d1f369277c44a4104624eaf4bfeb924f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d1f369277c44a4104624eaf4bfeb924f_JaffaCakes118
Size

5.1MB
MD5

d1f369277c44a4104624eaf4bfeb924f
SHA1

69916cbc32d27facedbbe8a1f5beb201cb25356c
SHA256

fc10cfa6c5447184de0cb94c6ac3ebdc3e79ded78909b8cd3be50c6f5004ec8c
SHA512

6f818e28bcc7a74b0a97a2e4efe927e957a4a279c6c9989fe6100ca11d06b4303a4aea478c551b5fcbf3be680338f407e0842fc6e6c25e2e74b731a111967276
SSDEEP

98304:ezNMKZgwD82r+BzMHIDwD/Qp7IkTG06WLdOgJtty1LENJiBoxJy01FbGSZY1n:ezNMyp82r+1MoDJ7vJLM8tc+viBox+l

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/FileInfo.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

d1f369277c44a4104624eaf4bfeb924f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:d2:08:d5:87:8e:4d:25:73:4d:33:5f:71:c6:4a:5d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/05/2012, 00:00

Not After

05/06/2013, 23:59

Subject

CN=上海瑞创网络科技股份有限公司,OU=Provided by TrustAsia,O=上海瑞创网络科技股份有限公司,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:69:4e:88:1d:c9:d5:6e:64:24:b9:cf:7d:7e:56:c0:16:b3:59:01
Signer

Actual PE Digest

5c:69:4e:88:1d:c9:d5:6e:64:24:b9:cf:7d:7e:56:c0:16:b3:59:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FileInfo.dll
.dll windows:4 windows x86 arch:x86

d9a37d081a4275786b185abdde359c32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FlushFileBuffers
MulDiv
lstrcpynW
OpenProcess
LoadLibraryA
CloseHandle
TerminateProcess
GetProcAddress
GetCurrentProcessId
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
lstrcpyW
GlobalAlloc
GetModuleFileNameW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetVersionExW
GetOEMCP
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
WriteFile
InitializeCriticalSection
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA

user32

wsprintfW
ReleaseDC
GetDC

gdi32

GetDeviceCaps

Exports

Exports

CheckInstallTime
DPIScaleX
DPIScaleY
FindProc
GetSpecialBuild
GetSpreadUserID
KillProc

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/HaoZipLogo_chs.bmp
$PLUGINSDIR/NSISdl.dll
.dll windows:5 windows x86 arch:x86

6b9d096578bad49648d82fb5a245a197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
GetTickCount
lstrcpyA
Sleep
WriteFile
CreateFileA
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
CreateThread
WaitForSingleObject
DeleteFileA
CloseHandle
IsProcessorFeaturePresent

user32

GetWindowLongW
CreateWindowExW
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
SendMessageW
GetDlgItem
FindWindowExW
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongW
RegisterWindowMessageW
EnableWindow
DestroyWindow
CallWindowProcW
wsprintfA
GetFocus

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ws2_32

inet_addr
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
closesocket
shutdown
ioctlsocket
htons
socket
WSACleanup
WSAStartup
gethostbyname

Exports

Exports

download
download_quiet

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PPSLoader.exe
.exe windows:5 windows x86 arch:x86

a98f50e6d74ed41878f8090a3ebb4913

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:7f:e2:5a:e1:19:10:62:e6:71:74:40:34:87:89:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/07/2011, 00:00

Not After

10/08/2012, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:b9:f1:12:c2:ff:91:83:f9:9b:1c:7a:1f:f1:93:73:a1:3c:b6:9b
Signer

