bfa41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

midiStreamOut
midiOutPrepareHeader
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
waveOutGetNumDevs
waveOutClose

ws2_32

WSAAsyncSelect
closesocket
WSACleanup
recvfrom
ioctlsocket
inet_ntoa
recv
accept
getpeername

kernel32

MultiByteToWideChar
SetLastError
QueryPerformanceFrequency
QueryPerformanceCounter
GetTimeZoneInformation
GetVersion
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
InterlockedExchange
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle

user32

IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
CreateMenu
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
GetSysColorBrush
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetDesktopWindow
GetClassNameA
GetDlgItem
GetWindowTextA
WinHelpA
UnregisterClassA
SetRectEmpty
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA

gdi32

GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateRectRgnIndirect
SetBkColor
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
SetStretchBltMode
LPtoDP
GetClipRgn
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

comctl32

ord17
ImageList_Destroy

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
迅游2105/迅游破解.exe
.exe windows:4 windows x86 arch:x86

f9681ca09016e43018ceed749dc74980

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
CreateSemaphoreA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
GetClipboardData
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
CloseClipboard
wsprintfA
EqualRect
GetWindowRect
SetForegroundWindow
WaitForInputIdle
IsWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
UnregisterClassA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture

gdi32

SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
SetBkColor
CreatePen
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleUninitialize
CLSIDFromString
OleInitialize

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

recv
getpeername
accept
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 504KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df47fdd3a5ee744453677cc31de76afe

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

03:23:d4:fa:82:7f:76Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 868B

.reloc Size: 8KB - Virtual size: 5KB

c9183adccb7c2419934a31acd5f59c25

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

03:23:d4:fa:82:7f:76Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 996B

.reloc Size: 20KB - Virtual size: 18KB

91a68240c3f1cb422bdef364811088d1

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

03:23:d4:fa:82:7f:76Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 23KB - Virtual size: 22KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

03:23:d4:fa:82:7f:76
Certificate

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 868B

.reloc
Size: 8KB - Virtual size: 5KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

03:23:d4:fa:82:7f:76
Certificate

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 996B

.reloc
Size: 20KB - Virtual size: 18KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

03:23:d4:fa:82:7f:76
Certificate

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

03:23:d4:fa:82:7f:76
Certificate

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

03:23:d4:fa:82:7f:76
Certificate

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 12KB - Virtual size: 11KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

03:23:d4:fa:82:7f:76
Certificate