db10a0e307b1efdfb1e03ad2581acb003fcb82f2c41b589e7d28d20401525feb

Sharing

Copy URL Twitter E-mail

General

Target

db10a0e307b1efdfb1e03ad2581acb003fcb82f2c41b589e7d28d20401525feb
Size

7.3MB
MD5

bc6d5f9fa1d474873428411a093a6f7b
SHA1

56b71955e2a3b6c3d0b674772b9171e4a53544e7
SHA256

db10a0e307b1efdfb1e03ad2581acb003fcb82f2c41b589e7d28d20401525feb
SHA512

487cacd6ebcfdad87a2fbafd540bed008bcdd299e485f4e53a906b1605ab246630c969e4cf174a46620b98a8f6c4522c9e6b40ca8387110d7ae08f89d3e29788
SSDEEP

196608:aZL7BlOyA8f02VdxXeKyJWt8QSicBEOBG/cSBYs7NrdM:GLdlOT2VdxXeKyPicYJBDQ

Score

1^/10

Malware Config

Signatures

Files

db10a0e307b1efdfb1e03ad2581acb003fcb82f2c41b589e7d28d20401525feb
.zip
360PatchUp/360Base.dll
.dll windows:5 windows x86 arch:x86

a1119cea04cc17db3e94bc68a7cf7841

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:25:f7:eb:19:60:e4:d4:84:00:f9:e5:ca:2c:cb:96:ea:e1:3e:03
Signer

Actual PE Digest

76:25:f7:eb:19:60:e4:d4:84:00:f9:e5:ca:2c:cb:96:ea:e1:3e:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\46852\out\Release\360Base.pdb

Imports

kernel32

lstrcmpA
GetProcessHeap
HeapFree
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ReleaseMutex
LocalFree
lstrlenA
HeapAlloc
GetACP
LocalFileTimeToFileTime
GetCurrentProcess
GetSystemWindowsDirectoryW
GetSystemInfo
MapViewOfFileEx
IsBadReadPtr
VirtualFree
VirtualAlloc
GetFileSize
GetLocalTime
FindResourceExW
GetStdHandle
GetVersion
GlobalMemoryStatus
GetTickCount
ExitProcess
InterlockedCompareExchange
Sleep
GetCurrentProcessId
lstrcmpiA
DeleteAtom
FindAtomW
GetVersionExW
GetFileType
SetLastError
UnmapViewOfFile
LockResource
MapViewOfFile
CreateFileMappingW
SetErrorMode
LoadLibraryW
GetFileAttributesW
UnlockFileEx
CloseHandle
DeviceIoControl
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
CreateFileW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
FormatMessageW
OutputDebugStringW
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
LoadLibraryA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
LockFileEx
QueryPerformanceCounter
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
SetFilePointer
DeleteFileW
GetFileAttributesExW
FlushFileBuffers
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
WriteFile
GetCurrentThreadId
WideCharToMultiByte
GetFileSizeEx
SetFilePointerEx
ReadFile
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetModuleHandleA

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetDesktopWindow
CharNextW

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr

shlwapi

StrCmpNIW
StrTrimA
StrStrIW
StrRChrW
PathCombineW
PathAppendW
PathFileExistsW
StrCmpIW
SHSetValueA
PathFindFileNameW
SHGetValueA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

Netbios

crypt32

CryptDecodeObject
CryptMsgControl
CertFindCertificateInStore
CryptQueryObject
CryptDecodeObjectEx
CertAddStoreToCollection
CertOpenStore
CertCloseStore
CertOpenSystemStoreW
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToDecode
CertGetCertificateContextProperty
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose

Exports

Exports

CreateObject
InitLibs

Sections

.text
Size: 591KB - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/360Base64.dll
.dll windows:5 windows x64 arch:x64

ad5d16c5bf1a1009fea6e0dd35fa7946

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:38:aa:5b:aa:eb:92:a5:42:52:03:e4:17:68:9d:3b:46:51:da:82
Signer

Actual PE Digest

51:38:aa:5b:aa:eb:92:a5:42:52:03:e4:17:68:9d:3b:46:51:da:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\46852\out\Release\360Base64.pdb

Imports

kernel32

LoadLibraryW
SetErrorMode
CreateFileMappingW
MapViewOfFile
LockResource
UnmapViewOfFile
SetLastError
GetFileType
GetVersionExW
lstrcmpA
GetProcessHeap
HeapFree
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ReleaseMutex
LocalFree
lstrlenA
HeapAlloc
GetACP
LocalFileTimeToFileTime
GetSystemWindowsDirectoryW
GetSystemInfo
MapViewOfFileEx
IsBadReadPtr
GetFileSize
GetLocalTime
FindResourceExW
ExitProcess
GetStdHandle
GetVersion
GlobalMemoryStatus
GetTickCount
GetSystemTime
FormatMessageW
OutputDebugStringW
SetEndOfFile
GetFileAttributesW
UnlockFileEx
LockFileEx
QueryPerformanceCounter
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
SetFilePointer
DeleteFileW
GetFileAttributesExW
FlushFileBuffers
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
WriteFile
GetCurrentThreadId
WideCharToMultiByte
RtlVirtualUnwind
GetFileSizeEx
SetFilePointerEx
ReadFile
Sleep
GetCurrentProcessId
CloseHandle
lstrcmpiA
TlsFree
DeleteAtom
SetEnvironmentVariableA
FindAtomW
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
LoadLibraryA
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
SetStdHandle
DeviceIoControl
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
CreateFileW
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue

user32

GetProcessWindowStation
GetDesktopWindow
MessageBoxW
GetUserObjectInformationW
CharNextW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExA
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegQueryValueExW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid

oleaut32

VarUI4FromStr
SysAllocString

shlwapi

PathCombineW
PathAppendW
StrRChrW
StrCmpIW
PathFindFileNameW
StrTrimA
StrCmpNIW
SHSetValueA
StrStrIW
SHGetValueA
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptMsgClose
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertOpenSystemStoreW
CertCloseStore
CertOpenStore
CertAddStoreToCollection
CryptDecodeObjectEx
CryptQueryObject
CertFindCertificateInStore
CryptMsgControl
CryptDecodeObject
CertGetNameStringW

Exports

Exports

CreateObject
InitLibs

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/360NetBase64.dll
.dll windows:5 windows x64 arch:x64

96c521712b24ddb9806310fce81246b5

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:79:72:76:99:c3:28:93:80:fc:54:49:2e:03:94:13:a7:4c:b3:3f
Signer

Actual PE Digest

36:79:72:76:99:c3:28:93:80:fc:54:49:2e:03:94:13:a7:4c:b3:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\vmagent_new\bin\joblist\49913\out\Release\360NetBase64.pdb

Imports

ws2_32

htons
getsockopt
ntohs
getsockname
getpeername
recv
closesocket
socket
connect
WSASetLastError
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
ioctlsocket
__WSAFDIsSet
select
send
bind
setsockopt
WSAGetLastError

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
SleepEx
GetLastError
CloseHandle
WaitForSingleObject
ExpandEnvironmentStringsA
Sleep
FormatMessageA
GetTickCount
MultiByteToWideChar
FreeLibrary
DeviceIoControl
CreateFileA
GetCurrentProcessId
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryA
lstrlenA
LoadLibraryW
lstrlenW
FindClose
lstrcmpW
GetLongPathNameW
FindFirstFileW
ReadDirectoryChangesW
CreateFileW
CreateEventA
GetPrivateProfileStringW
lstrcmpiW
GetOverlappedResult
lstrcatW
lstrcpyW
GetSystemDirectoryW
WriteFile
SetEvent
GetVersionExA
GetSystemDirectoryA
WaitForMultipleObjects
FreeLibraryAndExitThread
CreateThread
GetModuleHandleExA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
ReadFile
GetFileSizeEx
OutputDebugStringW
FormatMessageW
GetCurrentThreadId
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
ExitThread
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleFileNameA
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
InitializeCriticalSectionAndSpinCount

advapi32

RegEnumKeyExA
RegQueryValueExW
RegEnumKeyExW
RegQueryValueExA
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExW

oleaut32

VarBstrCmp
VariantClear
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString

shlwapi

PathAppendW
PathFileExistsW
SHGetValueW
StrStrIW
StrCmpIW

Exports

Exports

InitLibs

Sections

.text
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/360P2SP.dll
.dll windows:5 windows x86 arch:x86

7b6878b0acf5aae5fa207074ee26df9d

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:07:f1:ce:7a:ed:fb:64:84:08:fa:3d:05:3f:93:9b:1c:7b:c1:22
Signer

Actual PE Digest

42:07:f1:ce:7a:ed:fb:64:84:08:fa:3d:05:3f:93:9b:1c:7b:c1:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\51636\out\Release_i18n\360P2SP_EN.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAStartup
gethostbyname
accept
WSAAsyncSelect
WSACancelAsyncRequest
WSAAsyncGetHostByName
listen
shutdown
getpeername
bind
WSASetLastError
sendto
recvfrom
ioctlsocket
select
__WSAFDIsSet
WSAGetLastError
gethostname
WSACleanup
htonl
WSCEnumProtocols
ntohs
ntohl
inet_ntoa
socket
htons
connect
closesocket
setsockopt
send
recv
inet_addr

kernel32

GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetTickCount
WriteFile
GetLastError
SetFilePointer
ReadFile
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
SetEndOfFile
GetFileSizeEx
CreateFileW
CreateEventW
CreateSemaphoreW
CreateMutexW
SetWaitableTimer
CreateWaitableTimerW
DeleteFileW
MoveFileW
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetModuleHandleExW
FreeLibraryAndExitThread
GetFileSize
GlobalAlloc
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
RaiseException
GetFileAttributesW
lstrlenW
lstrlenA
GetModuleHandleW
GetUserDefaultLangID
SetEvent
InterlockedDecrement
ResetEvent
DeviceIoControl
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempPathW
QueryPerformanceFrequency
GetModuleHandleA
GetSystemDirectoryA
GetLocalTime
InterlockedExchangeAdd
CreateThread
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
VirtualAlloc
VirtualFree
InterlockedIncrement
HeapReAlloc
GetCommandLineA
ExitThread
FindFirstFileW
GetDriveTypeW
GetLocaleInfoA
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcmpA
HeapAlloc
TlsGetValue
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
IsDebuggerPresent
LocalFree
SetLastError
FormatMessageW
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
lstrcmpiA
HeapFree
GetProcessHeap
TlsSetValue
TerminateProcess
UnhandledExceptionFilter
GetAtomNameW
OpenThread
GetCurrentProcessId
SetUnhandledExceptionFilter
AddAtomW

user32

UnhookWindowsHookEx
SetForegroundWindow
ShowWindow
CheckDlgButton
UnregisterClassW
PostMessageW
CallNextHookEx
IsDialogMessageW
SetWindowLongW
GetWindowLongW
RegisterClassExW
CreateWindowExW
DefWindowProcW
SendMessageW
SetTimer
CreateDialogParamW
SetWindowPos
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetDlgItemTextW
wsprintfW
IsDlgButtonChecked
SetWindowsHookExW
SetWindowTextW
SetDlgItemTextW
PostQuitMessage

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegEnumKeyExA
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyW
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

VariantChangeType
GetErrorInfo
SysFreeString
SysAllocString
VariantInit
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
VariantClear

shlwapi

StrStrIW
PathCombineW
SHSetValueA
UrlCanonicalizeA
UrlCanonicalizeW
PathCombineA
SHGetValueA
wvnsprintfW

netapi32

Netbios

iphlpapi

GetNetworkParams
GetAdaptersInfo

secur32

AcquireCredentialsHandleA
InitializeSecurityContextA
FreeCredentialsHandle

rasapi32

RasEnumConnectionsW
RasGetConnectStatusW

Exports

Exports

CancelCheckProxy
CheckProxy
CheckProxyEx
CreateP2SPTask
GetFinishMessage
GetServerInfo
GetUploadInfo
Init
Login
QueryTask
QueryTask2
QueryTaskPeer
RemoveTask
SetConfigInfo
SetP2spOption
StartTask
StopSeed
StopTask
Uninit
UpdateRegInfo