Actual PE Digest

7a:b9:f1:12:c2:ff:91:83:f9:9b:1c:7a:1f:f1:93:73:a1:3c:b6:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW

kernel32

GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
FlushInstructionCache
RaiseException
GetLastError
SetLastError
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
GetVersionExW
GetProcAddress
GetTempFileNameW
WaitForSingleObject
GetTickCount
WriteFile
Sleep
CreateFileW
GetTempPathW
GetLongPathNameW
CloseHandle
DeleteFileW
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
HeapCreate
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
SizeofResource
InitializeCriticalSection
GetModuleHandleA
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetCurrentProcessId

user32

ShowWindow
GetDesktopWindow
SetWindowLongW
UnregisterClassA
CreateDialogParamW
DefWindowProcW
GetMenuDefaultItem
GetWindowRect
PostQuitMessage
GetParent
GetClientRect
BringWindowToTop
SystemParametersInfoW
MonitorFromWindow
GetDlgItem
SetWindowPos
MessageBoxW
SetDlgItemTextW
MapWindowPoints
EnableWindow
SetWindowTextW
GetMonitorInfoW
GetWindow
SetTimer
IsMenu
TrackPopupMenu
RegisterWindowMessageW
LoadImageW
PostMessageW
KillTimer
GetSubMenu
SetForegroundWindow
LoadCursorW
PeekMessageW
GetClassInfoExW
RegisterClassExW
LoadMenuW
GetWindowLongW
GetCursorPos
IsWindow
CreateWindowExW
SetMenuDefaultItem
GetSystemMetrics
SendMessageW
DestroyMenu
DestroyIcon
CallWindowProcW
DestroyWindow
GetMessageW
CharNextW
TranslateMessage
DispatchMessageW

gdi32

CreateFontIndirectW
DeleteObject

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

shell32

ShellExecuteExW
Shell_NotifyIconW

ole32

CoUninitialize
CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/QQPCDownload_60877.exe
.exe windows:4 windows x86 arch:x86

0c40996f6e1e5f2a82b51e9950881bf1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:97:05:86:21:d0:26:5d:cb:6f:9f:de:04:c7:9d:48:9d:25:25:ba
Signer

Actual PE Digest

3e:97:05:86:21:d0:26:5d:cb:6f:9f:de:04:c7:9d:48:9d:25:25:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
MultiByteToWideChar
WideCharToMultiByte
CompareFileTime
FindClose
FindFirstFileW
GetFileAttributesW
GetLastError
CreateDirectoryW
ExpandEnvironmentStringsW
lstrlenA
WriteFile
GetStdHandle
lstrcmpW
GetSystemTimeAsFileTime
lstrlenW
RemoveDirectoryW
FindNextFileW
DeleteFileW
VirtualAlloc
VirtualFree
GetACP
GetOEMCP
GetUserDefaultUILanguage
GetUserDefaultLCID
GetTempPathW
SetEnvironmentVariableW
SetCurrentDirectoryW
CloseHandle
lstrcmpiW
GetModuleFileNameW
CreateThread
GetVersionExW
CreateFileW
GetDriveTypeW
GetModuleHandleW
GetProcAddress
LoadLibraryA
MulDiv
GetSystemDirectoryW
TerminateThread
ResumeThread
SuspendThread
LocalFree
lstrcpyW
FormatMessageW
DeleteCriticalSection
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
GetModuleHandleA
WaitForSingleObject
GetExitCodeThread
GetLocalTime
SystemTimeToFileTime
GetCommandLineW
SetFileAttributesW
GetStartupInfoA

user32

CharUpperW
GetWindowLongW
wsprintfW
wsprintfA
MessageBoxA
GetKeyState
SendMessageW
wvsprintfW
KillTimer
GetSystemMenu
EnableMenuItem
SetTimer
GetWindowTextW
DefWindowProcW
CallWindowProcW
GetWindowDC
DrawIconEx
MessageBeep
DialogBoxIndirectParamW
GetWindow
GetParent
GetClientRect
ClientToScreen
GetWindowTextLengthW
SetWindowPos
GetDC
DrawTextW
ReleaseDC
ShowWindow
GetWindowRect
ScreenToClient
LoadIconW
LoadImageW
SetWindowLongW
SetDlgItemTextW
SystemParametersInfoW
GetSystemMetrics
GetDlgItem
SetFocus
EndDialog
SetWindowTextW

gdi32

DeleteObject
SelectObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFileInfoW

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
_beginthreadex
_CxxThrowException
_purecall
memset
_wcsnicmp
malloc
free
_wtol
memcpy
memmove
memcmp
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_controlfp

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/wpsdl_haoya2wps.exe
.exe windows:5 windows x86 arch:x86

d09673b61cd2ddfbf5daf8d762044efa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:b6:be:84:00:f0:b0:b0:61:99:5f:d5:29:16:8a:7b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/03/2011, 00:00

Not After

09/03/2014, 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Office Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:26:5b:9d:ad:7d:ac:ec:df:c8:bb:35:f2:83:03:14:8b:fb:2c:69
Signer

Actual PE Digest

6b:26:5b:9d:ad:7d:ac:ec:df:c8:bb:35:f2:83:03:14:8b:fb:2c:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\3163.20120305.rc_20120228_branch\rc_20120228_branch\Coding\product\win32\office6\wpsdl.pdb

Imports

wininet

InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetAttemptConnect
HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetSetOptionExW

kernel32

GlobalFree
FindResourceW
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
RaiseException
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
LocalFree
GetSystemDefaultLangID
HeapAlloc
HeapFree
GetProcessHeap
FlushInstructionCache
GetPrivateProfileIntW
SetLastError
FindResourceExW
MulDiv
LockResource
lstrcatW
WinExec
GetWindowsDirectoryW
lstrcpyW
GlobalLock
GlobalAlloc
lstrcmpW
GlobalUnlock
GlobalHandle
WaitForMultipleObjects
FreeResource
GetCommandLineW
GetTempPathW
CreateToolhelp32Snapshot
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetSystemTimeAsFileTime
ExitProcess
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
Process32NextW
ProcessIdToSessionId
Process32FirstW
GetExitCodeProcess
GetVersionExW
OpenProcess
GetCurrentProcess
TlsSetValue
TlsFree
GetTimeZoneInformation
RtlUnwind
HeapCreate
GetStdHandle
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetProcAddress
GetFileAttributesW
LoadLibraryW
GetPrivateProfileStringW
CreateDirectoryW
FreeLibrary
GetCurrentProcessId
ReleaseMutex
GetCurrentThreadId
GetFileAttributesExW
GetModuleFileNameW
OutputDebugStringW
CreateMutexW
GetFileSize
CreateThread
ResumeThread
DeleteFileW
CloseHandle
CreateEventW
GetExitCodeThread
ResetEvent
MoveFileW
GetLastError
InterlockedExchange
CreateFileW
ReadFile
Sleep
WriteFile
GetTickCount
SetEvent
WaitForSingleObject
SetFilePointer
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
VirtualQuery

user32

GetWindowTextW
GetClassNameW
RedrawWindow
SendDlgItemMessageW
EndPaint
ClientToScreen
SetCursor
SetWindowRgn
ScreenToClient
GetWindowRect
PostQuitMessage
FillRect
LoadImageW
SetCapture
DrawTextW
DialogBoxParamW
IsWindowEnabled
SetRect
GetClientRect
DrawEdge
BeginPaint
PtInRect
CreateIconIndirect
GetIconInfo
GetCapture
GetFocus
InflateRect
GetMenu
CopyIcon
InvalidateRect
SystemParametersInfoW
ReleaseDC
GetDlgItem
EndDialog
DestroyCursor
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowContextHelpId
SetFocus
CreateAcceleratorTableW
FindWindowW
InvalidateRgn
GetSysColor
SetWindowPos
ShowWindow
LoadBitmapW
CreateDialogParamW
GetActiveWindow
AdjustWindowRectEx
ReleaseCapture
GetSystemMetrics
IsWindowVisible
UpdateWindow
GetDlgCtrlID
SetWindowTextW
DestroyIcon
MoveWindow
SetTimer
MonitorFromPoint
DialogBoxIndirectParamW
IsChild
MapDialogRect
DestroyAcceleratorTable
GetWindowTextLengthW
MessageBoxW
UpdateLayeredWindow
DrawFocusRect
TrackPopupMenu
RegisterWindowMessageW
GetMenuItemID
PostMessageW
KillTimer
GetSubMenu
SetForegroundWindow
GetParent
LoadCursorW
GetClassInfoExW
InsertMenuItemW
RegisterClassExW
LoadIconW
LoadMenuW
GetWindowLongW
EnableMenuItem
SetWindowLongW
GetCursorPos
LoadStringW
IsWindow
RemoveMenu
CreateWindowExW
SetMenuDefaultItem
SendMessageW
DestroyMenu
GetMonitorInfoW
CallWindowProcW
DefWindowProcW
GetWindow
DestroyWindow
GetMessageW
CharNextW
TranslateMessage
PeekMessageW
DispatchMessageW
GetDesktopWindow
UnregisterClassA
GetDC

