53cd36d0d496718e101f6178068db5b57325010f65302d2ec73690e85a6293e9

Sharing

Copy URL Twitter E-mail

General

Target

53cd36d0d496718e101f6178068db5b57325010f65302d2ec73690e85a6293e9
Size

3.2MB
MD5

662cb946ae83dee83caa7e9f935d83e2
SHA1

abba6e65235d8077258022641cf5aded3ff031ce
SHA256

53cd36d0d496718e101f6178068db5b57325010f65302d2ec73690e85a6293e9
SHA512

5bbb64a16c3d4460008e20a5e4e4119d774ad24c074c78e299cd803f14fad708e88c74e1edf4a84bb4fa3a216d0d91493126bb6dd40868fb97853a3bdccc45d6
SSDEEP

49152:TJXOK+QFW/+mtyZwXm5Nqlecu3/sq6O0dSlAdGze+csglXXAc+GbvZpx:lXO3QFW/+yNXcqle5/jfZmr19lnAFG/x

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/360/uninst.exe
unpack006/$PLUGINSDIR/InstallOptions.dll
unpack006/$PLUGINSDIR/NSISdl.dll
unpack006/$PLUGINSDIR/System.dll
unpack006/$PLUGINSDIR/nsplugin.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/360/uninst.exe	nsis_installer_1

Files

53cd36d0d496718e101f6178068db5b57325010f65302d2ec73690e85a6293e9
.zip
360/!.bat
360/360verify.dll
.dll windows:4 windows x86 arch:x86

ce928fde4597fcf5a0df8d3d7203f05e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
lstrcmpiA
GetLastError
LocalFree
LocalAlloc
CreateFileW
FreeLibrary
FindResourceExA
LoadLibraryExA
lstrlenW
WideCharToMultiByte
CreateFileA
CloseHandle
DeviceIoControl
GetSystemTimeAsFileTime
lstrlenA
GetFileSize
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
IsBadCodePtr
SetUnhandledExceptionFilter
GetCPInfo
ReadFile
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
GetStringTypeA
GetStringTypeW

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

SHSetValueA
SHGetValueA

netapi32

Netbios

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext

crypt32

CertGetNameStringA

Exports

Exports

CheckFileTrustA
CheckFileTrustExA
CheckFileTrustExW
CheckFileTrustW
GetCIDA
GetCIDW
Validate360ResourceSignA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/MiniUI.dll
.dll windows:4 windows x86 arch:x86

5b53e28f658d69c835c3e142c03fb75f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetVersion
GetFileTime
DisableThreadLibraryCalls
GetFileSize
CreateFileW
VirtualFree
ReadFile
SetFilePointer
LocalFree
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
GetModuleHandleW
GetCurrentProcessId
OutputDebugStringW
DebugBreak
FindResourceW
GetLastError
LoadResource
SizeofResource
FreeResource
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
ResumeThread
Sleep
SetEvent
WaitForSingleObject
ResetEvent
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
GetVersionExW
MulDiv
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
GetSystemWindowsDirectoryW
InterlockedDecrement
GetStartupInfoW
CreateProcessW
CloseHandle
FreeLibrary
LoadLibraryW
GetProcAddress
GetTempPathW
GetTempFileNameW
DeleteFileW
GetModuleFileNameW
InterlockedIncrement
lstrlenW
VirtualAlloc

user32

EnableScrollBar
SetPropW
GetPropW
GetMessageTime
GetParent
ReleaseDC
EnableWindow
EndDialog
SetDlgItemTextW
SetWindowTextW
CreateDialogParamW
LoadImageW
SetScrollRange
DialogBoxParamW
GetWindowThreadProcessId
SystemParametersInfoW
FindWindowW
MapWindowPoints
wvsprintfW
LoadBitmapW
GetSysColor
CharLowerW
GetCursor
CharNextW
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetSysColorBrush
DrawEdge
GetWindowDC
FrameRect
WindowFromDC
GetMessagePos
EnumChildWindows
DrawIconEx
GetClassInfoExW
wsprintfW
RegisterClassExW
DestroyWindow
ShowWindow
MonitorFromPoint
GetMonitorInfoW
GetSubMenu
SetWindowsHookExW
TrackPopupMenu
UnhookWindowsHookEx
ClientToScreen
IsZoomed
PostMessageW
CallNextHookEx
GetMenuItemCount
GetMenuStringW
DestroyMenu
LoadMenuW
GetSystemMetrics
SetRectEmpty
UpdateWindow
EqualRect
GetFocus
SetFocus
GetScrollRange
SetScrollPos
GetScrollPos
GetScrollInfo
SetScrollInfo
ShowScrollBar
IsWindow
LoadCursorW
SetCursor
IntersectRect
SetRect
FillRect
CallWindowProcW
SetLayeredWindowAttributes
DefWindowProcW
MoveWindow
SetWindowRgn
IsIconic
GetDlgItem
CreateWindowExW
CopyIcon
DestroyIcon
InvalidateRect
GetWindowRect
GetClientRect
GetWindow
LoadStringW
CharUpperW
CopyRect
GetClassNameW
SetWindowLongW
GetNextDlgGroupItem
DrawTextW
InflateRect
OffsetRect
GetDlgCtrlID
ReleaseCapture
SetCapture
IsRectEmpty
IsWindowEnabled
GetCursorPos
ScreenToClient
PtInRect
BeginPaint
EndPaint
GetWindowLongW
IsWindowVisible
SendMessageW
RedrawWindow
MessageBoxW
KillTimer
SetTimer
SetWindowPos
GetDC
GetActiveWindow
DrawFrameControl

gdi32

SetWindowOrgEx
PlayEnhMetaFile
IntersectClipRect
SelectClipRgn
CreateDIBSection
PatBlt
CombineRgn
CreateEllipticRgn
OffsetRgn
RoundRect
Rectangle
ExtTextOutW
SetBkColor
DeleteDC
SetBkMode
CreateFontIndirectW
GetObjectW
GetStockObject
GetObjectType
DeleteObject
RestoreDC
OffsetViewportOrgEx
SaveDC
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetViewportOrgEx
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
SetTextColor
CreateDCW
LineTo
MoveToEx
CreatePen
GetViewportOrgEx
GetCurrentObject
GetDeviceCaps
CreateFontW
GetTextExtentPoint32W
SetStretchBltMode
CreateDIBitmap
StretchBlt

ole32

CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysStringLen
OleLoadPicture
VariantChangeType
SysAllocStringLen
VariantCopy

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Destroy

msimg32

TransparentBlt
GradientFill
AlphaBlend

shlwapi

PathRemoveExtensionW
PathFindExtensionW
PathAppendW
PathFileExistsW
PathIsRelativeW
PathRemoveFileSpecW
PathCombineW
wnsprintfW

msvcrt

swprintf
wcsncmp
wcslen
malloc
_wfopen
fwrite
fclose
free
_except_handler3
wcscmp
_wcsnicmp
_wtoi
_wcsicmp
wcsncpy
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
_wtol
atol
wcscpy
swscanf
memmove
wcsstr
_beginthreadex
_snwprintf
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
exit
_CxxThrowException
__CxxLongjmpUnwind
fread
ftell
fseek
iswctype
realloc
wcsrchr
_wcsupr
wcsncat
strncpy
getenv
_filelength
fprintf
sprintf
_snprintf
abort
_iob
_setjmp3
longjmp
_ftol
_CIpow
strtod
sscanf
wcschr

Exports

Exports

CreateDynamicScrollBar
CreateDynamicScrollBar2
GetMiniUI
GetMiniUI2
GetMiniUI3
GetMiniUI4

Sections

.text
Size: 664KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/config/config.xml
360/config/defaultskin/360Safe-16new.png
.png
360/config/defaultskin/MiniUI.xml
360/config/defaultskin/defaultskin.ui
.zip
Common/360Safe-16new.png
.png
Common/360Safe.ico
Common/Buttom_Hover.png
.png
Common/CoolUI/Button_Normal.png
.png
Common/CoolUI/DlgBackground.png
.png
Common/CoolUI/DlgBackground_NB.png
.png
Common/CoolUI/DlgBackground_simple.png
.png
Common/CoolUI/TopBanner/Mainbanner_Danger.png
.png
Common/CoolUI/TopBanner/Mainbanner_Normal.png
.png
Common/CoolUI/TopBanner/Mainbanner_Safe.png
.png
Common/CoolUI/TopBanner/Mainbanner_Warn.png
.png
Common/CoolUI/cool_dlg_with_tab.png
.png
Common/CoolUI/tab/tab_background.PNG
.png
Common/CoolUI/tab/tab_hover.PNG
.png
Common/CoolUI/tab/tab_normal.PNG
.png
Common/CoolUI/tab/tab_pushed.PNG
.png
Common/DlgBackground.jpg
.jpg
Common/Foreground.jpg
.jpg
Common/Tips.png
.png
Common/animation.gif
.gif
Common/bkgnd-border.png
.png
Common/button_disable.jpg
.jpg
Common/button_focus.jpg
.jpg
Common/button_hover.jpg
.jpg
Common/button_normal.jpg
.jpg
Common/button_pushed.jpg
.jpg
Common/checkbox.bmp
Common/collapse.bmp
Common/dynamic_listbox_item_hover.png
.png
Common/dynamic_listbox_item_normal.png
.png
Common/dynamic_listbox_item_pushed.png
.png
Common/error_back.png
.png
Common/expand.bmp
Common/frame.jpg
.jpg
Common/frame_border.bmp
Common/headerctrl_hover.bmp
Common/headerctrl_normal.bmp
Common/headerctrl_normal16.bmp
Common/headerctrl_pushed.bmp
Common/listCtrlBtn_Disable.jpg
.jpg
Common/listCtrlBtn_Focus.jpg
.jpg
Common/listCtrlBtn_Hover.jpg
.jpg
Common/listCtrlBtn_Normal.jpg
.jpg
Common/listCtrlBtn_Pushed.jpg
.jpg
Common/msg_icon_check.png
.png
Common/msg_icon_error.png
.png
Common/msg_icon_info.png
.png
Common/msg_icon_question.png
.png
Common/msg_icon_warning.png
.png
Common/netstateerror2.png
.png
Common/netstateok2.png
.png
Common/old/sys_button_close.png
.png
Common/old/sys_button_max.png
.png
Common/old/sys_button_menu.png
.png
Common/old/sys_button_min.png
.png
Common/old/sys_button_restore.png
.png
Common/old/sys_dlg_close.png
.png
Common/old/sys_dlg_max.png
.png
Common/old/sys_dlg_min.png
.png
Common/old/sys_dlg_restore.png
.png
Common/old/sysmenu_close2.png
.png
Common/popup_dialog_title_bar_background.bmp
Common/progress_ctrl_background.bmp
Common/progress_ctrl_fg.bmp
Common/radiobutton.bmp
Common/scrollv/background.png
.png
Common/scrollv/buttons.png
.png
Common/scrollv/thumb.png
.png
Common/scrollv/thumbgripper.png
.png
Common/sys_button_close.png
.png
Common/sys_button_max.png
.png
Common/sys_button_min.png
.png
Common/sys_button_min2.png
.png
Common/sys_button_restore.png
.png
Common/sys_dlg_close.png
.png
Common/sysmenu_close2.png
.png
Common/tab_background.bmp
Common/tab_background.png
.png
Common/tab_hover.PNG
.png
Common/tab_normal.PNG
.png
Common/tab_pushed.PNG
.png
Common/title_bar_menu.png
.png
Common/toolbar_hover.png
.png
Common/toolbar_normal.png
.png
Common/toolbar_pushed.png
.png
Common/toolbar_sim_hover.png
.png
Common/toolbar_sim_normal.png
.png
Common/toolbar_sim_pushed.png
.png
ver.txt
360/deepscan/Identify/Identify.dll
.dll windows:5 windows x86 arch:x86