Sections

.text
Size: 639KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/360TSCommon.dll
.dll windows:5 windows x86 arch:x86

c9f9464cd0d9b85b049511f5e33d7391

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:1b:6f:7b:48:01:30:1f:ca:5d:ff:99:a9:cf:a2:52:93:c6:44:cd
Signer

Actual PE Digest

90:1b:6f:7b:48:01:30:1f:ca:5d:ff:99:a9:cf:a2:52:93:c6:44:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\50397\out\Release\360TSCommon.pdb

Imports

kernel32

GetCurrentProcessId
CloseHandle
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
GetProcAddress
CreateFileW
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryW
InitializeCriticalSection
GetModuleHandleW
CreateProcessW
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetCurrentThreadId
WriteFile
SetFilePointer
GetCurrentProcess
InterlockedDecrement
GetVersionExW
Sleep
LoadLibraryA
LocalFree
GetLastError
CreateMutexW
ReleaseMutex
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetTickCount
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
ReadFile
GetFileSizeEx
OutputDebugStringW
FormatMessageW
MultiByteToWideChar
SetLastError
GetSystemTime
TlsGetValue
WaitForSingleObject
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
InterlockedIncrement
WideCharToMultiByte
InterlockedExchange
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetLocaleInfoA
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetModuleHandleA

shlwapi

PathUnquoteSpacesW
SHGetValueW
PathFileExistsW

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
CreateProcessAsUserW
RegEnumKeyExW

shell32

ShellExecuteW

Exports

Exports

OpenLinkLowPermission

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/360net.dll
.dll windows:5 windows x86 arch:x86

ddc36400b14beb911b409a1dfb56ef3f

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f2:ed:d6:9b:74:aa:87:17:9e:25:35:62:5e:1b:3c:96:b6:26:79:22
Signer

Actual PE Digest

f2:ed:d6:9b:74:aa:87:17:9e:25:35:62:5e:1b:3c:96:b6:26:79:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\50784\out\Release_i18n\bin\360net_EN.pdb

Imports

kernel32

SetEndOfFile
SetFilePointerEx
GetSystemTime
GetCurrentProcess
ReleaseSemaphore
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
ReadFile
CreateMutexW
CreateSemaphoreW
SetFilePointer
GetFileSizeEx
lstrlenW
GetFileSize
MoveFileW
CreateThread
GlobalAlloc
GlobalFree
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
GetOEMCP
GetUserDefaultLangID
GetModuleHandleExW
FreeLibraryAndExitThread
InterlockedDecrement
ResetEvent
DeviceIoControl
GetModuleHandleW
UnhandledExceptionFilter
TerminateProcess
CreateFileW
SetEvent
Sleep
CloseHandle
GetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoA
DeleteFileW
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
WaitForSingleObject
ReleaseMutex
WriteFile
GetFileAttributesW
GetPrivateProfileStringW
WideCharToMultiByte
GetModuleFileNameW
GetProcAddress
FreeLibrary
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSection
GetConsoleCP
GetFullPathNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
SleepEx
GetVersionExA
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryW
GetSystemDirectoryA
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
GetCPInfo
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
ExitThread
FindFirstFileA
GetDriveTypeA
GetCommandLineA
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
lstrlenA
CreateEventW
FileTimeToSystemTime
FindClose
IsDebuggerPresent
GetTickCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
OutputDebugStringW
FormatMessageW
SetLastError
LocalFree
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter

user32

PostQuitMessage
SetForegroundWindow
SetFocus
CheckDlgButton
SendMessageW
GetDlgItem
SetDlgItemTextW
SetWindowTextW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongW
GetWindowLongW
ShowWindow
IsDialogMessageW
CallNextHookEx
GetDesktopWindow
PostMessageW
PostThreadMessageW
wsprintfW
CreateDialogParamW
GetDlgItemTextW

advapi32

RegNotifyChangeKeyValue
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysAllocString
GetErrorInfo

shlwapi

PathRemoveFileSpecW
PathCombineW
StrStrIW
PathFileExistsW

rasapi32

RasGetConnectStatusW
RasEnumConnectionsW

ws2_32

ntohs
ioctlsocket
getaddrinfo
freeaddrinfo
select
inet_ntoa
gethostbyname
gethostname
WSACleanup
WSAStartup
WSAGetLastError
recv
setsockopt
getsockname
send
bind
htons
getsockopt
getpeername
closesocket
socket
connect
WSASetLastError
__WSAFDIsSet

iphlpapi

GetNetworkParams

Exports

Exports

HttpCancel
HttpCreateDownloadObj
HttpDeleteDownloadObj
HttpDownload
HttpDownloadExA
HttpDownloadExW
HttpGetAllPeer
HttpGetConnectState
HttpGetContentLength
HttpGetCurrentSpeed
HttpGetLastError
HttpGetLastErrorA
HttpGetLastErrorW
HttpGetMD5
HttpGetReceivedLength
HttpGetResumedLength
HttpGetState
HttpGetStateA
HttpGetStateW
HttpInitDownPara
HttpResetAll
HttpWait
InitHttp
UnInitHttp

Sections

.text
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/CleanPlus.dll
.dll windows:6 windows x86 arch:x86

4847357924d053b50b4012f49c0ef8e2

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:55:e6:3d:4a:03:f4:c7:16:53:fe:5e:bc:9e:b1:41:7f:04:b0:cd
Signer

Actual PE Digest

e1:55:e6:3d:4a:03:f4:c7:16:53:fe:5e:bc:9e:b1:41:7f:04:b0:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\52931\out\Release\CleanPlus.pdb

Imports

kernel32

ReadFile
CreateMutexW
GetSystemDirectoryW
Sleep
GetFileInformationByHandleEx
GetProcAddress
LoadLibraryW
GetSystemTimeAsFileTime
LoadLibraryExW
FreeLibrary
FreeResource
GetModuleFileNameW
GetModuleHandleW
CreateEventW
FindFirstFileW
GetFileInformationByHandle
FindNextFileW
FindClose
WideCharToMultiByte
SetFilePointer
WriteFile
CreateFileW
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
InterlockedExchange
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
LoadLibraryExA
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetWindowsDirectoryW
OutputDebugStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetCommandLineA
GetCurrentThreadId
RtlUnwind
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
GetFileType
GetStartupInfoW

advapi32

GetSecurityDescriptorControl
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSid
InitializeAcl
AddAce
GetAclInformation
RegLoadKeyW
RegOpenKeyExW
RegDeleteTreeW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid

ole32

CoInitialize
CoInitializeEx
CoCreateInstance
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString

shlwapi

StrCpyW
ord437
StrCmpNW
StrCmpW
PathIsDirectoryW
StrStrW
StrCmpNIW
StrRChrW
StrStrA
StrStrIA
StrCmpIW

ntdll

RtlAdjustPrivilege
NtSetInformationFile

version

VerQueryValueW

setupapi

SetupDiGetClassDescriptionW

drvstore

DriverPackageGetVersionInfoW
DriverStoreFindW
DriverPackageOpenW
DriverStoreOpenW
DriverStoreUnreflectCriticalW
DriverStoreDeleteW
DriverStoreClose
DriverPackageClose

Exports

Exports

CreateCache
CreateObjectGUID

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/CleanPlus.exe
.exe windows:5 windows x86 arch:x86

a7073e612173245858c783615e9e929f

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:3f:88:20:23:3b:78:f2:e4:59:f1:39:0c:59:a2:b3:ab:05:81:3d
Signer

Actual PE Digest

ff:3f:88:20:23:3b:78:f2:e4:59:f1:39:0c:59:a2:b3:ab:05:81:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\52826\out\Release\CleanPlus.pdb

Imports

kernel32

MulDiv
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
MultiByteToWideChar
lstrcmpiW
WideCharToMultiByte
FreeConsole
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemInfo
GetVersionExW
GetTempPathW
CreateRemoteThread
CreateDirectoryW
GetWindowsDirectoryW
GlobalFree
OpenProcess
GetPrivateProfileStringW
CreateProcessW
GetTimeZoneInformation
GetModuleHandleA
ReadFile
LocalAlloc
GetSystemPowerStatus
InterlockedCompareExchange
SetUnhandledExceptionFilter
ExitProcess
IsBadReadPtr
VirtualProtect
ProcessIdToSessionId
lstrcmpiA
lstrlenA
GetFileSizeEx
GetUserDefaultUILanguage
SetCurrentDirectoryW
GetFileAttributesExW
lstrcmpW
lstrlenW
WaitForSingleObject
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetCurrentProcess
FlushInstructionCache
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
RaiseException
LocalFileTimeToFileTime
SystemTimeToFileTime
FindResourceExW
FlushFileBuffers
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
SetEvent
LoadLibraryA
TerminateProcess
ReleaseMutex
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryExW
FreeLibrary
InterlockedDecrement
GetFileSize
SetFilePointer
GetProcessTimes
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
WriteFile
lstrcmpA
GetVersion
DeleteCriticalSection
CreateThread
LoadLibraryW
GetProcAddress
LocalFree
GetLocalTime
GetDiskFreeSpaceExW
CreateFileW
DeviceIoControl
CreateMutexW
SuspendThread
CloseHandle
GetCurrentThreadId
GetTickCount
InterlockedExchange
GetModuleFileNameW
GetLastError
CreateEventW
DeleteFileW
TerminateThread

user32

GetSystemMetrics
LoadImageW
PostQuitMessage
PostMessageW
ScreenToClient
GetMessagePos
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
SetWindowPos
UnregisterClassA
LoadStringW
ShowWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
DefWindowProcW
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
CopyRect
PeekMessageW
DestroyWindow
SendMessageW
SetWindowTextW
SetTimer
KillTimer
IsDialogMessageW
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
GetParent
SetWindowLongW
CreateWindowExW
CallWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
GetWindowTextW
GetWindowTextLengthW
PostThreadMessageW
DestroyAcceleratorTable
GetSysColor
DrawTextW
OffsetRect
PtInRect
GetClassLongW
SetClassLongW
IsWindowVisible
SendMessageTimeoutW
EnableWindow
WaitForInputIdle
GetActiveWindow
MessageBoxW
SetWindowRgn
UpdateWindow
SystemParametersInfoW
LoadIconW
WindowFromPoint
AllowSetForegroundWindow
SetActiveWindow
GetKeyboardState
keybd_event
MonitorFromPoint
EnumDisplaySettingsW
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ClientToScreen
MoveWindow
CreateAcceleratorTableW
GetDC
ReleaseDC
GetDesktopWindow
CharNextW
GetClassNameW
RedrawWindow
IsWindow
BeginPaint
FillRect
EndPaint
IsChild
SetFocus
GetFocus

gdi32

CreatePolygonRgn
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
GetTextMetricsW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateFontIndirectW
GetTextExtentPoint32W
SetViewportOrgEx
DeleteObject

advapi32

DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetSidSubAuthority
RegOpenKeyW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA

shell32

SHGetFolderPathW
CommandLineToArgvW
ord680
SHGetSpecialFolderPathW
ExtractIconExW
ord165
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
CoInitialize
OleLockRunning
CoTaskMemFree
OleInitialize
CoTaskMemRealloc
OleUninitialize
CoUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
SafeArrayCopy
VarBstrCmp
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SafeArrayGetVartype
VariantClear
OleCreateFontIndirect
SysStringByteLen
VariantCopy
SafeArrayUnlock
DispCallFunc
VariantInit
SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString
SysAllocStringByteLen

urlmon

URLDownloadToCacheFileW

shlwapi

SHSetValueA
SHGetValueA
PathUnquoteSpacesW
PathCompactPathW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathFindFileNameW
PathAppendW
ord437
PathIsDirectoryW
SHGetValueW
PathStripToRootW
StrCmpNIW
PathStripPathW
StrStrIW
SHSetValueW
StrStrIA

comctl32

InitCommonControlsEx

gdiplus

GdipCreateBitmapFromFile
GdipFree
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EmptyWorkingSet

wininet

InternetQueryOptionW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/CleanPlus64.dll
.dll windows:6 windows x64 arch:x64

c1ded4103f14f8895a4ecdc9a72fa220

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:cd:ee:70:9e:1e:2c:0c:dc:6a:ce:84:56:23:68:8f:d4:28:6a:79
Signer

Actual PE Digest

5d:cd:ee:70:9e:1e:2c:0c:dc:6a:ce:84:56:23:68:8f:d4:28:6a:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\52930\out\Release\CleanPlus64.pdb

Imports

kernel32

ReadFile
CreateMutexW
GetSystemDirectoryW
Sleep
GetFileInformationByHandleEx
GetProcAddress
LoadLibraryW
GetSystemTimeAsFileTime
LoadLibraryExW
FreeLibrary
FreeResource
GetModuleFileNameW
GetModuleHandleW
CreateEventW
FindFirstFileW
GetFileInformationByHandle
FindNextFileW
FindClose
WideCharToMultiByte
SetFilePointer
WriteFile
CreateFileW
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
LoadLibraryExA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetWindowsDirectoryW
OutputDebugStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter

advapi32

GetSecurityDescriptorSacl
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSid
InitializeAcl
AddAce
GetAclInformation
RegLoadKeyW
RegOpenKeyExW
RegDeleteTreeW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid

ole32

CoInitialize
CoInitializeEx
CoCreateInstance
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString

shlwapi

StrCpyW
StrCmpNW
StrCmpW
PathIsDirectoryW
StrStrW
StrCmpNIW
StrRChrW
StrStrA
StrStrIA
StrCmpIW

ntdll

RtlAdjustPrivilege
NtSetInformationFile

version

VerQueryValueW

setupapi

SetupDiGetClassDescriptionW

drvstore

DriverPackageGetVersionInfoW
DriverStoreFindW
DriverPackageOpenW
DriverStoreOpenW
DriverStoreUnreflectCriticalW
DriverStoreDeleteW
DriverStoreClose
DriverPackageClose

Exports

Exports

CreateCache
CreateObjectGUID

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/CleanPlus64.exe
.exe windows:5 windows x64 arch:x64

544a9fc4b7c5c60be7a5fa65f335bb0a

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a9:ee:3f:91:8a:01:15:95:b1:63:aa:ca:26:91:fa:c0:9a:7e:de:0a
Signer

Actual PE Digest

a9:ee:3f:91:8a:01:15:95:b1:63:aa:ca:26:91:fa:c0:9a:7e:de:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\vmagent_new\bin\joblist\52825\out\Release\CleanPlus64.pdb

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
MultiByteToWideChar
lstrcmpiW
WideCharToMultiByte
FreeConsole
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemInfo
GetVersionExW
GetTempPathW
CreateRemoteThread
CreateDirectoryW
GetWindowsDirectoryW
GlobalFree
OpenProcess
GetPrivateProfileStringW
CreateProcessW
GetTimeZoneInformation
GetModuleHandleA
ReadFile
LocalAlloc
GetSystemPowerStatus
SetUnhandledExceptionFilter
ExitProcess
IsBadReadPtr
VirtualProtect
ProcessIdToSessionId
lstrcmpiA
lstrlenA
GetFileSizeEx
GetUserDefaultUILanguage
SetCurrentDirectoryW
GetFileAttributesExW
GetCurrentProcessId
EnterCriticalSection
MulDiv
WriteFile
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
TlsFree
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
GetCurrentProcess
SystemTimeToFileTime
lstrcmpA
lstrcmpW
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetSystemTimeAsFileTime
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
RtlPcToFileHeader
ExitThread
RtlUnwindEx
RtlLookupFunctionEntry
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
lstrlenW
WaitForSingleObject
Sleep
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryExW
FreeLibrary
GetFileSize
SetFilePointer
GetProcessTimes
FileTimeToLocalFileTime
FlushFileBuffers
FileTimeToSystemTime
FlushInstructionCache
RaiseException
DeleteCriticalSection
CreateThread
LoadLibraryW
GetProcAddress
LocalFree
GetLocalTime
GetDiskFreeSpaceExW
CreateFileW
DeviceIoControl
CreateMutexW
SuspendThread
CloseHandle
GetCurrentThreadId
GetTickCount
GetModuleFileNameW
LocalFileTimeToFileTime
CreateEventW
DeleteFileW
TerminateThread
ReleaseMutex
TerminateProcess
LoadLibraryA
SetEvent
HeapFree
InterlockedPushEntrySList
GetLastError

user32

SetCapture
LoadImageW
GetSystemMetrics
PostQuitMessage
PostMessageW
ScreenToClient
GetMessagePos
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
SetWindowPos
UnregisterClassA
LoadStringW
ShowWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
DefWindowProcW
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
CopyRect
PeekMessageW
DestroyWindow
SendMessageW
SetWindowTextW
SetTimer
KillTimer
IsDialogMessageW
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
GetParent
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
CallWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
SetWindowLongW
GetWindowTextW
GetWindowTextLengthW
DrawTextW
OffsetRect
PtInRect
GetClassLongPtrW
SetClassLongPtrW
IsWindowVisible
SendMessageTimeoutW
EnableWindow
WaitForInputIdle
GetActiveWindow
MessageBoxW
SetWindowRgn
UpdateWindow
SystemParametersInfoW
PostThreadMessageW
WindowFromPoint
AllowSetForegroundWindow
SetActiveWindow
GetKeyboardState
keybd_event
MonitorFromPoint
EnumDisplaySettingsW
GetDlgItem
InvalidateRgn
InvalidateRect
LoadIconW
ReleaseCapture
ClientToScreen
MoveWindow
CreateAcceleratorTableW
GetDC
ReleaseDC
GetDesktopWindow
CharNextW
GetClassNameW
RedrawWindow
IsWindow
BeginPaint
FillRect
EndPaint
IsChild
SetFocus
GetFocus
GetSysColor
DestroyAcceleratorTable

gdi32

SetViewportOrgEx
GetTextMetricsW
CreatePolygonRgn
GetStockObject
GetObjectW
GetDeviceCaps
GetTextExtentPoint32W
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateFontIndirectW
CreateSolidBrush

advapi32

GetSidSubAuthority
DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExA
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExA

shell32

ord680
SHGetSpecialFolderPathW
ExtractIconExW
CommandLineToArgvW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW
SHGetFolderPathW
ord165

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
CoInitialize
OleInitialize
OleUninitialize

oleaut32

VariantCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
DispCallFunc
VariantInit
SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VarBstrCmp
SafeArrayCopy
SafeArrayGetVartype
SafeArrayCreate
SafeArrayDestroy

urlmon

URLDownloadToCacheFileW

shlwapi

PathFindFileNameW
PathAppendW
PathIsDirectoryW
SHGetValueW
PathStripToRootW
StrCmpNIW
PathStripPathW
StrStrIW
SHSetValueW
StrStrIA
PathCompactPathW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathCombineW
SHGetValueA
SHSetValueA
PathFileExistsW

comctl32

InitCommonControlsEx

gdiplus

GdipDrawImageRectI
GdipSaveImageToFile
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EmptyWorkingSet

wininet

InternetQueryOptionW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 785KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/LiveUpd360.dll
.dll windows:5 windows x86 arch:x86

82b20c0a47d30b2dcad487f33d496430

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:78:a8:f7:04:e5:3d:fd:e9:22:be:c7:83:60:ed:03:58:ed:73:89
Signer

Actual PE Digest

89:78:a8:f7:04:e5:3d:fd:e9:22:be:c7:83:60:ed:03:58:ed:73:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\53863\out\Release_i18n\release\LiveUpd360_EN.pdb

Imports

kernel32

LeaveCriticalSection
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
LoadLibraryW
GetCurrentProcessId
CreateFileW
DeviceIoControl
CloseHandle
EnterCriticalSection
GetModuleFileNameW
lstrlenA
lstrcmpiA
lstrcmpA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
Sleep
WaitForSingleObject
GetFileAttributesW
RaiseException
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetLastError
GetTickCount
SetEvent
CreateEventW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleExW
FreeLibraryAndExitThread
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
CreateMutexW
SetWaitableTimer
CreateWaitableTimerW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLocalTime
CreateThread
DeleteFileW
SetFilePointer
SetEndOfFile
WriteFile
GetFileSizeEx
FindClose
FindFirstFileW
MoveFileW
MoveFileExW
ReadFile
InterlockedIncrement
InterlockedDecrement
CopyFileW
GetLongPathNameW
GetVersionExW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetFileSize
FlushFileBuffers
GetFileAttributesExW
MulDiv
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
OutputDebugStringW
FormatMessageW
SetLastError
LocalFree
GetSystemTime
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
RtlUnwind
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
LCMapStringW
VirtualAlloc
LCMapStringA
GetModuleHandleA
GetStringTypeA

user32

RegisterClassW
IsWindow
DispatchMessageW
GetMessageW
TranslateMessage
CreateWindowExW
PostThreadMessageW
DestroyWindow
SendMessageTimeoutW
FindWindowExW
MessageBoxW
DefWindowProcW
UnregisterClassW

shlwapi

SHGetValueA
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
SHGetValueW
wvnsprintfW
SHSetValueA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

inet_addr
WSACleanup
WSAStartup
sendto
htons
recvfrom
WSAWaitForMultipleEvents
WSAGetLastError
gethostbyname
closesocket
WSAEventSelect
ntohs
socket
WSAIoctl
setsockopt
htonl
bind
gethostname

netapi32

Netbios

advapi32

RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExW
RegEnumKeyExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW

ole32

CLSIDFromString

Exports

Exports

PPClose
PPCloseHandle
PPDownload
PPGetConfig
PPInit
PPQueryTask
PPQueryTaskEx
PPRemoveTask
PPRestart
PPSetConfig
PPStartTask
PPStartTaskEx
PPStopSeed
PPStopTask
StartLan
StopLan
_EnableP2P
_GetLanupTasks
_GetProductLst
_GetTasks
_IsStopped
_P2SPCancelCheckProxy
_P2SPCheckProxy
_P2SPCheckProxyEx
_P2SPSetOption
_P2SPUpdateRegInfo
_PPQueryIPPort
_PPQueryProduct
_PPQueryTask2
_PPQueryTask3
_PPSetLocalLog
_Run
_SetKeep
_SetKeepEx
_SetLocalLog
_StartRun
_StopRun
__PPSetModulePath2

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/PDown.dll
.dll windows:5 windows x86 arch:x86

8b29c71233141e1c912a10b8a268fa9f

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:b7:2d:4f:50:51:4f:93:fb:e0:28:65:99:e1:93:0f:e9:40:ef:9d
Signer

Actual PE Digest

a0:b7:2d:4f:50:51:4f:93:fb:e0:28:65:99:e1:93:0f:e9:40:ef:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\53863\out\Release_i18n\Release\PDown_EN.pdb

Imports

kernel32

CreateFileW
GetLastError
SetEvent
GetModuleFileNameW
MoveFileW
DeleteFileW
WriteFile
MoveFileExW
ReadFile
GetTickCount
GetPrivateProfileIntW
GetSystemInfo
GlobalMemoryStatusEx
GetModuleHandleExW
FreeLibraryAndExitThread
WaitForSingleObject
LoadLibraryW
GetCurrentProcessId
GetProcAddress
FreeLibrary
CreateProcessW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
OpenProcess
InterlockedDecrement
InterlockedIncrement
SetFilePointer
SetEndOfFile
ReleaseMutex
CreateMutexW
GetLocalTime
CopyFileW
DeviceIoControl
GetModuleHandleW
Sleep
FlushFileBuffers
WriteConsoleW
GetFileSizeEx
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
CloseHandle
CreateEventW
FindFirstFileW
FindClose
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
VirtualAlloc
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
WideCharToMultiByte
LCMapStringA
ExitProcess
LCMapStringW
InitializeCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
HeapReAlloc
GetCommandLineA
CreateThread
DeleteCriticalSection
GetConsoleOutputCP
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
OutputDebugStringW
FormatMessageW
MultiByteToWideChar
SetLastError
GetCurrentThreadId
LocalFree
GetSystemTime
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread

user32

MessageBoxW
GetWindowThreadProcessId
SendMessageTimeoutW
PostThreadMessageW
DestroyWindow
DispatchMessageW
WaitForInputIdle
GetMessageW
CreateWindowExW
DefWindowProcW
UnregisterClassW
RegisterClassW
FindWindowW
IsWindow
TranslateMessage

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CLSIDFromProgID
CoUninitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

PathCombineW
PathRemoveFileSpecW
wvnsprintfW
PathFileExistsW

ws2_32

sendto
WSAStartup
ntohs
WSACleanup
gethostbyname
WSAGetLastError
recvfrom
WSAWaitForMultipleEvents
closesocket
WSAEventSelect
socket
bind
htons
htonl
setsockopt
WSAIoctl

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

PPClose
PPCloseHandle
PPDownload
PPGetConfig
PPInit
PPInit2
PPQueryTask
PPQueryTaskEx
PPRemoveTask
PPRestart
PPSetConfig
PPSetOption
PPStartTask
PPStartTaskEx
PPStopTask
StartLan
StopLan

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/PatchUp.exe
.exe windows:5 windows x86 arch:x86

864820bf204175011c59d71ef53b3ce6

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:61:7f:46:40:19:89:e9:57:26:cb:77:53:be:76:f2:74:54:c7:d9
Signer

Actual PE Digest

d7:61:7f:46:40:19:89:e9:57:26:cb:77:53:be:76:f2:74:54:c7:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\49861\out\Release\PatchUp.pdb

Imports

kernel32

ProcessIdToSessionId
lstrcmpW
lstrlenW
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
InterlockedIncrement
CreateEventW
GetLongPathNameW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
TerminateProcess
ReleaseMutex
SystemTimeToTzSpecificLocalTime
DeleteFileW
SetFilePointer
GetFileSize
SetEvent
SetPriorityClass
GetFileSizeEx
lstrlenA
lstrcmpiA
WriteFile
DeviceIoControl
SetCurrentDirectoryW
GetUserDefaultUILanguage
GetFileType
InterlockedCompareExchange
Sleep
GetModuleFileNameW
GetSystemInfo
GetVersionExW
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
SetFilePointerEx
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
FormatMessageW
OutputDebugStringW
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetStringTypeA
VirtualProtect
GetLocaleInfoA
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
HeapCreate
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
ExitThread
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
TerminateThread
ExitProcess
SetUnhandledExceptionFilter
GetLocalTime
GetProcAddress
FreeConsole
GetCurrentProcessId
GetModuleHandleW
WideCharToMultiByte
SetLastError
RaiseException
MultiByteToWideChar
GetTickCount
FindResourceExW
FindResourceW
LocalAlloc
ReadFile
CreateFileW
FileTimeToSystemTime
GetModuleHandleA
GetTimeZoneInformation
CreateProcessW
LocalFree
GetPrivateProfileStringW
GlobalFree
CreateMutexW
WaitForSingleObject
GetVersion
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
CloseHandle
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetLastError
GetConsoleOutputCP

user32

DispatchMessageW
RegisterClassExW
GetClassInfoExW
GetMessageW
PostMessageW
DestroyWindow
PostThreadMessageW
LoadStringW
UnregisterClassA
IsWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SetClassLongW
OffsetRect
GetKeyState
InflateRect
IsWindowEnabled
HideCaret
SetCursor
GetDlgCtrlID
SetScrollPos
GetClassLongW
InsertMenuItemW
LoadCursorW
CreateWindowExW
MonitorFromPoint
GetMonitorInfoW
AllowSetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetActiveWindow
SetFocus
GetKeyboardState
keybd_event
GetWindowRect
GetDesktopWindow
FindWindowW
SetWindowPos
SystemParametersInfoW
SendMessageW
InvalidateRect
UpdateWindow
MessageBoxW
GetActiveWindow
RegisterWindowMessageW
GetClientRect
GetParent
GetWindow
ScreenToClient
CharNextW
PeekMessageW
DestroyAcceleratorTable
ReleaseDC
GetDC
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ClientToScreen
CreateAcceleratorTableW
RedrawWindow
GetSysColor
GetScrollInfo
SetScrollInfo
GetClassNameW
GetDlgItem
GetFocus
IsChild
EndPaint
TrackPopupMenu
DestroyMenu
DrawTextW
TranslateMessage
CreatePopupMenu
GetCursorPos
SwitchToThisWindow
BringWindowToTop
PostQuitMessage
LoadImageW
SetTimer
KillTimer
GetSystemMetrics
ShowWindow
EnableWindow
PtInRect
CopyRect
GetMessagePos
IsWindowVisible
MonitorFromWindow
MapWindowPoints
IsDialogMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint

gdi32

SetViewportOrgEx
GetTextMetricsW
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkColor
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
SetTextColor
GetObjectA
GetTextExtentPoint32W
DeleteObject

advapi32

CloseServiceHandle
RegEnumKeyExW
GetSidSubAuthority
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyW
RegQueryInfoKeyW
RegDeleteValueW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
LookupAccountNameW
GetUserNameW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
RegDeleteKeyW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA

shell32

ord165
SHGetFolderPathW
ord680
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteW
SHGetDiskFreeSpaceExW
CommandLineToArgvW
SHBrowseForFolderW

ole32

CoTaskMemFree
RevokeDragDrop
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarBstrCmp
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString

urlmon

URLDownloadToCacheFileW

shlwapi

SHSetValueW
SHGetValueW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathAppendW
StrCmpNIW
ord437
PathStripPathW
StrStrIW
SHDeleteValueW
StrStrIA
PathCompactPathW
SHGetValueA
PathRemoveFileSpecW
PathCombineW
SHSetValueA

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipFillRectangleI
GdipSetPixelOffsetMode
GdipSetClipRectI
GdipDrawString
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipFillRectangle
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangle
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromStream
GdipFree
GdipMeasureString
GdipSetSmoothingMode

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios

Sections

.text
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/Sites64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

5bd748939bb109de7042dbca8b57393d

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:8f:7f:d1:3c:e9:3c:a8:a7:db:86:07:c4:7c:1b:23:6b:a4:d1:3b
Signer

Actual PE Digest

76:8f:7f:d1:3c:e9:3c:a8:a7:db:86:07:c4:7c:1b:23:6b:a4:d1:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\vmagent_new\bin\joblist\52532\out\Release\sites64.pdb

Imports

gdiplus

GdipGetImageHeight
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateFromHDC
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipCloneBitmapAreaI
GdipGetPageScale
GdipSetPageScale
GdipSetPageUnit
GdipGetInterpolationMode
GdipGetTextRenderingHint
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipGetCompositingMode
GdipSetCompositingMode
GdipGetPathData
GdipGetDpiY
GdipGetImageWidth
GdipCreatePen1
GdipGetPointCount
GdipAddPathBezierI
GdipAddPathStringI
GdipSetPenLineJoin
GdipCreateBitmapFromHBITMAP
GdipDrawImagePointsI
GdipGetFontSize
GdipGetFamily
GdipCreateFontFromLogfontW
GdipMeasureString
GdipFillRectangle
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipDeleteFontFamily
GdipGetSolidFillColor
GdipCreateRegionRectI
GdipFillRegion
GdipCombineRegionPath
GdipDeleteRegion
GdipSetLineWrapMode
GdipDeleteGraphics
GdipGetDpiX
GdipDeletePen
GdipGetPixelOffsetMode
GdipDrawLineI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipGetPageUnit
GdipCreateStringFormat
GdipAddPathLine2I
GdipSetPenColor
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipAddPathPieI
GdipAddPathEllipseI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateHBITMAPFromBitmap
GdipSetLineBlend
GdipReleaseDC
GdipGetDC
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipSetPathGradientFocusScales
GdipCreatePen2
GdipDrawImageRectRect
GdipDrawImageI
GdipSetImageAttributesColorMatrix
GdipRestoreGraphics
GdipSaveGraphics
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipCloneImage
GdipResetClip
GdipSetClipPath
GdipDrawImagePointRectI
GdipFillPath
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipCreateLineBrushFromRectWithAngleI
GdipSetImageAttributesGamma
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipDisposeImage
GdipGetPathWorldBounds
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipSetLinePresetBlend
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdipDrawPath
GdipDeletePath
GdipCreatePath
GdipFillPolygonI
GdipCloneBrush
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillEllipseI
GdipFillRectangleI
GdipDrawEllipseI
GdipDrawRectangleI

imm32

ImmReleaseContext
ImmDisableIME

kernel32

TlsSetValue
TlsGetValue
CreateMutexW
GetSystemTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
InterlockedPopEntrySList
VirtualFree
HeapAlloc
InterlockedPushEntrySList
DeleteAtom
TlsFree
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
ExitProcess
GetAtomNameW
CreateThread
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
FlsSetValue
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
HeapReAlloc
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
AddAtomW
ReleaseMutex
TlsAlloc
ExitThread
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
lstrlenA
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
MulDiv
LoadLibraryW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
GetLongPathNameW
GetCurrentProcessId
FindNextFileW
FindClose
GetVersionExW
GetFullPathNameW
FindFirstFileW
GetCurrentDirectoryW
GlobalFree
GlobalAlloc
CloseHandle
ReadFile
GetFileSizeEx
CreateFileW
GetTickCount
GlobalUnlock
GlobalLock
FreeResource
LockResource
GetSystemInfo
GlobalMemoryStatusEx
QueryPerformanceFrequency
WideCharToMultiByte
DeviceIoControl
SetThreadLocale
GetThreadLocale
GetPrivateProfileStringW
WriteFile
WaitForSingleObject
Sleep
FlushFileBuffers
LocalFree
GetFileTime
VirtualAlloc
VirtualQuery
OpenThread
VirtualProtect
HeapFree
GetProcessHeap
GetConsoleMode
SetHandleCount
GetStartupInfoA
SetFilePointer
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
FindAtomW

user32

GetSystemMetrics
GetIconInfo
IsIconic
RegisterWindowMessageW
SetWindowRgn
UpdateLayeredWindow
FrameRect
DestroyCursor
GetDCEx
GetSysColor
EnableScrollBar
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ScrollWindowEx
CloseClipboard
GetClipboardData
OpenClipboard
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
EnableWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
PrintWindow
EnumChildWindows
GetWindowTextW
GetWindow
SendMessageTimeoutW
GetDesktopWindow
SendNotifyMessageW
GetCursor
wsprintfW
GetWindowRect
SetWindowPos
GetAsyncKeyState
GetActiveWindow
GetParent
GetCursorPos
ScreenToClient
LoadCursorW
SetCursor
InflateRect
CopyRect
PtInRect
IsRectEmpty
IsWindow
DrawTextW
GetDC
ReleaseDC
CharLowerW
GetWindowLongPtrW
DefWindowProcW
SetWindowLongPtrW
CallWindowProcW
LoadStringW
SetRect
CharNextW
SetCapture
KillTimer
SetTimer
RedrawWindow
GetClientRect
MoveWindow
IsZoomed
PostMessageW
SendMessageW
UnhookWindowsHookEx
GetFocus
WindowFromPoint
GetCapture
IsWindowEnabled
GetWindowThreadProcessId
CallNextHookEx
SetLayeredWindowAttributes
RegisterClipboardFormatW
UnionRect
GetClassNameW
GetClassInfoW
SetWindowsHookExW
GetKeyState
ReleaseCapture
CharUpperW
DrawFocusRect
FillRect
DrawIconEx
SystemParametersInfoW
FindWindowW
OffsetRect
DestroyWindow
SetRectEmpty
EndPaint
BeginPaint
UpdateWindow
UnregisterClassA
MessageBoxW
GetWindowRgn
InvalidateRect
IntersectRect
EqualRect
RegisterClassExW
CreateWindowExW
SetFocus
GetClassInfoExW
GetWindowLongW
SetWindowLongW
IsWindowVisible
ShowWindow
SetWindowTextW
ClientToScreen

gdi32

LineTo
CreateDIBSection
GetCurrentObject
ExtTextOutW
SetBkColor
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateRectRgn
GetRgnBox
SetWindowOrgEx
FrameRgn
Rectangle
CreateSolidBrush
GetStockObject
Polygon
SelectClipRgn
OffsetClipRgn
CreateRectRgnIndirect
MoveToEx
GetObjectA
CreateFontW
EnumFontFamiliesW
CombineRgn
PatBlt
SetRectRgn
CreatePatternBrush
CreateBitmap
CreateFontIndirectW
GetTextMetricsW
GetDIBits
SetDIBits
GetTextExtentPoint32W
GetTextColor
GetPath
EndPath
TextOutW
BeginPath
CreatePen
SetDIBColorTable
StretchBlt
SetStretchBltMode
SetTextColor
SetBkMode
GetObjectW
GetDeviceCaps
DeleteDC
SelectObject
CreateCompatibleDC
GetClipBox
DeleteObject

advapi32

RegQueryValueExW
RegQueryValueExA
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
ReleaseStgMedium
CoCreateInstance
CreateStreamOnHGlobal
IIDFromString
CLSIDFromString
RevokeDragDrop
DoDragDrop
OleDuplicateData
RegisterDragDrop
OleInitialize

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VarUI4FromStr
VariantChangeType
DispCallFunc
SafeArrayGetVartype
SafeArrayCopy
SysAllocStringLen
VariantInit
SysFreeString
VariantCopy
VarBstrCmp
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString

shlwapi

StrStrIW
PathRemoveExtensionW
SHGetValueW
PathIsDirectoryW
StrToInt64ExW
PathRelativePathToW
StrToIntW
ColorRGBToHLS
ColorHLSToRGB
PathFindFileNameW
PathIsRelativeW
PathCombineW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveBackslashW
StrCmpIW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeGetDevCaps

Exports

Exports

CreateMemoryFile
CreateShadowEdgeInstance
CreateXMLDOMDocument
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetFactory
GetFileDataFromStorage
GetFileLengthFromStorage
GetFileLengthFromStorageEx
GetFontCharset
GetMainThreadClub
GetPerformanceEvaluation
IsDesignerMode
SetDefaultResourceInfo
SetDesignerMode
SetFontCharset
SmartDisableIME
UninitMainThreadClub

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/SystemCompact.exe
.exe windows:5 windows x86 arch:x86

153b9978db937e9c517b3d2a64a77d80

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:d6:56:cb:ad:0f:f0:6d:94:89:ac:e2:87:2b:a4:96:16:86:d0:7d
Signer

Actual PE Digest

c5:d6:56:cb:ad:0f:f0:6d:94:89:ac:e2:87:2b:a4:96:16:86:d0:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\55364\out\Release\SystemCompact.pdb

Imports

kernel32

GetLastError
CreateMutexW
Sleep
GlobalFree
OpenProcess
GetPrivateProfileStringW
LocalFree
CreateProcessW
SetLastError
GetTimeZoneInformation
GetModuleHandleA
LoadLibraryW
FileTimeToSystemTime
ReadFile
CreateFileW
LocalAlloc
GetSystemPowerStatus
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
InitializeCriticalSection
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteCriticalSection
FreeResource
LoadLibraryExW
GetDiskFreeSpaceExW
GetPrivateProfileSectionW
GetFileInformationByHandle
DeviceIoControl
GetFileInformationByHandleEx
FindClose
FindNextFileW
GetSystemTimeAsFileTime
FindFirstFileW
lstrcmpA
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileAttributesW
ExpandEnvironmentStringsW
CopyFileW
Wow64EnableWow64FsRedirection
GetFileSizeEx
WriteFile
GetLocalTime
FileTimeToLocalFileTime
GetProcessTimes
SetFilePointer
GetFileSize
InterlockedDecrement
SetUnhandledExceptionFilter
ExitProcess
VirtualProtect
ProcessIdToSessionId
lstrlenW
lstrcmpiW
lstrcmpiA
lstrlenA
GlobalAlloc
InterlockedExchange
SuspendThread
InterlockedCompareExchange64
CreateThread
RaiseException
FlushInstructionCache
GlobalUnlock
GlobalLock
lstrcmpW
MulDiv
InterlockedIncrement
GetFileAttributesExW
GetUserDefaultUILanguage
SetCurrentDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
GetCurrentProcess
CreateRemoteThread
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetConsoleCtrlHandler
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
MoveFileW
GetStartupInfoW
ExitThread
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
WritePrivateProfileStringW
SetEvent
GetSystemDefaultUILanguage
GetSystemDirectoryW
WTSGetActiveConsoleSessionId
TerminateProcess
ReleaseMutex
OpenMutexW
TerminateThread
DeleteFileW
CreateEventW
LoadLibraryA
WaitForSingleObject
GetVersion
GetTempPathW
GetTickCount
GetModuleFileNameW
GetVersionExW
GetSystemInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
FreeConsole
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte

user32

AllowSetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
SetFocus
GetKeyboardState
keybd_event
LoadStringW
UnregisterClassA
SetForegroundWindow
MonitorFromPoint
GetMonitorInfoW
EnumDisplaySettingsW
WindowFromPoint
GetWindowRect
GetDesktopWindow
FindWindowW
SetWindowPos
IsWindow
LoadIconW
GetWindowLongW
SystemParametersInfoW
UpdateWindow
InvalidateRect
SetWindowRgn
SendMessageW
MessageBoxW
GetActiveWindow
WaitForInputIdle
PostMessageW
CopyRect
EnableWindow
GetParent
SendMessageTimeoutW
ScreenToClient
GetMessagePos
IsWindowVisible
SetClassLongW
GetClassLongW
ReleaseDC
GetDC
PtInRect
OffsetRect
GetClientRect
DefWindowProcW
PostThreadMessageW
SetWindowLongW
CallWindowProcW
LoadImageW
GetSystemMetrics
PostQuitMessage
SwitchToThisWindow
BringWindowToTop
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
PeekMessageW
DestroyWindow
SetWindowTextW
SetTimer
KillTimer
IsDialogMessageW
MapWindowPoints
DrawTextW
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
ClientToScreen
MoveWindow
CreateAcceleratorTableW
CharNextW
GetClassNameW
RedrawWindow
BeginPaint
FillRect
EndPaint
IsChild
GetFocus
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthW
GetWindowTextW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindow
MonitorFromWindow

gdi32

CreateCompatibleBitmap
SetViewportOrgEx
CreateCompatibleDC
DeleteDC
DeleteObject
GetStockObject
GetObjectW
GetTextMetricsW
CreatePolygonRgn
CreateSolidBrush
BitBlt
CreateFontIndirectW
CreateDIBSection
GetDeviceCaps
GetTextExtentPoint32W
SelectObject

shell32

CommandLineToArgvW
ord165
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
ord680
ExtractIconExW
SHGetSpecialFolderPathW
SHGetFolderPathW
Shell_NotifyIconW

ole32

CoTaskMemRealloc
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
OleInitialize
CoInitialize
CoTaskMemFree
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning

oleaut32

GetErrorInfo
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
VariantInit
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
VariantClear
VarBstrCmp
SysFreeString
VariantChangeType
SysAllocString
SafeArrayCopy
SetErrorInfo
CreateErrorInfo
VariantCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetVartype
VarUI4FromStr

urlmon

URLDownloadToCacheFileW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

SHSetValueA
SHGetValueA
StrToIntExW
PathRemoveExtensionW
PathAddBackslashW
PathUnquoteSpacesW
PathCompactPathW
StrStrIA
SHSetValueW
PathFindExtensionW
StrCmpIW
StrChrW
ord437
StrStrIW
PathStripPathW
StrCmpNIW
PathStripToRootW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
SHGetValueW
PathAppendW
PathCombineW

comctl32

InitCommonControlsEx

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipSaveImageToFile
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipDrawImageI
GdipDrawArcI
GdipDrawLineI
GdipCreateBitmapFromStreamICM
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAlloc
GdipSetPenColor
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipFree
GdipDrawImageRectRectI
GdipDrawLine

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EmptyWorkingSet

wininet

InternetQueryOptionW

dbghelp

ImageNtHeader
ImageRvaToVa

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CryptStringToBinaryW
CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 839KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/config.ini
360PatchUp/config/config.xml
360PatchUp/config/defaultskin/MiniUI.xml
360PatchUp/config/defaultskin/defaultskin.ui
.zip
360ExaminUI/sec/scrollh/background.png
.png
360ExaminUI/sec/scrollh/buttons.bmp
360ExaminUI/sec/scrollh/buttons.png
.png
360ExaminUI/sec/scrollh/thumb.png
.png
360ExaminUI/sec/scrollh/thumbgripper.png
.png
360ExaminUI/sec/scrollv/background.png
.png
360ExaminUI/sec/scrollv/buttons.bmp
360ExaminUI/sec/scrollv/buttons.png
.png
360ExaminUI/sec/scrollv/thumb.png
.png
360ExaminUI/sec/scrollv/thumbgripper.png
.png
Common/360Safe-16new.png
.png
Common/360Safe.ico
Common/Buttom_Hover.png
.png
Common/CoolUI/Button_Normal.png
.png
Common/CoolUI/DlgBackground.png
.png
Common/CoolUI/DlgBackground_NB.png
.png
Common/CoolUI/DlgBackground_simple.png
.png
Common/CoolUI/TopBanner/Mainbanner_Danger.png
.png
Common/CoolUI/TopBanner/Mainbanner_Normal.png
.png
Common/CoolUI/TopBanner/Mainbanner_Safe.png
.png
Common/CoolUI/TopBanner/Mainbanner_Warn.png
.png
Common/CoolUI/cool_dlg_with_tab.png
.png
Common/CoolUI/tab/tab_background.PNG
.png
Common/CoolUI/tab/tab_hover.PNG
.png
Common/CoolUI/tab/tab_normal.PNG
.png
Common/CoolUI/tab/tab_pushed.PNG
.png
Common/DlgBackground.jpg
.jpg
Common/Foreground.jpg
.jpg
Common/Safe_S.png
.png
Common/SearchR_InfoS.png
.png
Common/Tips.png
.png
Common/animation.gif
.gif
Common/bkgnd-border.png
.png
Common/button_disable.jpg
.jpg
Common/button_focus.jpg
.jpg
Common/button_hover.jpg
.jpg
Common/button_normal.jpg
.jpg
Common/button_pushed.jpg
.jpg
Common/checkbox.bmp
Common/checkbox.png
.png
Common/close.png
.png
Common/collapse.bmp
Common/dynamic_listbox_item_hover.png
.png
Common/dynamic_listbox_item_normal.png
.png
Common/dynamic_listbox_item_pushed.png
.png
Common/error_back.png
.png
Common/expand.bmp
Common/frame.jpg
.jpg
Common/frame_border.bmp
Common/headerctrl_hover.bmp
Common/headerctrl_normal.bmp
Common/headerctrl_normal16.bmp
Common/headerctrl_pushed.bmp
Common/listCtrlBtn_Disable.jpg
.jpg
Common/listCtrlBtn_Focus.jpg
.jpg
Common/listCtrlBtn_Hover.jpg
.jpg
Common/listCtrlBtn_Normal.jpg
.jpg
Common/listCtrlBtn_Pushed.jpg
.jpg
Common/msg_icon_check.png
.png
Common/msg_icon_error.png
.png
Common/msg_icon_info.png
.png
Common/msg_icon_question.png
.png
Common/msg_icon_warning.png
.png
Common/netstateerror2.png
.png
Common/netstateok2.png
.png
Common/old/sys_button_close.png
.png
Common/old/sys_button_max.png
.png
Common/old/sys_button_menu.png
.png
Common/old/sys_button_min.png
.png
Common/old/sys_button_restore.png
.png
Common/old/sys_dlg_close.png
.png
Common/old/sys_dlg_max.png
.png
Common/old/sys_dlg_min.png
.png
Common/old/sys_dlg_restore.png
.png
Common/old/sysmenu_close2.png
.png
Common/popup_dialog_title_bar_background.bmp
Common/progress_ctrl_background.bmp
Common/progress_ctrl_fg.bmp
Common/radiobutton.bmp
Common/radiobutton.png
.png
Common/scrollh/background.png
.png
Common/scrollh/buttons.png
.png
Common/scrollh/thumb.png
.png
Common/scrollh/thumbgripper.png
.png
Common/scrollv/background.png
.png
Common/scrollv/buttons.png
.png
Common/scrollv/thumb.png
.png
Common/scrollv/thumbgripper.png
.png
Common/sys_button_close.png
.png
Common/sys_button_max.png
.png
Common/sys_button_min.png
.png
Common/sys_button_min2.png
.png
Common/sys_button_restore.png
.png
Common/sys_dlg_close.png
.png
Common/sysmenu_close2.png
.png
Common/tab_background.bmp
Common/tab_background.png
.png
Common/tab_hover.PNG
.png
Common/tab_normal.PNG
.png
Common/tab_pushed.PNG
.png
Common/tips_D01.png
.png
Common/title_bar_menu.png
.png
Common/toolbar_hover.png
.png
Common/toolbar_normal.png
.png
Common/toolbar_pushed.png
.png
Common/toolbar_sim_hover.png
.png
Common/toolbar_sim_normal.png
.png
Common/toolbar_sim_pushed.png
.png
ver.txt
360PatchUp/config/lang/zh-CN/SysSweeper.ui.dat
360PatchUp/config/newui/themes/default/360CleanPlus/360CleanPlus_theme.ui
.zip
cleanplus_page.xml
image/Windows_pop_cleanup_plus_bg.png
.png
image/icon_list_sysfile.png
.png
image/icon_list_updatefile.png
.png
image/icon_tab_clearup_off.png
.png
image/icon_tab_clearup_on.png
.png
image/icon_tab_settings_disable.png
.png
image/icon_tab_settings_on.png
.png
image/icon_tab_settings_rest.png
.png
main_dlg.xml
shared.xml
360PatchUp/config/newui/themes/default/360InternationSafe/360InternationSafe_theme.ui
.zip
msgbox.xml
360PatchUp/config/newui/themes/default/360SystemCompact/360SystemCompact_theme.ui
.zip
image/Windows_pop_system_compact_bg.png
.png
main_dlg.xml
shared.xml
360PatchUp/config/newui/themes/default/360leakfix/360leakfix_theme.ui
.zip
detail_page.xml
image/Icon_ind_fixdownload.png
.png
image/Icon_ind_fixwait.png
.png
image/Icon_ind_icon_xs.png
.png
image/icon_logo_notification.png
.png
image/icon_tab_history_disable.png
.png
image/icon_tab_history_on.png
.png
image/icon_tab_history_rest.png
.png
image/icon_tab_patchup_disable.png
.png
image/icon_tab_patchup_on.png
.png
image/icon_tab_patchup_rest.png
.png
image/icon_tab_settings_disable.png
.png
image/icon_tab_settings_on.png
.png
image/icon_tab_settings_rest.png
.png
image/notification_patchup_bg.png
.png
leakfix_page.xml
leakfix_pop.xml
leakfix_record.xml
leakfix_settings.xml
main_dlg.xml
shared.xml
360PatchUp/config/newui/themes/default/default_theme.ui
.zip
Common/Image/Icon_ind_info.png
.png
Common/Image/Icon_ind_state_warning_white_dark_l.png
.png
Common/Image/Window_default_shadow.png
.png
Common/Image/Window_pop_bg.png
.png
Common/Image/Window_pop_logo.png
.png
Common/Image/Window_pop_logo_dark.png
.png
Common/Image/Window_pop_path_browse.png
.png
Common/Image/Window_pop_setting_bg.png
.png
Common/Image/Window_pop_skin_bg.png
.png
Common/Image/Window_pulldown_bg_arrow.png
.png
Common/Image/Window_pulldown_onlist.png
.png
Common/Image/Window_pulldown_shadow.png
.png
Common/Image/Window_sub_bg.png
.png
Common/Image/Window_sub_title_bg.png
.png
Common/Image/Windows_pop_tips_bg.png
.png
Common/Image/checkbox.png
.png
Common/Image/com_control_checkbox.png
.png
Common/Image/com_control_expand_down.png
.png
Common/Image/com_control_expand_down_lv2.png
.png
Common/Image/com_control_expand_up.png
.png
Common/Image/com_control_expand_up_lv2.png
.png
Common/Image/com_control_radio.png
.png
Common/Image/com_control_switch_btn_off.png
.png
Common/Image/com_control_switch_btn_off_l.png
.png
Common/Image/com_control_switch_btn_off_s.png
.png
Common/Image/com_control_switch_btn_on.png
.png
Common/Image/com_control_switch_btn_on_l.png
.png
Common/Image/com_control_switch_btn_on_r.png
.png
Common/Image/com_control_switch_btn_on_r_l.png
.png
Common/Image/com_control_switch_btn_on_r_s.png
.png
Common/Image/com_control_switch_btn_on_s.png
.png
Common/Image/com_default_btn.png
.png
Common/Image/com_default_btn_s.png
.png
Common/Image/com_default_btn_sub.png
.png
Common/Image/com_function_btn.png
.png
Common/Image/com_function_btn_sub.png
.png
Common/Image/com_hint_btn.png
.png
Common/Image/com_loading_bar_lv1.png
.png
Common/Image/com_loading_bar_lv2.png
.png
Common/Image/com_pop_title_btn.png
.png
Common/Image/com_pop_title_default_btn.png
.png
Common/Image/com_progress_bar.png
.png
Common/Image/com_progress_bar_bg.png
.png
Common/Image/com_suggest_btn.png
.png
Common/Image/com_title_btn.png
.png
Common/Image/com_title_btn_sub.png
.png
Common/Image/com_title_default_btn.png
.png
Common/Image/com_title_default_btn_sub.png
.png
Common/Image/en/Window_default_logo.png
.png
Common/Image/en/Window_pop_logo_name.png
.png
Common/Image/en/Window_pop_logo_name_dark.png
.png
Common/Image/en/Windows_pop_cleanup_plus_logo_en.png
.png
Common/Image/en/icon_logo_name_notification.png
.png
Common/Image/icon_mag_ds_fixing_dark.png
.png
Common/Image/icon_msg_check.png
.png
Common/Image/icon_msg_check_dark.png
.png
Common/Image/icon_msg_info.png
.png
Common/Image/icon_msg_info_dark.png
.png
Common/Image/icon_msg_remind_dark.png
.png
Common/Image/icon_msg_warning.png
.png
Common/Image/icon_msg_warning_dark.png
.png
Common/Image/icon_topbar_close2.png
.png
Common/Image/icon_topbar_close_light2.png
.png
Common/Image/icon_topbar_fullscreen_light.png
.png
Common/Image/icon_topbar_gift.png
.png
Common/Image/icon_topbar_hide2.png
.png
Common/Image/icon_topbar_hide_light2.png
.png
Common/Image/icon_topbar_menu_light2.png
.png
Common/Image/icon_topbar_settings2.png
.png
Common/Image/icon_topbar_settings_light2.png
.png
Common/Image/icon_topbar_skin.png
.png
Common/Image/icon_topbar_window_light.png
.png
Common/Image/radio.png
.png
Common/Image/scrollv/com_scroll_bar.png
.png
Common/Image/scrollv/com_scroll_bar_bg.png
.png
Common/Image/scrollv/com_scroll_bar_bg_gray.png
.png
Common/Image/scrollv/com_scroll_bar_bg_white.png
.png
Common/Image/scrollv/thumbgripper.png
.png
Common/Image/window_content_mask_above.png
.png
Common/Image/window_content_mask_under.png
.png
Common/Image/window_content_tab_bg.png
.png
Common/Image/window_content_tab_on.png
.png
Common/Image/window_content_tab_rest.png
.png
Common/Image/window_pop_content_tab_bg.png
.png
Common/Image/window_pop_content_tab_on.png
.png
Common/Image/window_pop_content_tab_rest.png
.png
Common/Image/window_shadow.png
.png
Common/Image/window_shadow_small.png
.png
Common/Image/window_shadow_small2.png
.png
Common/Image/window_sub_tab_on.png
.png
Common/Image/window_tab_on.png
.png
Common/Image/zh-CN/Window_default_logo.png
.png
Common/Image/zh-CN/Window_pop_logo_name.png
.png
Common/Image/zh-CN/Window_pop_logo_name_dark.png
.png
Common/Image/zh-CN/Windows_pop_cleanup_plus_logo_en.png
.png
Common/Image/zh-TW/Window_default_logo.png
.png
Common/Image/zh-TW/Window_pop_logo_name.png
.png
Common/Image/zh-TW/Window_pop_logo_name_dark.png
.png
Common/Image/zh-TW/Windows_pop_cleanup_plus_logo_en.png
.png
Common/Image/zh-TW/icon_logo_name_notification.png
.png
Common/XML/CommonResource.xml
Common/XML/SharedStrings.xml
360PatchUp/config/newui/themes/default/theme.xml
.xml
360PatchUp/leakrepair.dat
360PatchUp/leakrepair.dll
.dll windows:5 windows x86 arch:x86

0dff8ff914956c21e6d1b2f036a39037

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:38:66:b3:26:9f:c5:85:5a:1c:ee:c3:e7:f4:e1:2e:73:1d:06:49
Signer

Actual PE Digest

2f:38:66:b3:26:9f:c5:85:5a:1c:ee:c3:e7:f4:e1:2e:73:1d:06:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\43809\out\Release\leakrepair.pdb

Imports

kernel32

GetLocalTime
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessTimes
GetCurrentProcess
SetFilePointer
WriteFile
CloseHandle
GetFileSize
CreateFileW
GetModuleFileNameW
OutputDebugStringW
lstrlenW
GetSystemDefaultUILanguage
GetVersion
MultiByteToWideChar
WideCharToMultiByte
GetLastError
WaitForSingleObject
ReadFile
CreateMutexW
GetModuleHandleW
VirtualAlloc
VirtualFree
FlushInstructionCache
DeleteFileW
GetCurrentThreadId
GetExitCodeProcess
GetSystemInfo
GetVersionExW
Sleep
SetLastError
OpenMutexW
FreeLibraryAndExitThread
FindClose
FindFirstFileW
RemoveDirectoryW
lstrcmpiW
CreateThread
CreateEventW
lstrlenA
CompareFileTime
GetSystemDirectoryW
ExpandEnvironmentStringsW
SearchPathW
SetFileAttributesW
GetWindowsDirectoryW
GetFileTime
SystemTimeToTzSpecificLocalTime
lstrcpyW
FindNextFileW
SystemTimeToFileTime
GetFullPathNameW
DeviceIoControl
SetEvent
GetTempPathW
GetSystemWindowsDirectoryW
GetPriorityClass
SetPriorityClass
GetFileAttributesExW
TerminateProcess
CopyFileW
InterlockedDecrement
ResetEvent
GetFileType
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
InterlockedIncrement
GetTickCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
LoadLibraryW
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringA
GetModuleHandleA
LCMapStringW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
GetCommandLineA
ExitThread
VirtualQuery
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
ExitProcess
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
FreeLibrary
CreateProcessW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
FormatMessageW
LocalFree
GetSystemTime
CreateFileA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
TlsGetValue

user32

MessageBoxW
GetActiveWindow
GetClassInfoExW
DestroyWindow
CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
PostMessageW
UnregisterClassA
KillTimer
SetTimer
FindWindowW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
PostThreadMessageW

advapi32

RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHFileOperationW
SHGetDiskFreeSpaceExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
ord165

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

CreateStdDispatch
SysAllocString
SysAllocStringLen
SysFreeString
CreateDispTypeInfo

shlwapi

SHSetValueW
PathIsDirectoryW
PathFindFileNameW
PathAppendW
SHGetValueW
ord437
PathCombineW
PathRemoveFileSpecW
StrStrIW
StrCmpNIW
SHDeleteValueW
StrToIntW
PathStripToRootW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

CanShowAIRestore
CanShowWindowsUpdate
CreatePlugin
CreatePluginFactory
DllCanUnloadNow
DllGetClassObject
GetDownloadDirectory
GetWindowUpdate
LeakRepairString
OnUninstall
OnUninstallI18n
SetDisplayLanguage
SetDownloadDirectory
SetWindowUpdate

Sections

.text
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/libleak-64.dat
360PatchUp/libleak.dat
360PatchUp/sites.dll
.dll regsvr32 windows:5 windows x86 arch:x86

723e0242e8d4b67f9451c30c5cf8eb51

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:59:98:bc:97:b2:7d:b0:fa:70:60:22:90:24:19:de:1c:21:63:10
Signer

Actual PE Digest

57:59:98:bc:97:b2:7d:b0:fa:70:60:22:90:24:19:de:1c:21:63:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\vmagent_new\bin\joblist\52532\out\Release\sites.pdb

Imports

gdiplus

GdipGetImageHeight
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateFromHDC
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipCloneBitmapAreaI
GdipGetPageScale
GdipSetPageScale
GdipSetPageUnit
GdipGetInterpolationMode
GdipGetTextRenderingHint
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipGetCompositingMode
GdipSetCompositingMode
GdipGetPathData
GdipGetDpiY
GdipGetDpiX
GdipGetPageUnit
GdipGetPointCount
GdipAddPathBezierI
GdipAddPathStringI
GdipGetImageWidth
GdipCreatePen1
GdipCreateBitmapFromHBITMAP
GdipDrawImagePointsI
GdipGetFontSize
GdipGetFamily
GdipCreateFontFromLogfontW
GdipMeasureString
GdipFillRectangle
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipDeleteFontFamily
GdipGetSolidFillColor
GdipCreateRegionRectI
GdipFillRegion
GdipCombineRegionPath
GdipDeleteRegion
GdipSetLineWrapMode
GdipGetPixelOffsetMode
GdipDrawLineI
GdipAddPathLine2I
GdipSetPenColor
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipAddPathPieI
GdipAddPathEllipseI
GdipSetStringFormatTrimming
GdipDeleteGraphics
GdipSetPenLineJoin
GdipDeletePen
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateHBITMAPFromBitmap
GdipSetLineBlend
GdipReleaseDC
GdipGetDC
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipSetPathGradientFocusScales
GdipCreatePen2
GdipDrawImageRectRect
GdipDrawImageI
GdipSetImageAttributesColorMatrix
GdipRestoreGraphics
GdipSaveGraphics
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipCloneImage
GdipResetClip
GdipSetClipPath
GdipDrawImagePointRectI
GdipFillPath
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipCreateLineBrushFromRectWithAngleI
GdipSetImageAttributesGamma
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipDisposeImage
GdipGetPathWorldBounds
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipSetLinePresetBlend
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdipDrawPath
GdipDeletePath
GdipCreatePath
GdipFillPolygonI
GdipCloneBrush
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillEllipseI
GdipFillRectangleI
GdipDrawEllipseI
GdipDrawRectangleI

imm32

ImmReleaseContext
ImmDisableIME

kernel32

CreateFileA
InterlockedExchange
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
InterlockedCompareExchange
OutputDebugStringW
FormatMessageW
GetSystemTime
CreateMutexW
TlsGetValue
TlsSetValue
GetAtomNameW
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
ExitThread
CreateThread
SystemTimeToFileTime
GetFileType
GetStdHandle
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
SetFilePointer
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
WriteConsoleW
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
lstrlenA
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
MulDiv
LoadLibraryW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
GetLongPathNameW
GetCurrentProcessId
FindNextFileW
FindClose
GetVersionExW
GetFullPathNameW
FindFirstFileW
GetCurrentDirectoryW
GlobalFree
GlobalAlloc
CloseHandle
ReadFile
GetFileSizeEx
CreateFileW
GetTickCount
GlobalUnlock
GlobalLock
FreeResource
LockResource
GetSystemInfo
GlobalMemoryStatusEx
QueryPerformanceFrequency
WideCharToMultiByte
DeviceIoControl
SetThreadLocale
GetThreadLocale
GetPrivateProfileStringW
WriteFile
WaitForSingleObject
Sleep
FlushFileBuffers
LocalFree
GetFileTime
VirtualAlloc
VirtualQuery
OpenThread
VirtualProtect
HeapFree
GetProcessHeap
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetFilePointerEx

user32

SetWindowsHookExW
GetClassInfoW
GetClassNameW
UnionRect
RegisterClipboardFormatW
GetAsyncKeyState
GetSystemMetrics
GetIconInfo
IsIconic
RegisterWindowMessageW
SetWindowRgn
UpdateLayeredWindow
FrameRect
DestroyCursor
GetDCEx
GetSysColor
EnableScrollBar
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ScrollWindowEx
CloseClipboard
GetClipboardData
OpenClipboard
PostQuitMessage
DispatchMessageW
MoveWindow
GetMessageW
EnableWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
PrintWindow
EnumChildWindows
GetWindowTextW
SetWindowTextW
SendMessageTimeoutW
GetDesktopWindow
SendNotifyMessageW
GetCursor
GetKeyState
CopyRect
PtInRect
IsRectEmpty
DrawTextW
GetDC
ReleaseDC
CharLowerW
DefWindowProcW
CallWindowProcW
LoadStringW
SetRect
GetWindowLongW
SetWindowLongW
CharNextW
IsZoomed
PostMessageW
SendMessageW
UnhookWindowsHookEx
WindowFromPoint
GetCapture
IsWindowEnabled
GetWindowThreadProcessId
CallNextHookEx
SetLayeredWindowAttributes
EndPaint
BeginPaint
UpdateWindow
InvalidateRect
IntersectRect
EqualRect
RegisterClassExW
CreateWindowExW
SetFocus
GetClassInfoExW
IsWindowVisible
ShowWindow
ClientToScreen
GetWindowRect
SetWindowPos
DestroyWindow
GetActiveWindow
MessageBoxW
ReleaseCapture
CharUpperW
GetFocus
DrawFocusRect
FillRect
DrawIconEx
SystemParametersInfoW
FindWindowW
OffsetRect
SetRectEmpty
GetParent
GetWindowRgn
GetWindow
SetCapture
KillTimer
SetTimer
wsprintfW
RedrawWindow
GetCursorPos
ScreenToClient
LoadCursorW
UnregisterClassA
InflateRect
GetClientRect
SetCursor
TranslateMessage
IsWindow

gdi32

LineTo
CreateDIBSection
GetCurrentObject
ExtTextOutW
SetBkColor
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateRectRgn
GetRgnBox
SetWindowOrgEx
FrameRgn
Rectangle
CreateSolidBrush
GetStockObject
Polygon
SelectClipRgn
OffsetClipRgn
CreateRectRgnIndirect
MoveToEx
GetObjectA
CreateFontW
EnumFontFamiliesW
CombineRgn
PatBlt
SetRectRgn
CreatePatternBrush
CreateBitmap
CreateFontIndirectW
GetTextMetricsW
GetDIBits
SetDIBits
GetTextExtentPoint32W
GetTextColor
GetPath
EndPath
TextOutW
BeginPath
CreatePen
SetDIBColorTable
StretchBlt
SetStretchBltMode
SetTextColor
SetBkMode
GetObjectW
GetDeviceCaps
DeleteDC
SelectObject
CreateCompatibleDC
GetClipBox
DeleteObject

advapi32

RegQueryValueExW
RegQueryValueExA
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
RegisterDragDrop
OleDuplicateData
DoDragDrop
RevokeDragDrop
CLSIDFromString
IIDFromString
CreateStreamOnHGlobal
CoCreateInstance
ReleaseStgMedium
StringFromGUID2

oleaut32

SysAllocStringLen
SysFreeString
VariantCopy
VarBstrCmp
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCopy
SafeArrayGetVartype
DispCallFunc
VariantChangeType
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysAllocString

shlwapi

StrStrIW
PathRemoveExtensionW
PathIsDirectoryW
StrToInt64ExW
PathRelativePathToW
StrToIntW
ColorRGBToHLS
ColorHLSToRGB
PathFindFileNameW
PathIsRelativeW
SHGetValueW
PathCombineW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveBackslashW
StrCmpIW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeGetDevCaps

Exports

Exports

CreateMemoryFile
CreateShadowEdgeInstance
CreateXMLDOMDocument
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetFactory
GetFileDataFromStorage
GetFileLengthFromStorage
GetFileLengthFromStorageEx
GetFontCharset
GetMainThreadClub
GetPerformanceEvaluation
IsDesignerMode
SetDefaultResourceInfo
SetDesignerMode
SetFontCharset
SmartDisableIME
UninitMainThreadClub

Sections

.text
Size: 879KB - Virtual size: 879KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/syscpt/CompactConfig.ini
360PatchUp/syscpt/wofadk.amd64.sys
.sys windows:10 windows x64 arch:x64

25b91f04d32bfb57bf640b677ccac124

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:cb:f0:79:96:6e:94:96:1c:e0:67:7d:af:c8:96:11:70:f0:66:d7:a7:d7:cc:9a:8e:30:9b:45:b2:29:9a:e5
Signer

Actual PE Digest

07:cb:f0:79:96:6e:94:96:1c:e0:67:7d:af:c8:96:11:70:f0:66:d7:a7:d7:cc:9a:8e:30:9b:45:b2:29:9a:e5

Digest Algorithm

sha256

PE Digest Matches

true

90:95:7f:22:5c:ba:fa:af:b9:d8:1a:55:34:7f:8d:ac:24:d9:1a:f1
Signer

Actual PE Digest

90:95:7f:22:5c:ba:fa:af:b9:d8:1a:55:34:7f:8d:ac:24:d9:1a:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wofadk.pdb

Imports

ntoskrnl.exe

SeUnlockSubjectContext
RtlEnumerateGenericTableAvl
RtlAppendUnicodeStringToString
ZwClose
SeCaptureSubjectContext
ZwQueryValueKey
RtlFreeUnicodeString
KeDelayExecutionThread
SeReleaseSubjectContext
SeLockSubjectContext
SeTokenIsAdmin
ExAcquireRundownProtection
RtlDeleteElementGenericTableAvl
EtwWriteTransfer
IoGetCurrentProcess
EtwRegister
MmGetSystemRoutineAddress
PsGetProcessImageFileName
ExWaitForRundownProtectionRelease
EtwUnregister
FsRtlValidateReparsePointBuffer
ProbeForRead
TmCurrentTransaction
RtlCompareMemory
RtlEqualUnicodeString
RtlInitUnicodeString
ExRundownCompleted
KeQueryPriorityThread
ExQueueWorkItem
swprintf_s
IoBuildDeviceIoControlRequest
KdRefreshDebuggerNotPresent
KeSetPriorityThread
KeSetEvent
RtlCheckRegistryKey
MmUnmapViewOfSection
EtwEventEnabled
RtlInitializeBitMap
RtlLookupElementGenericTableAvl
RtlSetBit
IoGetDeviceObjectPointer
EtwWrite
RtlAreBitsSet
RtlClearAllBits
ZwSetInformationThread
MmMapViewOfSection
ObReferenceObjectByHandle
KeWaitForSingleObject
PsInitialSystemProcess
ZwDeviceIoControlFile
RtlTestBit
ExInitializeLookasideListEx
ZwCreateSection
ZwOpenFile
ExDeleteLookasideListEx
RtlFindNextForwardRunClear
ZwQueryInformationThread
_i64tow_s
RtlRunOnceExecuteOnce
KeStackAttachProcess
IofCallDriver
KeFreeCalloutStack
ExInitializeNPagedLookasideList
IoGetRelatedDeviceObject
KeAllocateCalloutStackEx
ExDeleteNPagedLookasideList
KeInitializeMutex
KeReleaseMutex
KeAreAllApcsDisabled
_wcsicmp
IoQueueWorkItemEx
IoFreeWorkItem
RtlAppendUnicodeToString
RtlCreateSystemVolumeInformationFolder
IoAllocateWorkItem
KeSetCoalescableTimer
RtlQueryRegistryValues
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeTimerEx
KeCancelTimer
KeQueryActiveProcessorCountEx
IoGetTopLevelIrp
ZwOpenKey
IoWMIRegistrationControl
RtlGetVersion
RtlInitializeGenericTableAvl
MmIsThisAnNtAsSystem
ExInitializePagedLookasideList
KeBugCheckEx
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
ProbeForWrite
ObfReferenceObject
RtlCompareUnicodeString
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExReleaseRundownProtection
ExpInterlockedPushEntrySList
ExAcquireFastMutex
ExReleaseFastMutex
ExInitializeRundownProtection
KeExpandKernelStackAndCalloutEx
ObDereferenceObjectDeferDelete
ObfDereferenceObject
RtlCopyUnicodeString
ExReInitializeRundownProtection
ExDeletePagedLookasideList
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
KeInitializeEvent
KeLeaveCriticalRegion
ExFreePoolWithTag
ExReleaseFastMutexUnsafe
ExAllocatePoolWithTag
wcschr
ZwCreateEvent
ZwQuerySymbolicLinkObject
_wcsnicmp
ZwQuerySystemInformation
ZwOpenSymbolicLinkObject
ZwWaitForSingleObject
wcsrchr
_vsnwprintf
ZwResetEvent
wcscpy_s
__C_specific_handler
__chkstk