gdi32

CreateRoundRectRgn
GetStockObject
MoveToEx
BitBlt
GetTextExtentPoint32W
GetTextMetricsW
LineTo
SetTextColor
DeleteDC
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
StretchBlt
SetBkColor
CreateBitmap
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
CreateCompatibleBitmap
GetObjectW
CreateRectRgn
SetTextJustification
CreatePen
CreateSolidBrush
GetPixel
TextOutW

advapi32

EqualSid
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
OpenProcessToken
RegQueryValueW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
CheckTokenMembership
GetLengthSid
FreeSid
IsValidSid
AllocateAndInitializeSid
DuplicateTokenEx

shell32

ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW

ole32

CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CLSIDFromProgID
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CoGetClassObject
OleFlushClipboard
OleSetClipboard
CLSIDFromString

oleaut32

OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
DispCallFunc
SysAllocString
VarUI4FromStr
SysFreeString
LoadRegTypeLi

comctl32

ImageList_Destroy
_TrackMouseEvent
ord17
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Create
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Draw

gdiplus

GdipLoadImageFromStream
GdipFree
GdipGetImageHeight
GdipDrawImagePointsI
GdipDeleteGraphics
GdipLoadImageFromStreamICM
GdipAlloc
GdipDisposeImage
GdipCreateFromHDC
GdipCloneImage
GdipGetImageWidth
GdipReleaseDC
GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2345好压免责声明.txt
7zNew.data
.7z
HaoZip.chm
.chm
HaoZip.dll
HaoZip.exe
HaoZipC.exe
HaoZipEditor.dll
HaoZipExt.dll
HaoZipExt64.dll
HaoZipFormats.dll
HaoZipImage.dll
HaoZipImgConvert.exe
HaoZipImgViewer.exe
HaoZipLoader.exe
HaoZipLoader64.exe
HaoZipMd5.exe
HaoZipRename.exe
HaoZipReplace.exe
HaoZipScan.exe
HaoZipUI.dll
HaoZipUpdate.exe
Microsoft.VC80.CRT.manifest
RarNew.data
.rar
TarNew.data
UNACEV2.DLL
Uninstall.exe.nsis
ZipNew.data
icon/BMP.ico
icon/COMMON.ico
icon/GIF.ico
icon/JPG.ico
icon/PNG.ico
icon/TIF.ico
lang/HaoZipLang_chs.dll
msvcr80.dll
sfx/HaoZip7zCon.sfx
sfx/HaoZip7zSetup.sfx
skins/HaoZip.dui
.zip
objects.xml
.xml
skins/HaoZip.skn
.zip
21.png
.png
Actual size.png
.png
Add_large.png
.png
Add_large_Mouseover.png
.png
Add_small.png
.png
Add_small_Mouseover.png
.png
Adressbar_list.png
.png
Appropriate size.png
.png
Back2.png
.png
Back_Btn.png
.png
Back_Btn2.png
.png
Bottom_Bg.png
.png
Button.png
.png
Caption_Btn.png
.png
Clockwise.png
.png
Close.png
.png
Counterclockwise.png
.png
Delete.png
.png
Detailpane_bg.png
.png
Download_Bg.png
.png
Enlarge.png
.png
Forward2.png
.png
Forward_Btn.png
.png
Forward_Btn2.png
.png
Hand.png
.png
HaoPicIconForm.png
.png
HaoPicInfoForm.CloseBtn.png
.png
HaoPicInfoForm.png
.png
HaoZip.skn
Left_Border.png
.png
Left_Border_photoview.png
.png
MenuDropBtn.png
.png
Menubar_Btn_Hot.png
.png
Menubar_Btn_Press.png
.png
Narrow.png
.png
Open.png
.png
PageBtn.png
.png
Play_Btn.png
.png
ProgressBar.png
.png
RCHaoClients.png
.png
RCHaoClients2.png