1d50a8793d3908b34fddcdbe8de92dc6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\360dev\branches\4.0.0.1001\boxidentify\Identify\Release\Identify.pdb

Imports

kernel32

GetFileSize
CreateFileW
GetFileAttributesW
GetLongPathNameW
lstrcpyW
MultiByteToWideChar
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
GetWindowsDirectoryW
GetLastError
LoadLibraryExW
SetFilePointer
GetPrivateProfileStringW
CompareStringW
CompareStringA
CreateFileA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
ReadFile
InterlockedIncrement
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
FreeLibrary
InterlockedDecrement
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetLocaleInfoW
LoadLibraryA
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetEnvironmentVariableA

user32

wvsprintfW
GetIconInfo
CharNextW
CharLowerW
LoadStringW
LoadImageW
DestroyIcon

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectW
DeleteObject
SetPixel

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

shlwapi

SHGetValueW
PathFindFileNameW
UrlGetPartW
PathAppendW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathFindExtensionW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CreateIdentify
CreateIdentifyExt

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/deepscan/cloudsec2.dll
.dll windows:4 windows x86 arch:x86

bd851f6a0c80e70bf49e9782d55bcb03

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
MultiByteToWideChar
GetSystemWindowsDirectoryW
SearchPathW
ExpandEnvironmentStringsW
GetTickCount
SystemTimeToFileTime
GetLocalTime
Sleep
InterlockedCompareExchange
DeleteFileW
FindClose
FindFirstFileW
lstrcpyW
FindNextFileW
GetFileSizeEx
GetVersionExW
LocalFree
LocalAlloc
GetFileAttributesW
LoadLibraryW
GetFileAttributesExW
GetLongPathNameW
GetModuleHandleW
CreateEventW
ResumeThread
SetEvent
ResetEvent
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjects
GetSystemDefaultUILanguage
GetEnvironmentVariableW
CreateSemaphoreW
LeaveCriticalSection
SetWaitableTimer
CreateWaitableTimerW
SetFilePointerEx
HeapFree
HeapAlloc
InitializeCriticalSection
CreateProcessW
GetSystemDirectoryW
FileTimeToSystemTime
TerminateThread
GetShortPathNameW
GetDriveTypeW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetTempPathW
GetFullPathNameW
InterlockedExchange
GetLogicalDrives
DeviceIoControl
GetExitCodeThread
GetCurrentProcess
CreateMutexW
DeleteCriticalSection
WideCharToMultiByte
GetProcAddress
FreeLibrary
lstrlenA
OutputDebugStringW
DebugBreak
GetPrivateProfileStringW
InterlockedIncrement
GetPrivateProfileIntW
CreateThread
GetModuleFileNameW
InterlockedDecrement
lstrlenW
CreateFileW
GetLastError
GetFileSize
ReadFile
GetSystemTimeAsFileTime
CreateFileA
LocalFileTimeToFileTime
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
TlsAlloc
SetEnvironmentVariableW
TlsFree
SetFilePointer
CloseHandle
GetProcessHeap
SetLastError
GetACP
GetCurrentThreadId
FormatMessageW
GetSystemTime
lstrcmpA
GetFileType
UnlockFileEx
LockFileEx
MoveFileExW
WriteFile
FlushFileBuffers
FileTimeToLocalFileTime

user32

LoadStringW
wvsprintfW
CharNextW
SendMessageTimeoutW
LoadBitmapW
FindWindowW
CharUpperW
CharLowerW

gdi32

DeleteObject

advapi32

RegEnumValueW
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
RegQueryValueExA
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExW
RegDeleteValueW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
GetErrorInfo
VariantChangeType
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

comctl32

ImageList_Add
ImageList_Destroy
ImageList_Create

shlwapi

StrCmpW
StrCmpIW
SHSetValueW
PathFileExistsW
PathAppendW
PathCombineW
StrChrW
SHGetValueW
StrStrIW
StrStrW
StrDupW
PathRemoveFileSpecW
StrCmpNW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
StrRChrW
StrCmpNIW

psapi

GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

_wcsicmp
??2@YAPAXI@Z
__CxxFrameHandler
free
wcslen
calloc
iswdigit
_wtoi
iswspace
_wsplitpath
rand
srand
swscanf
malloc
memmove
wcschr
wcscmp
wcsrchr
wcsstr
strncpy
isspace
wcsncmp
_vsnwprintf
_ftol
_CxxThrowException
_errno
_wtoi64
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_purecall
_except_handler3
_local_unwind2
wcstoul
fclose
fgetws
fopen
_wcsnicmp
_i64toa
fwrite
fread
fseek
_wfopen
_wcslwr
time
wcstok
wcscpy
strerror
wcsncpy
_snwprintf
swprintf
realloc
qsort
memchr
tolower
wcscat
_vsnprintf
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_adjust_fdiv

ws2_32

inet_ntoa
gethostbyname
WSAStartup
WSACleanup
inet_addr
gethostname

iphlpapi

DeleteIPAddress
GetIpAddrTable
GetIpForwardTable
DeleteIpForwardEntry
GetAdaptersInfo

netapi32

Netbios

wininet

InternetCrackUrlW
InternetCloseHandle
InternetSetStatusCallbackA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
InternetSetOptionA
InternetOpenA
InternetConnectA

winmm

timeGetTime

Exports

Exports

EngCreateObject
EngFrontFix
EngLib_Init

Sections

.text
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/360NetFos.dll
.dll windows:4 windows x86 arch:x86

02256835b3efb01aeed56991ce05ff7e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
GetPrivateProfileIntW
CreateThread
OutputDebugStringW
GetCurrentProcessId
GetTempFileNameW
GetTempPathW
GlobalUnlock
MultiByteToWideChar
ResetEvent
GetSystemDirectoryW
SetFilePointerEx
GetFileSizeEx
OpenThread
TlsSetValue
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
ReleaseMutex
CreateMutexW
GetACP
FormatMessageW
GetSystemTime
lstrcmpA
GetFileType
VirtualAlloc
VirtualFree
LocalFree
GetWindowsDirectoryW
GetModuleHandleA
GetSystemInfo
CopyFileW
MoveFileW
DeleteFileW
MoveFileExW
WideCharToMultiByte
WinExec
WritePrivateProfileStringW
SetEvent
Sleep
CompareStringW
lstrcpyW
lstrcmpiW
GetTickCount
WaitForSingleObject
MulDiv
FlushInstructionCache
CreateEventW
InterlockedIncrement
lstrlenA
InitializeCriticalSection
GetVersionExW
GetCurrentThreadId
SetLastError
GetCurrentProcess
SetProcessWorkingSetSize
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
LoadLibraryExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrlenW
InterlockedDecrement
CreateFileW
GetLastError
GetFileSize
ReadFile
SetFilePointer
CloseHandle
TlsGetValue

user32

GetMenu
GetWindowLongW
CreateWindowExW
RedrawWindow
GetDlgItem
MapWindowPoints
SetRectEmpty
ScreenToClient
GetCursorPos
SetFocus
SetCursor
OffsetRect
GetDC
SetWindowTextW
LoadCursorW
GetClassNameW
ReleaseDC
FillRect
LoadBitmapW
PostMessageW
FindWindowW
LoadImageW
GetActiveWindow
ExitWindowsEx
CharLowerW
SetDlgItemInt
GetDlgItemInt
RegisterClassExW
IsRectEmpty
GetWindow
DrawIconEx
IsWindowVisible
DispatchMessageW
TranslateMessage
GetMessageW
DialogBoxParamW
DestroyIcon
SetRect
LockWindowUpdate
IntersectRect
IsIconic
EnableWindow
DestroyMenu
TrackPopupMenu
GetMonitorInfoW
MonitorFromPoint
wsprintfW
GetClassInfoExW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MoveWindow
DeleteMenu
ModifyMenuW
EnableMenuItem
ShowWindow
CopyRect
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
DrawEdge
InflateRect
DrawFocusRect
IsWindowEnabled
DrawTextW
BeginPaint
EndPaint
IsWindow
SendMessageW
SetCapture
CallWindowProcW
GetCapture
InvalidateRect
UpdateWindow
SystemParametersInfoW
SetTimer
GetDlgCtrlID
GetParent
ReleaseCapture
ClientToScreen
GetWindowRect
PtInRect
KillTimer
DefWindowProcW
GetSysColor
GetSysColorBrush
SetWindowLongW
CharNextW
LoadStringW
GetSystemMetrics
CreateDialogParamW
GetClientRect
SetWindowPos
DestroyWindow
MessageBoxW
SetLayeredWindowAttributes
GetSubMenu
EndDialog
LoadMenuW

gdi32

StretchBlt
SetBkColor
CreateFontW
GetStockObject
GetObjectW
ExtTextOutW
CreateCompatibleDC
CreateCompatibleBitmap
SetViewportOrgEx
BitBlt
DeleteDC
SaveDC
SelectObject
GetClipBox
GetCurrentObject
MoveToEx
CreatePen
CreateFontIndirectW
CreateSolidBrush
SetBkMode
SetTextColor
RestoreDC
DeleteObject
LineTo

advapi32

LookupPrivilegeValueW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegOpenKeyW
RegEnumKeyExW
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ord680
ShellExecuteW
SHGetFolderPathW
SHGetFileInfoW
SHFileOperationW
ExtractIconExW

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear

comctl32

ImageList_GetIconSize
ImageList_Draw
_TrackMouseEvent
ImageList_Destroy
ImageList_LoadImageW

msimg32

TransparentBlt

shlwapi

PathFileExistsW
PathCombineW
PathRemoveFileSpecW
StrStrIW
SHGetValueW
PathIsRelativeW
PathAppendW
PathFindFileNameW
PathIsDirectoryW
PathRenameExtensionW
PathRemoveBackslashW
StrCmpNIW
StrCmpNW
StrCmpIW

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

msvcrt

wcsncmp
_wcsset
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
_CxxThrowException
rand
realloc
_errno
_wcsicmp
_vsnwprintf
_beginthreadex
_purecall
wcsncpy
memmove
wcscpy
wcscmp
_wtoi
iswdigit
wcslen
malloc
vswprintf
free
__CxxFrameHandler
??2@YAPAXI@Z
wcstok
strerror
wcsrchr
_snwprintf
wcschr
swprintf
strncpy
qsort
memchr
_wcslwr
swscanf
tolower
wcscat
wcsstr

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sfc

SfcIsFileProtected

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW
InternetGetConnectedState

iphlpapi

GetAdaptersInfo

Exports

Exports

CreatePage
InitPage
IsSupported
UnInitPage

Sections

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/360Speedr.ini
360/netmon/360defps.dat
360/netmon/360gmps.dat
360/netmon/360msv.ini
360/netmon/360netctrl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

bf8611ca29627ff9a27a46dde4b2258b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord826
ord600
ord1571
ord6466
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1165
ord1568
ord1173
ord1115
ord860
ord4272
ord6868
ord858
ord940
ord4273
ord535
ord538
ord4197
ord6655
ord2810
ord2717
ord3948
ord861
ord800
ord825
ord540
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord823
ord269

msvcrt

__CxxFrameHandler
_vsnwprintf
swscanf
_beginthreadex
_itow
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
wcscmp
printf
swprintf
_except_handler3
wcslen
_wcsupr
_purecall
_wcsicmp
_wcsset
_wcsnicmp
malloc
wcscpy
free

kernel32

FreeLibrary
LoadLibraryW
TerminateProcess
LocalFree
GetProcessHeap
HeapAlloc
HeapFree
ResetEvent
WaitForMultipleObjects
SystemTimeToFileTime
SetEvent
CreateEventW
GetPrivateProfileStringW
GetCommandLineW
WaitForSingleObject
CreateFileA
GetPrivateProfileIntW
GlobalAddAtomW
GetWindowsDirectoryW
OpenProcess
GetVersion
GetModuleHandleW
GetLogicalDriveStringsW
QueryDosDeviceW
GetLongPathNameW
DeleteFileW
MoveFileW
MoveFileExW
CopyFileW
lstrlenA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
VirtualAlloc
VirtualFree
LoadLibraryA
Process32NextW
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryW
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
WideCharToMultiByte
WinExec
DeviceIoControl
GetModuleFileNameA
LocalAlloc
WritePrivateProfileStringW
SetLastError
CloseHandle
SetFilePointer
ReadFile
GetFileSize
GetLastError
CreateFileW
GetModuleFileNameW
GetLocalTime

user32

MessageBoxW
wsprintfW
GetActiveWindow
GetSystemMetrics
DestroyIcon

advapi32

QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegEnumKeyExW
RegCloseKey
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ControlService
ChangeServiceConfigW
CreateServiceW
StartServiceW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
DeleteService

shell32

ShellExecuteExW
ShellExecuteW
ord680

ole32

CreateStreamOnHGlobal

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

iphlpapi

GetIpNetTable
GetAdaptersInfo
NotifyAddrChange

ws2_32

WSAGetLastError
ntohs
htonl
WSAStartup
WSACleanup
inet_addr

shlwapi

PathRemoveFileSpecA
StrCmpNIW
PathAppendA
PathRemoveFileSpecW
SHGetValueW
PathFileExistsW
PathAppendW
PathFindFileNameW
PathRenameExtensionW
StrCmpNW
SHDeleteValueW
PathCombineW
StrStrIW
SHSetValueW

Exports

Exports

ConflictDetection
ConflictDetectionEx
CreateMsgI
CreateProtectSpeed
CreateUIInterface
DllRegisterServer
DllUnregisterServer
DrvIsRuning
FreeMsgI
FreeProtectSpeed
FreeUIInterface
GetRemoteFlowSwitch
GetRunInterface
GetRxMaxValue
GetTotalFlow
GetTotalFlowEx
InitProtect
InstallXFDrv
IsDrvVerSame
IsInstallXFDrv
ProcessCD
QueryInvalidState
QuerySupportVer
QuerySupportVerEx
SetRemoteFlowSwitch
UninitProtect
UninstCD
UninstallXFDrv

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.360_NET
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/360netman.exe
.exe windows:4 windows x86 arch:x86

eae3333f076810ffe95bc9bafd2375a3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersion
GetLongPathNameW
QueryDosDeviceW
GetLogicalDriveStringsW
GetPrivateProfileIntW
WaitForSingleObject
FlushInstructionCache
CreateEventW
CreateDirectoryW
Sleep
SetEvent
GetVersionExW
WaitForMultipleObjects
SetProcessWorkingSetSize
WideCharToMultiByte
GetStartupInfoW
CreateFileW
ReadFile
SetFilePointer
GetFileSize
VirtualAlloc
VirtualFree
GetModuleHandleW
CreateProcessW
OpenProcess
GetCurrentProcess
CloseHandle
MultiByteToWideChar
FindFirstFileW
FindClose
FindNextFileW
GetTempPathW
GetTempFileNameW
DeleteFileW
lstrlenA
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
LocalFree
InterlockedIncrement
CreateMutexW
GetLastError
GetCommandLineW
LoadLibraryExW
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrlenW
GetTickCount

user32

ShowWindow
DefWindowProcW
DestroyWindow
LoadStringW
CharNextW
LoadBitmapW
EndDialog
AdjustWindowRectEx
MessageBoxW
GetWindowThreadProcessId
GetWindowRect
FindWindowW
GetWindow
SwitchToThisWindow
SetForegroundWindow
IsWindowEnabled
IsWindowVisible
GetWindowLongW
SendMessageW
EnumWindows
GetParent
GetDlgCtrlID
SystemParametersInfoW
SetWindowLongW
LoadImageW
SetWindowTextW
GetClientRect
GetDlgItem
SetWindowPos
SetFocus
SetTimer
KillTimer
CharLowerW
SetCursor
IntersectRect
MonitorFromPoint
GetMonitorInfoW
DrawEdge
DrawFocusRect
GetWindowTextLengthW
GetWindowTextW
GetSubMenu
LoadMenuW
GetSysColor
GetSysColorBrush
GetDC
SetCapture
GetCapture
ReleaseCapture
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
CallWindowProcW
BeginPaint
EndPaint
RedrawWindow
IsZoomed
PostQuitMessage
SendMessageTimeoutW
DialogBoxParamW
ClientToScreen
DeleteMenu
TrackPopupMenu
DestroyMenu
UpdateWindow
ScreenToClient
MoveWindow
MapWindowPoints
DestroyIcon
PtInRect
EnableWindow
InvalidateRect
InflateRect
CreateWindowExW
GetActiveWindow
GetSystemMetrics
PostMessageW
IsWindow
IsRectEmpty
GetMenu
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DrawTextW

gdi32

CreateCompatibleDC
LineTo
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
BitBlt
StretchBlt
ExtTextOutW
CreatePen
CreateSolidBrush
GetClipBox
SaveDC
RestoreDC
SetTextColor
SetBkMode
SetBkColor
SelectObject
CreateFontW
GetObjectW
CreateFontIndirectW
MoveToEx
GetStockObject
DeleteObject

advapi32

OpenProcessToken
GetTokenInformation

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
ord680

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString
SysStringLen

comctl32

ImageList_LoadImageW
ImageList_GetIconSize
_TrackMouseEvent
ImageList_Destroy
ImageList_Draw

msimg32

TransparentBlt

shlwapi

StrStrIW
SHGetValueW
PathIsRelativeW
StrCmpNIW
PathRemoveFileSpecW
PathAppendW
StrChrW
PathFileExistsW
PathCombineW

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z

msvcrt

_exit
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
_CxxThrowException
wcsncmp
wcschr
_beginthreadex
_purecall
_wcsnicmp
iswspace
wcsstr
_XcptFilter
wcscpy
_wfopen
fwrite
fclose
wcscmp
wcsncpy
_vsnwprintf
_wtoi
iswdigit
malloc
vswprintf
memmove
realloc
??2@YAPAXI@Z
wcsncat
free
wcslen
_wcsicmp
__CxxFrameHandler
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360/netmon/360netmon.ini
360/netmon/360netview.dll
.dll windows:4 windows x86 arch:x86

443fd4661ae69e7e73b4bfcb10762583

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord815
ord3948
ord823
ord800
ord2810
ord540
ord861
ord535
ord858
ord6868
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord1115
ord1173
ord1568
ord1165
ord1570
ord1179
ord342
ord1240
ord1194
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord4269
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord1563
ord1248
ord1250
ord2546
ord4480
ord6371
ord860
ord6466
ord1571
ord600
ord826
ord269

msvcrt

__CxxFrameHandler
wcscmp
wcslen
wcscpy
_purecall
_except_handler3
_beginthreadex
free
_adjust_fdiv
_vsnwprintf
__dllonexit
??1type_info@@UAE@XZ
malloc
_initterm
_onexit

kernel32

LocalAlloc
LocalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLongPathNameW
OpenProcess
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleW
GetProcAddress
GetWindowsDirectoryW
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
lstrlenW
WideCharToMultiByte
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
VirtualFree
VirtualAlloc
GetFileSize
SetFilePointer
ReadFile
CreateFileW

user32

DestroyIcon
GetActiveWindow
MessageBoxW

shell32

ShellExecuteW

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

psapi

GetModuleFileNameExW

ws2_32

WSAStartup
inet_addr
htonl
WSACleanup
ntohs

shlwapi

StrCmpNIW
PathFileExistsW
StrCmpNW

Exports

Exports

CreateCnntView
FreeCnntView

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/360ps.dll
.dll windows:4 windows x86 arch:x86

55c284f8deaa51b5bd43d9b64abb3f3d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
SetProcessWorkingSetSize
DeleteCriticalSection
HeapDestroy
LoadLibraryExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrlenW
GetCurrentProcess
GetCurrentThreadId
CreateFileW
GetTempPathW
SetFilePointer
GetFileSize
VirtualAlloc
VirtualFree
CompareStringW
GetLastError
LocalFree
GetTempFileNameW
DeleteFileW
lstrcmpiW
lstrcpyW
MulDiv
ResetEvent
CreateDirectoryW
CreateEventW
MultiByteToWideChar
WideCharToMultiByte
WinExec
CloseHandle
FlushInstructionCache
InterlockedIncrement
lstrlenA
InitializeCriticalSection
GetVersionExW
SetEvent
ReadFile
WaitForSingleObject
InterlockedDecrement

user32

FillRect
GetClassNameW
GetWindowTextLengthW
GetCursorPos
SetRectEmpty
GetWindowTextW
RedrawWindow
MapWindowPoints
KillTimer
MoveWindow
ScreenToClient
SetTimer
EnableWindow
IsIconic
IsWindowVisible
DrawIconEx
LoadCursorW
SetCursor
IsRectEmpty
GetMenu
AdjustWindowRectEx
EndDialog
GetDlgItem
ShowWindow
SetFocus
SetForegroundWindow
SetWindowTextW
SystemParametersInfoW
IsWindowEnabled
MessageBoxW
DestroyWindow
SetWindowPos
GetClientRect
CreateDialogParamW
GetSystemMetrics
SendMessageTimeoutW
PostMessageW
FindWindowW
LoadStringW
CharNextW
InflateRect
IntersectRect
CreateWindowExW
BeginPaint
EndPaint
GetWindowLongW
PtInRect
ClientToScreen
GetWindowRect
DefWindowProcW
IsWindow
SendMessageW
InvalidateRect
UpdateWindow
SetCapture
CallWindowProcW
GetCapture
GetDlgCtrlID
GetParent
ReleaseCapture
GetSysColor
GetSysColorBrush
OffsetRect
ReleaseDC
SetRect
DrawFocusRect
DrawEdge
ExitWindowsEx
CopyRect
GetActiveWindow
GetDC
DrawTextW
DialogBoxParamW
DestroyIcon
LoadImageW
LoadBitmapW
SetWindowLongW

gdi32

DeleteObject
GetObjectW
CreateFontW
RestoreDC
SelectObject
SetTextColor
SetBkMode
SaveDC
CreateSolidBrush
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
ExtTextOutW
SetBkColor
GetClipBox
StretchBlt
GetStockObject
CreateFontIndirectW
LineTo
MoveToEx
CreatePen

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey

shell32

ExtractIconExW
SHGetFileInfoW
ShellExecuteW
ord680

ole32

CoUninitialize
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysFreeString

comctl32

ImageList_GetIconSize
ImageList_Destroy
ImageList_Draw
_TrackMouseEvent
ImageList_LoadImageW

shlwapi

PathAppendW
PathFindFileNameW
PathIsRelativeW
SHGetValueW
StrStrIW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW

msvcrt

_wcsicmp
_vsnwprintf
_beginthreadex
wcsncpy
memmove
wcscpy
_CxxThrowException
realloc
_except_handler3
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
wcslen
malloc
vswprintf
??2@YAPAXI@Z
free
_purecall
rand
wcscmp
_wtoi
iswdigit
__CxxFrameHandler

urlmon

URLDownloadToFileW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

iphlpapi

GetAdaptersInfo

Exports

Exports

CreatePage
InitPage
IsSupported
RunExtFunction
UnInitPage

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/360tcpview.dll
.dll windows:4 windows x86 arch:x86

30c34096c7de090bea799d9d92541822

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalAlloc
GlobalLock
GlobalUnlock
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetEnvironmentVariableW
GetCurrentProcessId
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
ReleaseMutex
CreateMutexW
GetACP
FormatMessageW
GetSystemTime
LocalFree
lstrcmpA
SetLastError
GetFileType
CreateFileW
ReadFile
SetFilePointer
GetFileSize
VirtualAlloc
VirtualFree
CreateThread
CreateEventW
ResumeThread
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiW
lstrcpyW
CompareStringW
OpenProcess
CloseHandle
TerminateProcess
WaitForSingleObject
Sleep
SetEvent
lstrlenA
InterlockedIncrement
MulDiv
FlushInstructionCache
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
HeapDestroy
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetCurrentProcess
SetProcessWorkingSetSize
DisableThreadLibraryCalls
LoadLibraryExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrlenW
GetProcessHeap

user32

OpenClipboard
RegisterClassExW
wsprintfW
GetClassInfoExW
LoadMenuW
EmptyClipboard
CloseClipboard
DrawEdge
GetSubMenu
MonitorFromPoint
RedrawWindow
IsWindowVisible
LoadImageW
CharNextW
SetClipboardData
GetSysColor
SetFocus
CopyRect
DrawIconEx
SetWindowTextW
GetDC
ReleaseDC
DestroyIcon
IsRectEmpty
GetWindow
EndDialog
DialogBoxParamW
GetActiveWindow
SetRectEmpty
ScreenToClient
GetCursorPos
SetCursor
OffsetRect
SetRect
LoadCursorW
GetClassNameW
IsIconic
IsZoomed
GetMonitorInfoW
TrackPopupMenu
DestroyMenu
FindWindowW
IntersectRect
FillRect
GetSysColorBrush
EnableMenuItem
GetSystemMetrics
InflateRect
DrawFocusRect
GetWindowTextLengthW
GetWindowTextW
IsWindowEnabled
DrawTextW
CreateWindowExW
MapWindowPoints
IsWindow
SetCapture
CallWindowProcW
GetCapture
InvalidateRect
UpdateWindow
SystemParametersInfoW
SetTimer
ReleaseCapture
ClientToScreen
GetWindowRect
PtInRect
KillTimer
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
GetParent
PostMessageW
GetWindowLongW
DefWindowProcW
SetWindowPos
SendMessageW
GetDlgItem
ShowWindow
GetClientRect
BeginPaint
EndPaint
SetWindowLongW
LoadStringW
DestroyWindow
GetClassInfoW
RegisterClassW
CreateDialogParamW
MessageBoxW
LoadBitmapW

gdi32

LineTo
GetTextExtentPoint32W
CreatePen
RoundRect
SetBkColor
SaveDC
SetViewportOrgEx
CreateFontIndirectW
GetClipBox
RestoreDC
SetTextColor
SetBkMode
GetStockObject
GetObjectW
CreateCompatibleBitmap
StretchBlt
BitBlt
CreateSolidBrush
DeleteDC
CreateFontW
CreateCompatibleDC
SelectObject
DeleteObject
ExtTextOutW
MoveToEx

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW
ExtractIconExW
SHGetFolderPathW
SHGetFileInfoW

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_LoadImageW
ImageList_Destroy
ImageList_Draw

msimg32

GradientFill
TransparentBlt

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
StrCmpIW
PathFileExistsW
PathCombineW

ws2_32

ntohl

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sfc

SfcIsFileProtected

msvcrt

wcscat
tolower
swscanf
_wcslwr
memchr
qsort
strncpy
swprintf
wcschr
_snwprintf
strerror
wcscpy
wcstok
_errno
_purecall
_CxxThrowException
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
wcsrchr
_vsnwprintf
_endthreadex
_beginthreadex
_vsnprintf
wcsncmp
wcsncpy
_wtol
isalnum
wcscmp
??1type_info@@UAE@XZ
memmove
_ftol
_wtoi
iswdigit
wcslen
vswprintf
_wcsicmp
malloc
realloc
free
??2@YAPAXI@Z
__CxxFrameHandler
wcsstr

wininet

HttpAddRequestHeadersW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetReadFile
HttpSendRequestW
InternetOpenW

Exports

Exports

CreatePage
InitPage
IsSupported
UnInitPage

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/Identify/lib/listpredef.dat
360/netmon/Netgm.dll
.dll windows:4 windows x86 arch:x86

9b322f4d6b29066701410ae5015858fb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
SetEvent
GetTickCount
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
lstrlenW
WaitForSingleObject
WritePrivateProfileStringW
InterlockedIncrement
DisableThreadLibraryCalls
GetCurrentThreadId
HeapDestroy
ResetEvent
SetLastError
SetFilePointer
ReadFile
GetFileSize
GetLastError
CreateFileW
GetModuleFileNameW
CloseHandle
GetPrivateProfileIntW
CreateEventW
VirtualAlloc
VirtualFree
Process32NextW
CreateToolhelp32Snapshot
GetVersion
GetModuleHandleW
OpenProcess
GetLongPathNameW
QueryDosDeviceW
Process32FirstW
GetLogicalDriveStringsW
GetWindowsDirectoryW
CreateDirectoryW

user32

LoadStringW
DestroyWindow
GetActiveWindow
MessageBoxW
PostMessageW
LoadImageW
GetSystemMetrics
SendMessageTimeoutW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
memmove
wcsstr
wcscmp
_wcsnicmp
malloc
_beginthreadex
free
_vsnwprintf
_wcsicmp
__CxxFrameHandler
_purecall
??2@YAPAXI@Z
wcslen

sfc

SfcIsFileProtected

shlwapi

StrCmpNIW
StrCmpNW
PathFileExistsW
StrCmpIW
PathFindFileNameW
PathCombineW
PathRemoveFileSpecW

psapi

GetModuleFileNameExW

shell32

ExtractIconExW
SHGetFileInfoW
ShellExecuteW

Exports

Exports

CreateInstance
PreCQCheck

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/NetmonEP.dll
.dll windows:4 windows x86 arch:x86

f3a3b77a7c39e05ea916ec783b5cccb5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
CloseHandle
SetFilePointer
ReadFile
GetFileSize
GetLastError
CreateFileW
WriteFile
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
CreateEventW
WaitForSingleObject
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForMultipleObjects
GetCurrentProcessId
GetTickCount
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
RtlUnwind
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
TlsAlloc
TlsFree
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

user32

PostMessageW
IsWindow
FindWindowW
SendMessageTimeoutW

ole32

CreateStreamOnHGlobal

shlwapi

PathCombineW
PathFileExistsW
SHGetValueW
PathRemoveFileSpecW
StrStrIW

Exports

Exports

CreatePartnerInterface

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/config/netman/netman.ui
.zip
bottomdlgbk.png
.png
btnnetspeed1.png
.png
btnnetspeed2.png
.png
btnnetspeed3.png
.png
btnonekey1.png
.png
btnonekey2.png
.png
btnonekey3.png
.png
btnsetting1.png
.png
btnsetting2.png
.png
btnsetting3.png
.png
defaultbrowser.png
.png
flagclose.png
.png
flaginfo.png
.png
flagreboot.png
.png
frameline.png
.png
frameline2.png
.png
listviewflag1.png
.png
listviewflag1dis.png
.png
listviewflag2.png
.png
listviewflag2dis.png
.png
listviewflag3.png
.png
listviewflag3dis.png
.png
msgask.png
.png
msginfo.png
.png
msgreboot.png
.png
msgwarn.png
.png
popupdlgbk.png
.png
reminderdlgbk.png
.png
reminderdlgcaption.png
.png
reminderdlgflag.png
.png
reminderdlgicon.png
.png
splitbottom.png
.png
splitline.png
.png
tab_background.png
.png
tab_hover.png
.png
tab_normal.png
.png
tab_pushed.png
.png
tabiconconn.png
.png
tabiconnetmon.png
.png
tabiconps.png
.png
titledlgbk.png
.png
titledlgbk2.png
.png
titlelogo.png
.png
360/netmon/config/netman/netman/bottomdlgbk.png
.png
360/netmon/config/netman/netman/btnnetspeed1.png
.png
360/netmon/config/netman/netman/btnnetspeed2.png
.png
360/netmon/config/netman/netman/btnnetspeed3.png
.png
360/netmon/config/netman/netman/btnonekey1.png
.png
360/netmon/config/netman/netman/btnonekey2.png
.png
360/netmon/config/netman/netman/btnonekey3.png
.png
360/netmon/config/netman/netman/btnsetting1.png
.png
360/netmon/config/netman/netman/btnsetting2.png
.png
360/netmon/config/netman/netman/btnsetting3.png
.png
360/netmon/config/netman/netman/defaultbrowser.png
.png
360/netmon/config/netman/netman/flagclose.png
.png
360/netmon/config/netman/netman/flaginfo.png
.png
360/netmon/config/netman/netman/flagreboot.png
.png
360/netmon/config/netman/netman/frameline.png
.png
360/netmon/config/netman/netman/frameline2.png
.png
360/netmon/config/netman/netman/listviewflag1.png
.png
360/netmon/config/netman/netman/listviewflag1dis.png
.png
360/netmon/config/netman/netman/listviewflag2.png
.png
360/netmon/config/netman/netman/listviewflag2dis.png
.png
360/netmon/config/netman/netman/listviewflag3.png
.png
360/netmon/config/netman/netman/listviewflag3dis.png
.png
360/netmon/config/netman/netman/msgask.png
.png
360/netmon/config/netman/netman/msginfo.png
.png
360/netmon/config/netman/netman/msgreboot.png
.png
360/netmon/config/netman/netman/msgwarn.png
.png
360/netmon/config/netman/netman/popupdlgbk.png
.png
360/netmon/config/netman/netman/reminderdlgbk.png
.png
360/netmon/config/netman/netman/reminderdlgcaption.png
.png
360/netmon/config/netman/netman/reminderdlgflag.png
.png
360/netmon/config/netman/netman/reminderdlgicon.png
.png
360/netmon/config/netman/netman/splitbottom.png
.png
360/netmon/config/netman/netman/splitline.png
.png
360/netmon/config/netman/netman/tab_background.png
.png
360/netmon/config/netman/netman/tab_hover.png
.png
360/netmon/config/netman/netman/tab_normal.png
.png
360/netmon/config/netman/netman/tab_pushed.png
.png
360/netmon/config/netman/netman/tabiconconn.png
.png
360/netmon/config/netman/netman/tabiconnetmon.png
.png
360/netmon/config/netman/netman/tabiconps.png
.png
360/netmon/config/netman/netman/titledlgbk.png
.png
360/netmon/config/netman/netman/titledlgbk2.png
.png
360/netmon/config/netman/netman/titlelogo.png
.png
360/netmon/config/pedata/pedata.ui
.zip
bs11532.png
.png
bs15532.png
.png
bs360chrome32.png
.png
bs360ge32.png
.png
bs360se32.png
.png
bsaoyou32.png
.png
bsavant32.png
.png
bscaihong32.png
.png
bschrome32.png
.png
bsfirefox32.png
.png
bsgreenbrowser32.png
.png
bshxllq32.png
.png
bsie32.png
.png
bsiq32.png
.png
bslunascape32.png
.png
bsmfllq32.png
.png
bsopera32.png
.png
bsqq32.png
.png
bssafari32.png
.png
bssg32.png
.png
bstgllq32.png
.png
bstm32.png
.png
bstt32.png
.png
bstw32.png
.png
bstwchrome32.png
.png
gmgame_QQfc32.png
.png
gmgame_QQxw32.png
.png
gmgame_QQys32.png
.png
gmgame_QQzyhx32.png
.png
gmgame_StarCraft32.png
.png
gmgame_cf32.png
.png
gmgame_cfol32.png
.png
gmgame_dhxy332.png
.png
gmgame_dtws32.png
.png
gmgame_dxcyys32.png
.png
gmgame_jgsj32.png
.png
gmgame_jianxian32.png
.png
gmgame_jwt32.png
.png
gmgame_jxqy332.png
.png
gmgame_lzg32.png
.png
gmgame_mhxy32.png
.png
gmgame_mhzx32.png
.png
gmgame_moyu32.png
.png
gmgame_msg32.png
.png
gmgame_mxdOL32.png
.png
gmgame_penglai32.png
.png
gmgame_ppkdc32.png
.png
gmgame_rxjh32.png
.png
gmgame_sgsOL32.png
.png
gmgame_smOL32.png
.png
gmgame_smdl32.png
.png
gmgame_tianlong232.png
.png
gmgame_tianxia232.png
.png
gmgame_wendao32.png
.png
gmgame_wow32.png
.png
gmgame_xunxian32.png
.png
gmgame_xwlwz32.png
.png
gmgame_xyj32.png
.png
gmgame_yhzt32.png
.png
gmgame_yzOL32.png
.png
gmgame_zdzw32.png
.png
gmgame_zhengtu32.png
.png
gmgame_zhuxian232.png
.png
gmgame_zxy32.png
.png
360/netmon/lmtps.dat
360/netmon/netdrv/50/360netmon_50.sys
.sys windows:6 windows x86 arch:x86

188c2eabeb66b6d04b7df5a15dbaee24

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:95:37:41:60:82:78:2b:9e:5a:02:a1:6f:17:74:c0:f6:a1:8f:c0
Signer

Actual PE Digest

99:95:37:41:60:82:78:2b:9e:5a:02:a1:6f:17:74:c0:f6:a1:8f:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\tdifltr\branches\linkbase\output\i386\360netmon_50.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
ObfDereferenceObject
IoGetDeviceObjectPointer
IoRegisterDriverReinitialization
IofCallDriver
PsGetCurrentThreadId
IoGetCurrentProcess
RtlCompareMemory
_wcsicmp
wcsrchr
PsGetCurrentProcessId
IofCompleteRequest
ExfInterlockedInsertTailList
IoIsOperationSynchronous
KeSetEvent
ObReferenceObjectByHandle
IoThreadToProcess
IoCreateSynchronizationEvent
PsCreateSystemThread
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
KeInitializeEvent
ExInitializeResourceLite
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlGetVersion
InitSafeBootMode
IoAttachDevice
PsGetProcessId
memcpy
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsGetProcessPeb
MmIsAddressValid
ZwQueryDirectoryFile
KefAcquireSpinLockAtDpcLevel
PsSetCreateProcessNotifyRoutine
IoQueryFileDosDeviceName
ObQueryNameString
IoFileObjectType
ZwOpenFile
ZwQueryInformationProcess
ObOpenObjectByPointer
PsLookupProcessByProcessId
ExAllocatePool
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
MmProbeAndLockPages
IoAllocateMdl
_stricmp
ZwQuerySystemInformation
MmMapLockedPages
RtlCompareUnicodeString
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
PsTerminateSystemThread
ExfInterlockedInsertHeadList
IoBuildPartialMdl
IoFreeIrp
IoMakeAssociatedIrp
ExfInterlockedRemoveHeadList
KeDelayExecutionThread
RtlEqualUnicodeString
KeTickCount
KeBugCheckEx
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
ZwClose
IoBuildDeviceIoControlRequest
KefReleaseSpinLockFromDpcLevel
memset
ExAllocatePoolWithTag
ExInterlockedPushEntrySList
ZwCreateFile
ExInterlockedPopEntrySList
RtlUnwind

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

tdi.sys

TdiMapUserRequest

ndis.sys

NdisSetTimer
NdisInitializeTimer
NdisFreeMemory
NdisAllocateMemory

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/netdrv/60/360netmon_60.sys
.sys windows:6 windows x86 arch:x86

e72453895cbd27b41782d4a1a81c2f6a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:ca:a5:22:eb:76:7d:30:f7:9b:e3:0e:73:49:ca:5f:bb:ca:68:fe
Signer

Actual PE Digest

9b:ca:a5:22:eb:76:7d:30:f7:9b:e3:0e:73:49:ca:5f:bb:ca:68:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\tdifltr\branches\linkbase\output\i386\360netmon_60.pdb

Imports

ntoskrnl.exe

IoIsOperationSynchronous
KeSetEvent
ObReferenceObjectByHandle
IoThreadToProcess
IoCreateSynchronizationEvent
PsCreateSystemThread
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
KeInitializeEvent
ExInitializeResourceLite
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlGetVersion
InitSafeBootMode
IoAttachDevice
PsGetProcessId
memcpy
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsGetProcessPeb
ZwCreateFile
ZwQueryDirectoryFile
IoBuildDeviceIoControlRequest
PsSetCreateProcessNotifyRoutine
IoQueryFileDosDeviceName
ObQueryNameString
KefReleaseSpinLockFromDpcLevel
ZwOpenFile
ExfInterlockedInsertTailList
ObOpenObjectByPointer
PsLookupProcessByProcessId
ExAllocatePool
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
MmProbeAndLockPages
IoAllocateMdl
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
PsTerminateSystemThread
ExfInterlockedInsertHeadList
IoBuildPartialMdl
IoFreeIrp
IoMakeAssociatedIrp
ExfInterlockedRemoveHeadList
KeDelayExecutionThread
RtlEqualUnicodeString
ZwQuerySystemInformation
KeTickCount
KeBugCheckEx
RtlUnwind
MmIsAddressValid
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
IofCompleteRequest
PsGetCurrentProcessId
wcsrchr
_wcsicmp
RtlCompareMemory
IoGetCurrentProcess
PsGetCurrentThreadId
IofCallDriver
IoRegisterDriverReinitialization
IoGetDeviceObjectPointer
ExFreePoolWithTag
ObfDereferenceObject
ZwQueryInformationProcess
KefAcquireSpinLockAtDpcLevel
ZwClose
memset
ExAllocatePoolWithTag
ExInterlockedPushEntrySList
IoFileObjectType
ExInterlockedPopEntrySList

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

fwpkclnt.sys

FwpmEngineOpen0
FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpsAllocateCloneNetBufferList0
FwpsFreeCloneNetBufferList0
FwpsCalloutRegister0
FwpmCalloutAdd0
FwpmEngineClose0
FwpmFilterAdd0
FwpmBfeStateSubscribeChanges0

tdi.sys

TdiMapUserRequest

ndis.sys

NdisSetTimer
NdisInitializeTimer
NdisGetDataBuffer
NdisAdvanceNetBufferListDataStart
NdisRetreatNetBufferListDataStart

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/netdrv/x64/360netmon_x64.sys
.sys windows:6 windows x64 arch:x64

8752763d4aa1413bd8b0360dada88a72

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:e7:c9:27:44:a7:af:f1:e2:67:48:5f:b6:18:2b:f8:ae:bb:76:f2
Signer

Actual PE Digest

3b:e7:c9:27:44:a7:af:f1:e2:67:48:5f:b6:18:2b:f8:ae:bb:76:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\build\tdifltr\branches\linkbase\output\amd64\360netmon_x64.pdb

Imports

ntoskrnl.exe

PsCreateSystemThread
IoGetDeviceObjectPointer
ZwQueryValueKey
ExInterlockedInsertTailList
IoGetCurrentProcess
InitSafeBootMode
ZwClose
IofCompleteRequest
ExQueryDepthSList
ObReferenceObjectByHandle
RtlCompareMemory
IoCreateSymbolicLink
PsGetCurrentThreadId
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
IoCreateDevice
ExInitializeResourceLite
KeAcquireSpinLockAtDpcLevel
IofCallDriver
ZwOpenKey
KeAcquireSpinLockRaiseToDpc
PsGetProcessPeb
ProbeForRead
IoBuildDeviceIoControlRequest
PsLookupProcessByProcessId
ZwReadFile
IoCreateFile
IoIs32bitProcess
KeUnstackDetachProcess
ObQueryNameString
IoFileObjectType
wcsrchr
ExAllocatePool
ZwQueryDirectoryFile
IoAttachDevice
PsGetVersion
ZwQueryInformationProcess
ZwOpenFile
ZwQueryInformationFile
IoQueryFileDosDeviceName
ObOpenObjectByPointer
PsGetProcessId
KeStackAttachProcess
IoFreeMdl
KeWaitForSingleObject
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExReleaseResourceLite
IoBuildPartialMdl
IoMakeAssociatedIrp
ZwQuerySystemInformation
RtlEqualUnicodeString
KeDelayExecutionThread
ExInterlockedInsertHeadList
PsTerminateSystemThread
IoFreeIrp
ExInterlockedRemoveHeadList
KeBugCheckEx
IoCreateSynchronizationEvent
KeReleaseSpinLockFromDpcLevel
PsSetCreateProcessNotifyRoutine
ExpInterlockedPopEntrySList
KeReleaseSpinLock
RtlGetVersion
IoIsOperationSynchronous
KeInitializeEvent
ExpInterlockedPushEntrySList
KeSetEvent
IoDeleteDevice
IoRegisterDriverReinitialization
RtlInitUnicodeString
ExInitializeNPagedLookasideList
ExFreePoolWithTag
IoDeleteSymbolicLink
ExAllocatePoolWithTag
IoThreadToProcess
ZwCreateFile
_wcsicmp
__C_specific_handler

fwpkclnt.sys

FwpsFreeCloneNetBufferList0
FwpmTransactionCommit0
FwpmCalloutAdd0
FwpsAllocateCloneNetBufferList0
FwpmBfeStateSubscribeChanges0
FwpsCalloutRegister0
FwpmTransactionAbort0
FwpmEngineOpen0
FwpmFilterAdd0
FwpmTransactionBegin0
FwpmEngineClose0

tdi.sys

TdiMapUserRequest

ndis.sys

NdisGetDataBuffer
NdisRetreatNetBufferListDataStart
NdisSetTimer
NdisInitializeTimer
NdisAdvanceNetBufferListDataStart

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/netmstart.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5afd6ee4b3306e1340a2c897c0daed2f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetSystemDirectoryW
CopyFileW
CreateFileW
FreeLibrary
DeleteFileW
GetLastError
CloseHandle
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetCurrentProcess
WideCharToMultiByte
GetVersionExW
ReadFile
GetFileSize
LoadLibraryW
SetStdHandle
GetStringTypeW
GetStringTypeA
HeapFree
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteValueW
OpenServiceW
RegOpenKeyExW
RegCloseKey
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
StartServiceW
RegCreateKeyExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

SHSetValueW
SHDeleteKeyW
PathFileExistsW
PathCombineW
PathAppendW
PathRemoveFileSpecW

msvcrt

_vsnwprintf
_beginthreadex

user32

GetActiveWindow
MessageBoxW

shell32

ShellExecuteW

Exports

Exports

DllRegisterServer
DllUnregisterServer
IsInstall
SetupInstall

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/nmver.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

DllRegisterServer
DllUnregisterServer
OnUpdate

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/skin/default.uil
.zip
infownd/background.png
.png
infownd/bargreen.png
.png
infownd/barorange.png
.png
infownd/defaultfileicon.png
.png
infownd/numbers0.png
.png
infownd/numbers1.png
.png
infownd/numbers2.png
.png
infownd/numbers3.png
.png
infownd/numbers4.png
.png
infownd/numbers5.png
.png
infownd/numbers6.png
.png
infownd/numbers7.png
.png
infownd/numbers8.png
.png
infownd/numbers9.png
.png
infownd/numbersdot.png
.png
infownd/protect.png
.png
infownd/protectline.png
.png
infownd/spannerhover.png
.png
infownd/spannernormal.png
.png
infownd/spannerpushed.png
.png
infownd/sysfileicon.png
.png
infownd/tabbtnhover.png
.png
infownd/tabbtnpushed.png
.png
infownd/unitsgb.png
.png
infownd/unitskb.png
.png
infownd/unitsmb.png
.png
infownd/unitstb.png
.png
infownd/weather.png
.png
modewnd/background.png
.png
modewnd/hovermask.png
.png
modewnd/modegame.png
.png
modewnd/modegameselected.png
.png
modewnd/modeweb.png
.png
modewnd/modewebselected.png
.png
modewnd/selectedmask.png
.png
protectwnd/background.png
.png
protectwnd/btnclosehover.png
.png
protectwnd/btnclosenormal.png
.png
protectwnd/btnclosepushed.png
.png
protectwnd/protect.png
.png
skinme.dat
speedwnd/background.png
.png
speedwnd/btnmodedisablehover.png
.png
speedwnd/btnmodedisablenormal.png
.png
speedwnd/btnmodedisablepushed.png
.png
speedwnd/btnmodegamehover.png
.png
speedwnd/btnmodegamenormal.png
.png
speedwnd/btnmodegamepushed.png
.png
speedwnd/btnmodewebhover.png
.png
speedwnd/btnmodewebnormal.png
.png
speedwnd/btnmodewebpushed.png
.png
speedwnd/hilight.png
.png
tipswnd/background.png
.png
tipswnd/btnclosehover.png
.png
tipswnd/btnclosenormal.png
.png
tipswnd/btnclosepushed.png
.png
tipswnd/info.png
.png
tipswnd/modegame.png
.png
360/netmon/sysmon.dll
.dll windows:4 windows x86 arch:x86

a709adaa9409a93598359fa4c567aed3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
CloseHandle
GetFileInformationByHandle
GetVersion
GetProcAddress
GetModuleHandleW
OpenProcess
GetSystemInfo
GetLongPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
LoadLibraryW
FreeLibrary
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
GlobalMemoryStatusEx
GetLastError
GetProcessTimes
GetModuleFileNameW
DisableThreadLibraryCalls
ReadFile
SetFilePointer
VirtualFree
VirtualAlloc
GetFileSize

shlwapi

PathFileExistsW
PathRemoveBackslashW

msvcrt

_ftol
__CxxFrameHandler
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
_vsnwprintf
malloc
free
_beginthreadex
_wcsnicmp

psapi

EnumProcesses
GetModuleFileNameExW

user32

MessageBoxW
GetActiveWindow

shell32

ShellExecuteW

Exports

Exports

GetCpuMemoryUsage
GetProcessUsage
Init
SetCalcProcess
Start
Stop
Uninit
fnSysmon

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/netmon/userps.ini
360/safemon/360compro.dll
.dll windows:4 windows x86 arch:x86

811dd9c87a23b2a08c94d9ca7c4469fb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetVersionExW
GetSystemInfo
GetModuleHandleA
CloseHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetFileAttributesExW
GetLastError
InterlockedDecrement
WaitForSingleObject
CreateThread
GetLongPathNameW
lstrlenW
FindNextFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
LockResource
LoadResource
FindResourceExW
lstrlenA
InterlockedIncrement
DebugBreak
OutputDebugStringW
MultiByteToWideChar
GetCommandLineW
DeleteFileW
FreeLibrary
GetModuleHandleW
WideCharToMultiByte
GetDiskFreeSpaceW
GetDriveTypeW
IsBadReadPtr
ReadFile
GetFileSize
CreateFileW
MoveFileExW
GlobalFree
SystemTimeToFileTime
GetSystemTime
GlobalAlloc
CreateDirectoryW
CreateEventW
GetLocalTime
Sleep
WritePrivateProfileStringW
ResumeThread
SetThreadPriority
GetTickCount
SetFilePointer
GetTempFileNameW
GetTempPathW
LoadLibraryExW
WriteFile
VirtualAlloc
VirtualFree
EnterCriticalSection
LoadLibraryW
GetProcAddress
LeaveCriticalSection
DeleteCriticalSection
SetFileAttributesW
InitializeCriticalSection

user32

WaitForInputIdle
FindWindowW
GetSystemMetrics
SendMessageTimeoutW
SetForegroundWindow
ShowWindow
GetActiveWindow
wvsprintfW
CharNextW
LoadStringW
MessageBoxW
PostMessageW

advapi32

GetTokenInformation
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
OpenProcessToken

shell32

ord680
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize

oleaut32

VariantCopy
VariantClear
SysAllocString
VariantChangeType
SysFreeString

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

msvcrt

_itow
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
??1exception@@UAE@XZ
??0exception@@QAE@XZ
swscanf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
time
_beginthreadex
_filelength
iswdigit
_wtoi
wcscmp
wcslen
memcpy
wcsncmp
wcsncpy
exit
wcsncat
__dllonexit
strlen
_onexit
??2@YAPAXI@Z
memset
free
malloc
_wcsicmp
mktime
_vsnwprintf
_except_handler3
fclose
fseek
fread
_wfopen
printf
__CxxFrameHandler
fwrite

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathFileExistsW
PathFindFileNameW
StrCmpNIW
PathFindExtensionW
StrStrIA
StrCmpIW
StrStrIW
PathIsDirectoryW
PathCombineW
wnsprintfW
SHSetValueW
SHDeleteValueW
SHGetValueW
PathRemoveFileSpecW
PathAppendW

netapi32

NetUserGetInfo
NetApiBufferFree

Exports

Exports

CalcV3Param_RunOnce
CreateFireWallState
CreateFireWallStateQuick
CreateTrayClient
DeleteV3ParamItem
GetV3ParamInfo
SetAntiVirusCheckFlag

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/safemon/360tray.exe
.exe windows:4 windows x86 arch:x86

82d5d748fc551c74d43f68fee8f3ee99

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord470
ord3701
ord941
ord818
ord2859
ord665
ord1971
ord6381
ord3502
ord5769
ord3313
ord5180
ord354
ord5438
ord925
ord6451
ord2910
ord5568
ord2914
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord3332
ord3703
ord781
ord2103
ord3605
ord656
ord2081
ord4128
ord4292
ord472
ord5869
ord6185
ord3802
ord536
ord922
ord1230
ord3133
ord324
ord4229
ord4704
ord4394
ord3625
ord682
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6017
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord6051
ord4073
ord1768
ord4390
ord5237
ord2377
ord5157
ord6370
ord4347
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord1569
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord809
ord1634
ord1165
ord556
ord825
ord3658
ord3621
ord2406
ord1785
ord4270
ord2371
ord5286
ord800
ord861
ord540
ord6354
ord1088
ord2114
ord3566
ord755
ord289
ord5785
ord613
ord2559
ord860
ord3569
ord2567
ord6871
ord2372
ord2092
ord3993
ord6898
ord384
ord686
ord6868
ord5784
ord5783
ord3688
ord4155
ord4282
ord4279
ord2397
ord3568
ord6211
ord6437
ord5706
ord6654
ord2855
ord2637
ord6376
ord6195
ord3592
ord4419
ord5276
ord1767
ord6048
ord4992
ord4370
ord5261
ord641
ord2506
ord3806
ord2813
ord1172
ord4294
ord3737
ord4401
ord2606
ord4273
ord537
ord940
ord942
ord3991
ord6238
ord6688
ord6667
ord283
ord2746
ord6168
ord3297
ord6754
ord2745
ord2442
ord4238
ord693
ord3635
ord3365
ord4396
ord2574
ord535
ord858
ord2810
ord2717
ord6278
ord6867
ord640
ord5781
ord1633
ord2854
ord323
ord5871
ord3871
ord2070
ord6193
ord2566
ord3397
ord3567
ord567
ord609
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord1229
ord1143
ord2144
ord823
ord2613
ord538
ord6433
ord1202
ord1131
ord3614

msvcrt

memchr
qsort
memmove
wcscat
mktime
iswdigit
_except_handler3
_wcslwr
tolower
swscanf
malloc
_wtoi
memcpy
_wtol
wcsrchr
isalnum
strlen
wcsncat
wcsncpy
_vsnprintf
strncmp
wcscmp
wcsncmp
time
memcmp
_purecall
_CxxThrowException
_wcsdup
realloc
wcschr
rand
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
swprintf
_snwprintf
strerror
wcscpy
wcstok
_errno
strncpy
_stricmp
_tzset
free
_wcsicmp
_vsnwprintf
_controlfp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_beginthreadex
__CxxFrameHandler
memset
__p__commode
__p__fmode
__set_app_type
wcslen

kernel32

ReadFile
VirtualFree
VirtualAlloc
GetFileSize
CreateEventW
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileExW
LockFileEx
UnlockFileEx
WaitForMultipleObjects
CreateThread
ReleaseMutex
SetLastError
FormatMessageW
GetLocalTime
HeapFree
TlsFree
SetEnvironmentVariableW
TlsAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
TlsSetValue
OpenThread
TlsGetValue
DebugBreak
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileType
MapViewOfFile
CreateFileMappingW
DuplicateHandle
UnmapViewOfFile
ResetEvent
InterlockedCompareExchange
lstrcmpA
SetFilePointerEx
GetACP
InterlockedDecrement
GlobalAlloc
GetSystemTime
SystemTimeToFileTime
GetFileAttributesExW
FindResourceExW
GetPrivateProfileSectionW
GetStartupInfoW
GetFileSizeEx
SetEndOfFile
CreateDirectoryW
SetFilePointer
OpenProcess
SetProcessWorkingSetSize
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
GetTempPathW
GetTempFileNameW
WriteFile
lstrlenA
MultiByteToWideChar
SetEvent
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
WritePrivateProfileStringW
CopyFileW
VirtualProtect
TerminateProcess
OutputDebugStringW
SetUnhandledExceptionFilter
GlobalFree
InterlockedIncrement
GetModuleHandleA
GetSystemInfo
GetSystemDirectoryW
SearchPathW
GetFileAttributesW
LocalAlloc
lstrlenW
LocalFree
GetLongPathNameW
CreateProcessW
GetPrivateProfileStringW
GetPrivateProfileIntW
WaitForSingleObject
LoadResource
LockResource
GetCurrentProcess
GetVersionExW
IsBadReadPtr
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
RemoveDirectoryW
Sleep
FreeLibrary
GetModuleFileNameW
LoadLibraryW
GetCommandLineW
CloseHandle
CreateMutexW
GetLastError
SetProcessShutdownParameters
GetModuleHandleW
GetProcAddress

user32

wvsprintfW
CharNextW
DrawIconEx
LoadBitmapW
SendMessageW
GetClientRect
CopyRect
InvalidateRect
GetWindowRect
EnableWindow
LoadCursorW
LoadIconW
DefWindowProcW
AppendMenuW
FillRect
ShowWindow
SetForegroundWindow
WaitForInputIdle
SendMessageTimeoutW
FindWindowW
PostMessageW
GetSystemMetrics
OffsetRect
MessageBoxW
ReleaseDC
GetWindowDC
DrawIcon
SetTimer
KillTimer
FrameRect
PtInRect
SetCursor
IsWindow
SetWindowRgn
EqualRect
SetLayeredWindowAttributes
SetWindowLongW
GetWindowLongW
SystemParametersInfoW
GetDesktopWindow
GetParent
SetClassLongW
RegisterWindowMessageW
GetCursorPos
GetMenuStringW
GetIconInfo
DestroyIcon
GetActiveWindow
GrayStringW
DrawTextW
TabbedTextOutW
GetSysColor
UpdateWindow
RedrawWindow
GetForegroundWindow
GetWindow
GetWindowInfo
GetShellWindow
WindowFromPoint
GetAncestor
GetWindowThreadProcessId
GetMenuItemID
GetDC
ModifyMenuW
InflateRect
LoadMenuW
GetSubMenu
SetMenuDefaultItem
DeleteMenu

gdi32

RectVisible
ExtTextOutW
Escape
PtVisible
EnumFontFamiliesW
GetStockObject
CreateRoundRectRgn
CreateFontIndirectW
CreatePen
CreateSolidBrush
Rectangle
GetTextExtentExPointW
GetObjectW
SelectObject
StretchBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontW
TextOutW

advapi32

ControlService
ChangeServiceConfigW
RegDeleteValueW
InitializeSecurityDescriptor
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyW
RegQueryValueExW
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW
ShellExecuteExW
Shell_NotifyIconW
ord680
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
ShellExecuteW

comctl32

ImageList_Draw
_TrackMouseEvent

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

shlwapi

StrChrW
StrCmpIW
PathIsRelativeW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
PathAppendW
PathFileExistsW
SHSetValueW
PathRemoveFileSpecW
PathCombineW
StrStrIW
StrRChrW
StrStrW
SHGetValueW
SHDeleteValueW
StrCmpW

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetGetConnectedState
InternetCrackUrlW
InternetSetOptionW
InternetSetOptionA
DeleteUrlCacheEntryW
HttpAddRequestHeadersW
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
HttpSendRequestW
InternetErrorDlg
HttpQueryInfoW
InternetQueryOptionW
InternetSetStatusCallbackA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetWriteFile
InternetReadFileExA
HttpQueryInfoA
InternetConnectA
InternetOpenA

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringFreeW
NdrClientCall2

psapi

GetModuleFileNameExW

netapi32

Netbios

ws2_32

getpeername
WSAStartup
ntohl
inet_ntoa
WSACleanup

winmm

timeGetTime

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360/safemon/config.ini
360/safemon/netm.tpi
.dll windows:4 windows x86 arch:x86

8e7db2dc1a9d27555d6d309e9656a06a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalFindAtomW
CreateEventW
Sleep
WaitForSingleObject
SetEvent
GetTickCount
GetPrivateProfileStringW
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentThreadId
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
OpenProcess
GetLocalTime
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleHandleW
GetLongPathNameW
GetVersionExW
GetTempPathW
GetTempFileNameW
DeleteFileW
FindResourceW
LoadResource
LockResource
SetEndOfFile
MoveFileW
SetVolumeLabelW
GetDriveTypeW
SetFileTime
GetFileAttributesW
SetFileAttributesW
GetDiskFreeSpaceExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FormatMessageW
LocalFree
VirtualAlloc
VirtualFree
ExitProcess
FreeResource
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenA
InterlockedIncrement
lstrlenW
InterlockedDecrement
GetModuleFileNameW
CreateProcessW
CreateFileW
GetLastError
GetFileSize
ReadFile
SetFilePointer
CloseHandle
SetLastError

user32

SetForegroundWindow
SwitchToThisWindow
DestroyIcon
CharNextW
LoadStringW
WaitForInputIdle
GetSystemMetrics
PostMessageW
FindWindowW
SendMessageTimeoutW
GetIconInfo
GetCursorPos
IsWindowVisible
MoveWindow
IsWindow
SystemParametersInfoW
OffsetRect
CharLowerW
SetWindowLongW
DefWindowProcW
GetWindowLongW
CallWindowProcW
GetParent
ShowWindow
CreateWindowExW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
InsertMenuW
FindWindowExW
InflateRect
GetActiveWindow
GetAsyncKeyState
UpdateLayeredWindow
ReleaseCapture
SetCapture
CopyRect
SetCursor
GetDC
ReleaseDC
SendMessageW
MonitorFromPoint
GetMonitorInfoW
SetActiveWindow
DrawTextW
IsWindowEnabled
GetWindowThreadProcessId
GetAncestor
WindowFromPoint
GetWindowRect
GetShellWindow
GetWindowInfo
DestroyWindow
GetWindow
SetWindowPos
SetParent
MessageBoxW
GetDesktopWindow
CreatePopupMenu
TrackPopupMenu
GetForegroundWindow
SetTimer
KillTimer
PtInRect
ClientToScreen
DestroyMenu

gdi32

RestoreDC
SaveDC
SetTextColor
SetBkMode
SelectObject
DeleteDC
SetBkColor
CreateFontIndirectW
GetObjectW
CreateFontW
SetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteObject
GetDIBits
RealizePalette
BitBlt
SetDIBitsToDevice
StretchDIBits
SetStretchBltMode
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
ExtTextOutW

shell32

SHGetFolderPathW
ShellExecuteW
SHGetFileInfoW
ExtractIconExW
SHFileOperationW

ole32

CreateStreamOnHGlobal

comctl32

_TrackMouseEvent

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG0@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$ctype@G@std@@QAE@I@Z
??0bad_cast@std@@QAE@PBD@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??1?$ctype@G@std@@UAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??_7facet@locale@std@@6B@
??_7ctype_base@std@@6B@
??_7?$ctype@G@std@@6B@
??0_Locinfo@std@@QAE@PBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
_Getctype
??1_Locinfo@std@@QAE@XZ
??_7bad_cast@std@@6B@
??1ctype_base@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
?do_is@?$ctype@G@std@@MBEPBGPBG0PAF@Z
?do_is@?$ctype@G@std@@MBE_NFG@Z
?do_scan_is@?$ctype@G@std@@MBEPBGFPBG0@Z
?do_scan_not@?$ctype@G@std@@MBEPBGFPBG0@Z
?do_tolower@?$ctype@G@std@@MBEPBGPAGPBG@Z
?do_tolower@?$ctype@G@std@@MBEGG@Z
?do_toupper@?$ctype@G@std@@MBEPBGPAGPBG@Z
?do_toupper@?$ctype@G@std@@MBEGG@Z
?do_widen@?$ctype@G@std@@MBEPBDPBD0PAG@Z
?do_widen@?$ctype@G@std@@MBEGD@Z
?do_narrow@?$ctype@G@std@@MBEPBGPBG0DPAD@Z
?do_narrow@?$ctype@G@std@@MBEDGD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7out_of_range@std@@6B@
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1out_of_range@std@@UAE@XZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??1locale@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Global@_Locimp@locale@std@@0PAV123@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??0logic_error@std@@QAE@ABV01@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??0out_of_range@std@@QAE@ABV01@@Z

shlwapi

SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathCombineW
StrCmpIW
SHSetValueW

sfc

SfcIsFileProtected

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

psapi

GetModuleFileNameExW

msvcrt

wcsrchr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
_vsnwprintf
rand
_purecall
_beginthread
_beginthreadex
wprintf
abort
strchr
isspace
_except_handler3
time
floor
realloc
fread
_CIpow
_CIfmod
longjmp
strncpy
_setjmp3
__CxxLongjmpUnwind
_errno
??0exception@@QAE@ABQBD@Z
wcscoll
_wcsicoll
_wtoi64
_wsopen
_commit
_get_osfhandle
mktime
_lseeki64
?what@exception@@UBEPBDXZ
_wsplitpath
srand
_snprintf
fprintf
isalpha
isalnum
strncmp
tolower
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
memmove
_wcsicmp
iswdigit
wcslen
malloc
free
vswprintf
wcsstr
_wtoi
wcscmp
__CxxFrameHandler
??2@YAPAXI@Z
_close
_write
_read
_iob
_ftol
_telli64

Exports

Exports

CreateTrayClient

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/safemon/netmon.tpi
.dll windows:4 windows x86 arch:x86

050f6e7f332a25392bb8c75403876b5d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord825
ord1179
ord823
ord342
ord1248
ord1165

msvcrt

malloc
free
_vsnwprintf
_beginthreadex
wcscpy
_except_handler3
__dllonexit
_onexit
_initterm
_adjust_fdiv

kernel32

SetFilePointer
GetFileSize
VirtualAlloc
VirtualFree
ReadFile
LoadLibraryW
GetLastError
DeviceIoControl
CreateFileA
CreateFileW
GetVersionExW
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetSystemInfo
GetSystemDirectoryW
CloseHandle
FreeLibrary
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
CopyFileW
MoveFileExW
MoveFileW
DeleteFileW

user32

MessageBoxW
wsprintfW
GetActiveWindow

advapi32

CloseServiceHandle
OpenServiceW
OpenSCManagerW

shlwapi

PathAppendW
PathRemoveFileSpecW
SHSetValueW
PathRenameExtensionW
PathFindFileNameW
SHGetValueW
PathCombineW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

ShellExecuteW

Exports

Exports

CreateTrayClient

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360/uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/dmcl.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsplugin.dll
.dll windows:4 windows x86 arch:x86

214e6840266876a8fd4e8310469c01cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
lstrcmpiA
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileAttributesExA
MoveFileExA
DeleteFileA
SuspendThread
Module32NextW
Module32FirstW
FindClose
GetProcAddress
GetModuleHandleA
Thread32Next
Thread32First
Sleep
GlobalFree
lstrcpyA
FreeLibrary
LoadLibraryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemWindowsDirectoryA
OpenProcess
TerminateProcess
GetLongPathNameA
GetCurrentProcess
OpenThread
CloseHandle

user32

FindWindowA
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegEnumValueA
RegOpenKeyExA
OpenProcessToken

shlwapi

PathFileExistsA
PathAppendA
PathRemoveFileSpecA
PathRemoveBackslashA
PathCombineA
StrChrA
StrCmpNA

psapi

GetModuleFileNameExA
EnumProcesses
GetModuleBaseNameA
EnumProcessModules

msvcrt

_wcsicmp
fopen
fclose
_vsnprintf
_except_handler3
memset
_mbslwr
_mbscmp
strchr

Exports

Exports

CheckCompSoft
GetCID
KillLeakFixer
KillProcess
RegVer2IniVer
RemoveCompSoft
RemoveCompSoft2

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 421B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/AlgorithmLib.dll
.dll windows:5 windows x86 arch:x86

9cca28177a7262e93390179ed1fb2217

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
DisableThreadLibraryCalls
DeleteFileW
SetFileAttributesW
WideCharToMultiByte
CreateDirectoryW
SystemTimeToFileTime
GlobalAlloc
GlobalFree
SetFilePointer
ReadFile
lstrcmpA
LocalFileTimeToFileTime
MultiByteToWideChar
lstrlenA
lstrcpyA
GetLastError
CreateDirectoryA
CloseHandle
IsBadReadPtr
GetCurrentDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
CreateFileA
CreateFileW
DuplicateHandle
GetCurrentProcess
lstrcmpiA
SetFileTime
WriteFile
FileTimeToSystemTime
GetLocalTime
GetFileSize
GetFileInformationByHandle
lstrlenW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
FindClose
FindNextFileW
FindFirstFileW
lstrcpyW
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
TerminateProcess
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap

user32

GetDesktopWindow

Exports

Exports

??0CAes@@QAE@AAV0@@Z
??0CAes@@QAE@PAVDQWORD@@W4etMode@0@W4etDirection@0@W4etKeyLength@0@@Z
??0CAes@@QAE@XZ
??0CAesWrap@@QAE@HH@Z
??0CLiteZip@@QAE@XZ
??0CSha1@@QAE@XZ
??0THash@@QAE@PAEH@Z
??0THash@@QAE@XZ
??0THash@@QAE@_K@Z
??0THmac@@QAE@AAV0@@Z
??0THmac@@QAE@XZ
??1CAes@@QAE@XZ
??1CAesWrap@@QAE@XZ
??1CLiteZip@@QAE@XZ
??1CSha1@@QAE@XZ
??4CAes@@QAEAAV0@AAV0@@Z
??4CAesWrap@@QAEAAV0@ABV0@@Z
??4CLiteZip@@QAEAAV0@ABV0@@Z
??4CSha1@@QAEAAV0@ABV0@@Z
??4THash@@QAEAAV0@ABV0@@Z
??4THmac@@QAEAAV0@AAV0@@Z
??4THmac@@QAEAAV0@AAVTHash@@@Z
??HTHash@@QAEAAV0@AAV0@@Z
?AddDir@CLiteZip@@QAEKPA_W@Z
?Extract@CLiteZip@@QAEKPA_W0@Z
?Extract@CLiteZip@@QAEKPA_W@Z
?GetKey@CAesWrap@@QAEPAEXZ
?GetKeyHash2@CSha1@@QAE?AVDQWORD@@PAEH@Z
?GetKeyHash@CSha1@@QAEPAVDQWORD@@PAEH@Z
?GetSalt@CAesWrap@@QAEPAEXZ
?GetWrap@CAesWrap@@QAEPAEXZ
?Hmac@THash@@QAEPAVTHmac@@XZ
?Init@CAes@@QAEXPAVDQWORD@@W4etMode@1@W4etDirection@1@W4etKeyLength@1@@Z
?KeyHash@THash@@QAEPAVDQWORD@@XZ
?SetIV@CAes@@QAEXPAVDQWORD@@@Z
?UnWrap@CAesWrap@@QAEHPAX00@Z
?Wrap@CAesWrap@@QAEXPAX00@Z
?Xblock@CAes@@QAEHPAVDQWORD@@0K@Z
?m_aoKeyWrapA@CAesWrap@@0PAEA
GetAlgorithmInterface
SHA1Final
SHA1Init
SHA1Transform
SHA1Update
adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibVersion

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/EfiMon.sys
.sys windows:5 windows x86 arch:x86

e255878f84db8d1a1b600c266d42b97f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\building\efimon_sys\objfre_w2K_x86\i386\EfiMon.pdb

Imports

ntoskrnl.exe

ExFreePool
ZwQueryValueKey
ExAllocatePoolWithTag
wcslen
RtlInitUnicodeString
ZwReadFile
ZwQueryInformationFile
IoCreateFile
ZwClose
ZwQueryKey
ZwOpenKey
ZwCreateKey
NtBuildNumber
PsGetVersion
KeSetEvent
KeWaitForSingleObject
ExQueueWorkItem
KeInitializeEvent
ZwLoadDriver
IofCompleteRequest
IofCallDriver
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ZwQuerySystemInformation
MmUserProbeAddress
MmIsAddressValid
ZwFlushKey
ZwDeleteKey
ZwSetValueKey
RtlAppendUnicodeStringToString
SeSinglePrivilegeCheck
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/EfiProc.dll
.dll windows:4 windows x86 arch:x86

8a13fb436dc19f441577e082e8d99c0f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
CreateFileA
DeviceIoControl
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetCurrentProcess
OutputDebugStringA
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

CloseServiceHandle
OpenSCManagerA
OpenServiceA
DeleteService
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegCreateKeyW
RegCloseKey
RegOpenKeyW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartServiceW
CreateServiceW
OpenSCManagerW
RegDeleteKeyW

shlwapi

PathFileExistsA
PathCombineA
SHGetValueA
SHDeleteKeyA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

EfiLoadBitmap
EfiUnloadBitmap

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SafeDriverCtrl.dll
.dll windows:5 windows x86 arch:x86

de623377fc166efce9f71b724efa10a2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\build\360mipan\Release\SafeDriverCtrl.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
GetVersionExW
GetVersion
GetCurrentProcess
GetProcAddress
GetModuleHandleW
WaitForSingleObject
CreateMutexW
ReleaseMutex
LoadLibraryW
FreeLibrary
WideCharToMultiByte
GetLocalTime
FlushFileBuffers
SetFilePointer
SetEndOfFile
SetFilePointerEx
GetVolumeInformationW
GetVolumePathNameW
DeleteFileW
WriteFile
GetTickCount
GetModuleFileNameW
SetLastError
InterlockedDecrement
lstrlenW
Process32FirstW
MultiByteToWideChar
DebugBreak
OutputDebugStringW
lstrlenA
InterlockedIncrement
CreateProcessW
WritePrivateProfileStringW
DefineDosDeviceW
LoadLibraryA
GetWindowsDirectoryW
GetSystemDirectoryW
SetFileAttributesW
GetFileAttributesW
CopyFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
CloseHandle
FreeEnvironmentStringsW
Process32NextW
DeviceIoControl
CreateFileW
GetLastError
Sleep
GetLocaleInfoW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetEnvironmentStrings
QueryDosDeviceW
FreeEnvironmentStringsA
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedExchange
SetConsoleCtrlHandler
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
VirtualFree
VirtualAlloc
GetFileSize
ReadFile
LoadLibraryExW
GetConsoleCP
GetConsoleMode
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
ExitProcess
GetFileType
CreateFileA
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
HeapCreate
HeapDestroy
FatalAppExitA
HeapReAlloc
GetModuleFileNameA

user32

EnumWindows
GetClassNameW
SendMessageW
IsIconic
ShowWindow
SetForegroundWindow
BringWindowToTop
FindWindowW
CharNextW
wvsprintfW
SendMessageTimeoutW
PostMessageW
GetActiveWindow
MessageBoxW

advapi32

OpenServiceW
DeleteService
QueryServiceStatusEx
ControlService
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceW
CreateServiceW

shell32

SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
ord165

oleaut32

SysFreeString

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW

Exports

Exports

CheckPrivateKey
CreateMipanFile
GetImageFileInformation
GetImageFileKey
GetImageFileVersion
GetSafeDriverCtrlInterface
InstallSys
IsProcessRunning
SetImageFileInformation
SetImageFileKey
SetImageFileVersion
UnloadAll

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce928fde4597fcf5a0df8d3d7203f05e

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

netapi32

wintrust

crypt32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

5b53e28f658d69c835c3e142c03fb75f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

comctl32

msimg32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 664KB - Virtual size: 660KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 28KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 48KB - Virtual size: 46KB

1d50a8793d3908b34fddcdbe8de92dc6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 664KB - Virtual size: 660KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 28KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 46KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 250KB - Virtual size: 249KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 620KB - Virtual size: 619KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 84KB - Virtual size: 101KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 52KB - Virtual size: 50KB