fltmgr.sys

FltQueryInformationFile
FltFlushBuffers
FltPerformAsynchronousIo
FltAllocateCallbackDataEx
FltIsOperationSynchronous
FltSetIoPriorityHintIntoCallbackData
FltFreeGenericWorkItem
FltQueueGenericWorkItem
FltAllocateGenericWorkItem
FltInitializePushLock
FltDeletePushLock
FltFreePoolAlignedWithTag
FltOpenVolume
FltCompletePendedPreOperation
FltAcquirePushLockShared
FltReadFile
FltIsIoCanceled
FltAllocatePoolAlignedWithTag
FltAllocateDeferredIoWorkItem
FltQueueDeferredIoWorkItem
FltDeviceIoControlFile
FltFreeDeferredIoWorkItem
FltAcquirePushLockExclusive
FltReleasePushLock
FltGetIoPriorityHintFromCallbackData
FltStartFiltering
FltRegisterFilter
FltGetRoutineAddress
FltInitExtraCreateParameterLookasideList
FltParseFileNameInformation
FltGetVolumeFromFileObject
FltAttachVolume
FltCreateFileEx
FltGetFileNameInformationUnsafe
FltEnumerateInstances
FltWriteFile
FltUntagFile
FltObjectDereference
FltIsDirectory
FltSetInformationFile
FltTagFile
FltAllocateCallbackData
FltPerformSynchronousIo
FltLockUserBuffer
FltFreeCallbackData
FltReleaseFileNameInformation
FltFsControlFile
FltAllocateExtraCreateParameterFromLookasideList
FltGetFileNameInformation
FltReissueSynchronousIo
FltFindExtraCreateParameter
FltGetEcpListFromCallbackData
FltSetEcpListIntoCallbackData
FltSetCallbackDataDirty
FltDeleteStreamContext
FltInsertExtraCreateParameter
FltAllocateExtraCreateParameterList
FltCancelFileOpen
FltEnlistInTransaction
FltGetTransactionContext
FltSetTransactionContext
FltSetFileContext
FltGetVolumeGuidName
FltGetStreamHandleContext
FltGetInstanceContext
FltQueryDirectoryFile
FltGetStreamContext
FltDeleteInstanceContext
FltDeleteExtraCreateParameterLookasideList
FltSetInstanceContext
FltGetDiskDeviceObject
FltGetVolumeProperties
FltReleaseContext
FltClose
FltAllocateContext
FltUnregisterFilter
FltSetStreamHandleContext
FltReferenceContext
FltSetStreamContext
FltQueryVolumeInformationFile

cng.sys

BCryptGetProperty
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptOpenAlgorithmProvider

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GFIDS
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/syscpt/wofadk.x86.sys
.sys windows:10 windows x86 arch:x86

fbc996fcb0d2502ac819d047b183f3f9

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:d1:83:9f:7b:45:c3:ac:ea:f8:d3:24:75:60:7a:9b:33:d6:ed:ac:86:51:2e:6c:4b:dc:eb:63:72:e6:87:ba
Signer

Actual PE Digest

c2:d1:83:9f:7b:45:c3:ac:ea:f8:d3:24:75:60:7a:9b:33:d6:ed:ac:86:51:2e:6c:4b:dc:eb:63:72:e6:87:ba

Digest Algorithm

sha256

PE Digest Matches

true

89:26:1c:59:1e:9e:be:b6:2c:ba:12:84:c5:73:63:e8:ce:81:a2:67
Signer

Actual PE Digest

89:26:1c:59:1e:9e:be:b6:2c:ba:12:84:c5:73:63:e8:ce:81:a2:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wofadk.pdb

Imports

ntoskrnl.exe

SeUnlockSubjectContext
RtlEnumerateGenericTableAvl
RtlAppendUnicodeStringToString
ZwClose
SeCaptureSubjectContext
ZwQueryValueKey
RtlFreeUnicodeString
KeDelayExecutionThread
SeReleaseSubjectContext
SeLockSubjectContext
SeTokenIsAdmin
ExAcquireRundownProtection
RtlDeleteElementGenericTableAvl
EtwWriteTransfer
IoGetCurrentProcess
EtwRegister
MmGetSystemRoutineAddress
PsGetProcessImageFileName
ExWaitForRundownProtectionRelease
EtwUnregister
FsRtlValidateReparsePointBuffer
ProbeForRead
TmCurrentTransaction
KeGetCurrentThread
ExRundownCompleted
KeQueryPriorityThread
ExQueueWorkItem
swprintf_s
IoBuildDeviceIoControlRequest
KdRefreshDebuggerNotPresent
KeSetPriorityThread
KeSetEvent
RtlCheckRegistryKey
MmUnmapViewOfSection
EtwEventEnabled
RtlInitializeBitMap
KeUnstackDetachProcess
RtlSetBit
RtlLookupElementGenericTableAvl
EtwWrite
RtlAreBitsSet
RtlClearAllBits
ZwSetInformationThread
MmMapViewOfSection
ObReferenceObjectByHandle
KeWaitForSingleObject
PsInitialSystemProcess
ZwDeviceIoControlFile
ExInitializeLookasideListEx
ZwCreateSection
ZwOpenFile
ExDeleteLookasideListEx
RtlFindNextForwardRunClear
ZwQueryInformationThread
_i64tow_s
RtlRunOnceExecuteOnce
KeStackAttachProcess
IofCallDriver
KeFreeCalloutStack
ExInitializeNPagedLookasideList
IoGetRelatedDeviceObject
KeAllocateCalloutStackEx
ExDeleteNPagedLookasideList
KeInitializeMutex
KeReleaseMutex
KeAreAllApcsDisabled
_wcsicmp
IoQueueWorkItemEx
IoFreeWorkItem
RtlAppendUnicodeToString
RtlCreateSystemVolumeInformationFolder
IoAllocateWorkItem
KeSetCoalescableTimer
RtlQueryRegistryValues
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeTimerEx
KeCancelTimer
KeQueryActiveProcessorCountEx
IoGetTopLevelIrp
memmove
ZwOpenKey
IoWMIRegistrationControl
RtlGetVersion
RtlInitializeGenericTableAvl
MmIsThisAnNtAsSystem
ExInitializePagedLookasideList
IoGetDeviceObjectPointer
KeBugCheckEx
RtlCompareMemory
RtlEqualUnicodeString
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
ProbeForWrite
InterlockedPushEntrySList
ObfReferenceObject
RtlCompareUnicodeString
InterlockedPopEntrySList
ExReleaseRundownProtection
ExInitializeRundownProtection
KeExpandKernelStackAndCalloutEx
ObDereferenceObjectDeferDelete
ObfDereferenceObject
RtlCopyUnicodeString
ExReInitializeRundownProtection
ExDeletePagedLookasideList
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
KeInitializeEvent
KeLeaveCriticalRegion
ExFreePoolWithTag
ExReleaseFastMutexUnsafe
ExAllocatePoolWithTag
RtlTestBit
wcschr
ZwCreateEvent
ZwQuerySymbolicLinkObject
_wcsnicmp
ZwQuerySystemInformation
ZwOpenSymbolicLinkObject
ZwWaitForSingleObject
wcsrchr
_vsnwprintf
ZwResetEvent
wcscpy_s
_alldiv
_alldvrm
_allmul
_allrem
memcpy
memset
_alloca_probe
RtlUnwind

hal

KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex

fltmgr.sys

FltInitExtraCreateParameterLookasideList
FltFlushBuffers
FltPerformAsynchronousIo
FltAllocateCallbackDataEx
FltIsOperationSynchronous
FltSetIoPriorityHintIntoCallbackData
FltFreeGenericWorkItem
FltQueueGenericWorkItem
FltAllocateGenericWorkItem
FltInitializePushLock
FltDeletePushLock
FltFreePoolAlignedWithTag
FltOpenVolume
FltCompletePendedPreOperation
FltAcquirePushLockShared
FltReadFile
FltIsIoCanceled
FltAllocatePoolAlignedWithTag
FltAllocateDeferredIoWorkItem
FltQueueDeferredIoWorkItem
FltDeviceIoControlFile
FltFreeDeferredIoWorkItem
FltAcquirePushLockExclusive
FltReleasePushLock
FltGetIoPriorityHintFromCallbackData
FltStartFiltering
FltRegisterFilter
FltGetRoutineAddress
FltParseFileNameInformation
FltGetVolumeFromFileObject
FltQueryInformationFile
FltAttachVolume
FltCreateFileEx
FltGetFileNameInformationUnsafe
FltEnumerateInstances
FltWriteFile
FltUntagFile
FltObjectDereference
FltIsDirectory
FltSetInformationFile
FltTagFile
FltAllocateCallbackData
FltPerformSynchronousIo
FltLockUserBuffer
FltFreeCallbackData
FltReleaseFileNameInformation
FltFsControlFile
FltAllocateExtraCreateParameterFromLookasideList
FltGetFileNameInformation
FltReissueSynchronousIo
FltFindExtraCreateParameter
FltGetEcpListFromCallbackData
FltSetEcpListIntoCallbackData
FltSetCallbackDataDirty
FltDeleteStreamContext
FltInsertExtraCreateParameter
FltAllocateExtraCreateParameterList
FltCancelFileOpen
FltEnlistInTransaction
FltGetTransactionContext
FltSetTransactionContext
FltSetFileContext
FltSetStreamContext
FltReferenceContext
FltGetVolumeGuidName
FltGetStreamHandleContext
FltGetInstanceContext
FltQueryDirectoryFile
FltGetStreamContext
FltDeleteInstanceContext
FltDeleteExtraCreateParameterLookasideList
FltSetInstanceContext
FltGetDiskDeviceObject
FltGetVolumeProperties
FltReleaseContext
FltClose
FltAllocateContext
FltUnregisterFilter
FltSetStreamHandleContext
FltQueryVolumeInformationFile

cng.sys

BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGER32C
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360PatchUp/绿化.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

a1119cea04cc17db3e94bc68a7cf7841

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

76:25:f7:eb:19:60:e4:d4:84:00:f9:e5:ca:2c:cb:96:ea:e1:3e:03Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

netapi32

crypt32

Exports

Exports

Sections

.text Size: 591KB - Virtual size: 591KB

.rdata Size: 185KB - Virtual size: 184KB

.data Size: 52KB - Virtual size: 66KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 43KB

ad5d16c5bf1a1009fea6e0dd35fa7946

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

51:38:aa:5b:aa:eb:92:a5:42:52:03:e4:17:68:9d:3b:46:51:da:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

netapi32

crypt32

Exports

Exports

Sections

.text Size: 705KB - Virtual size: 705KB

.rdata Size: 256KB - Virtual size: 255KB

.data Size: 80KB - Virtual size: 98KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 19KB

96c521712b24ddb9806310fce81246b5

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

76:25:f7:eb:19:60:e4:d4:84:00:f9:e5:ca:2c:cb:96:ea:e1:3e:03
Signer

.text
Size: 591KB - Virtual size: 591KB

.rdata
Size: 185KB - Virtual size: 184KB

.data
Size: 52KB - Virtual size: 66KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 43KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

51:38:aa:5b:aa:eb:92:a5:42:52:03:e4:17:68:9d:3b:46:51:da:82
Signer

.text
Size: 705KB - Virtual size: 705KB

.rdata
Size: 256KB - Virtual size: 255KB

.data
Size: 80KB - Virtual size: 98KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

36:79:72:76:99:c3:28:93:80:fc:54:49:2e:03:94:13:a7:4c:b3:3f
Signer

.text
Size: 308KB - Virtual size: 308KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 16KB - Virtual size: 31KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

42:07:f1:ce:7a:ed:fb:64:84:08:fa:3d:05:3f:93:9b:1c:7b:c1:22
Signer

.text
Size: 639KB - Virtual size: 639KB

.rdata
Size: 128KB - Virtual size: 128KB