.png
RCHaoFileTreeView.png
.png
RCHaoNavigateBar.BackBtn.png
.png
RCHaoNavigateBar.ForwardBtn.png
.png
Right_Border.png
.png
Right_Border_photoview.png
.png
Sidebar_Infopane_Btn
Sidebar_Infopane_Btn1.png
.png
Sidebar_Infopane_Btn2.png
.png
Skin_Close_Btn.png
.png
Skin_Download_Btn.png
.png
Skin_Preview_Highlight_Large.png
.png
Skin_Preview_Highlight_Small.png
.png
Skin_Recommend_Preview.png
.png
Skin_preview_large.png
.png
Skin_preview_small.png
.png
Skin_recommend_bg.png
.png
Skinpanel_Bg.png
.png
Stop.png
.png
Stop_Btn.png
.png
View_D (2).png
.png
View_H (2).png
.png
View_L (2).png
.png
View_M (2).png
.png
View_N (2).png
.png
View_Right.png
.png
Zoom.png
.png
adressbar.png
.png
bg.png
.png
border.png
.png
checkbox.png
.png
close_sidebar.png
.png
convert.png
.png
copy.png
.png
edit.png
.png
folder-bg.png
.png
foot.png
.png
foot3.png
.png
haozip_skin_config.txt
haozip_skin_description.txt
haozip_skin_preview.png
.png
haozip_skin_preview_bg.png
.png
head.png
.png
hide.png
.png
hide2.png
.png
info-bg.png
.png
info_icon.png
.png
installed.png
.png
list-btn.png
.png
main_splitter.png
.png
menubar.png
.png
objects.xml
.xml
open_bg.png
.png
page_btn.png
.png
play.png
.png
print.png
.png
prop.xml
scan_bg.png
.png
scan_close_hot.png
.png
scan_close_normal.png
.png
scan_inf.png
.png
scan_pass.png
.png
scan_running.png
.png
sep.png
.png
shareres.xml
.xml
show.png
.png
show2.png
.png
size-contrl.png
.png
skin_btn.png
.png
slide 2.png
.png
splitter1.png
.png
splitter2.png
.png
thumb.png
.png
toolbar-small.png
.png
toolbar.png
.png
toolicon_Bg.png
.png
up.png
.png
skins/HaoZip.xml
.xml

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

11:d2:08:d5:87:8e:4d:25:73:4d:33:5f:71:c6:4a:5dCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

5c:69:4e:88:1d:c9:d5:6e:64:24:b9:cf:7d:7e:56:c0:16:b3:59:01Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 129KB

.ndata Size: - Virtual size: 392KB

.rsrc Size: 18KB - Virtual size: 18KB

d9a37d081a4275786b185abdde359c32

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 6KB - Virtual size: 5KB

6b9d096578bad49648d82fb5a245a197

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 24KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1024B - Virtual size: 890B

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

11:d2:08:d5:87:8e:4d:25:73:4d:33:5f:71:c6:4a:5d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

5c:69:4e:88:1d:c9:d5:6e:64:24:b9:cf:7d:7e:56:c0:16:b3:59:01
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 129KB

.ndata
Size: - Virtual size: 392KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1024B - Virtual size: 890B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0f:7f:e2:5a:e1:19:10:62:e6:71:74:40:34:87:89:7f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7a:b9:f1:12:c2:ff:91:83:f9:9b:1c:7a:1f:f1:93:73:a1:3c:b6:9b
Signer

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 17KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate