ddaac9c4d8c962de9e410fb27e703fe0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ddaac9c4d8c962de9e410fb27e703fe0_JaffaCakes118
Size

3.9MB
MD5

ddaac9c4d8c962de9e410fb27e703fe0
SHA1

c1a745e047a64c51ff09d71718a7a308c97d4aad
SHA256

1889ea6d288457e7b61a38b80d67f3c365c3a22711be5d8e4e0174baf7e37ca6
SHA512

9a8a9fb18193d7d9ec34a54d419bd30a1ab3d40536db52396cf0ecaec0202bfa2f0aad17a085f97e1f728f86d20dff51768cce5dac65b086ff07492f88fe471a
SSDEEP

98304:7F4+G+Q/XD0hGQhDQKjHEmZLgRcwXAI5DhS1a:BdQwhG8DQKjHEmWRcwXAI51S1a

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/$PLUGINSDIR/md5dll.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/$PLUGINSDIR/md5dll.dll	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/IpConfig.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/SimpleFC.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack002/$PLUGINSDIR/md5dll.dll
unpack003/out.upx

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/youxihe_install.exe	nsis_installer_1
static1/unpack001/youxihe_install.exe	nsis_installer_2

Files

ddaac9c4d8c962de9e410fb27e703fe0_JaffaCakes118
.rar
youxihe_install.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:c6:c2:df:ff:73:d5:ea:fa:72:f6:17:a6:6e:9c:24:0a:d8:fb:d4
Signer

Actual PE Digest

a1:c6:c2:df:ff:73:d5:ea:fa:72:f6:17:a6:6e:9c:24:0a:d8:fb:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Dir.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IpConfig.dll
.dll windows:5 windows x86 arch:x86

a9988f98d52a3c7d16228f87844f85ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Visual Studio\NSIS Plugins\IpConfig\Output\Plugins\IpConfig.pdb

Imports

kernel32

lstrcpynA
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
MultiByteToWideChar
GlobalFree
lstrcpyA
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetLastError
lstrlenA
WideCharToMultiByte
HeapFree
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
HeapAlloc
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfA

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
SysAllocStringLen
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

Exports

Exports

GetAllNetworkAdaptersIDs
GetAllNetworkAdaptersIDsCB
GetDNSSuffixSearchList
GetEnabledNetworkAdaptersIDs
GetEnabledNetworkAdaptersIDsCB
GetHostName
GetNetworkAdapterConnectionID
GetNetworkAdapterConnectionSpecificDNSSuffix
GetNetworkAdapterDHCPLeaseExpires
GetNetworkAdapterDHCPLeaseObtained
GetNetworkAdapterDHCPServer
GetNetworkAdapterDNSServers
GetNetworkAdapterDNSServersCB
GetNetworkAdapterDefaultIPGateways
GetNetworkAdapterDefaultIPGatewaysCB
GetNetworkAdapterDescription
GetNetworkAdapterIDFromDescription
GetNetworkAdapterIDFromIPAddress
GetNetworkAdapterIDFromMACAddress
GetNetworkAdapterIPAddresses
GetNetworkAdapterIPAddressesCB
GetNetworkAdapterIPSubNets
GetNetworkAdapterIPSubNetsCB
GetNetworkAdapterMACAddress
GetNetworkAdapterPrimaryWINSServer
GetNetworkAdapterSecondaryWINSServer
GetNetworkAdapterType
GetNodeType
GetPrimaryDNSSuffix
IsIPRoutingEnabled
IsNetworkAdapterAutoSense
IsNetworkAdapterDHCPEnabled
IsWINSProxyEnabled

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleFC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddApplication
AddPort
AdvAddRule
AdvExistsRule
AdvRemoveRule
AllowDisallowExceptionsNotAllowed
AllowDisallowIcmpInboundEchoRequest
AllowDisallowIcmpInboundMaskRequest
AllowDisallowIcmpInboundRouterRequest
AllowDisallowIcmpInboundTimestampRequest
AllowDisallowIcmpOutboundDestinationUnreachable
AllowDisallowIcmpOutboundPacketTooBig
AllowDisallowIcmpOutboundParameterProblem
AllowDisallowIcmpOutboundSourceQuench
AllowDisallowIcmpOutboundTimeExceeded
AllowDisallowIcmpRedirect
AreExceptionsNotAllowed
AreNotificationsEnabled
EnableDisableApplication
EnableDisableFirewall
EnableDisableNotifications
EnableDisablePort
IsApplicationAdded
IsApplicationEnabled
IsFirewallEnabled
IsFirewallServiceRunning
IsIcmpTypeAllowed
IsPortAdded
IsPortEnabled
RemoveApplication
RemovePort
RestoreDefaults
StartStopFirewallService

Sections

CODE
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/introduce.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/option.ini
1322AppFix.exe
.exe windows:5 windows x86 arch:x86

3dea0c0b73b19c520ba2d44b38734b5e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:4c:af:ce:da:a9:82:38:a8:3e:55:0e:f6:e9:5f:c2:d6:8a:ad:9a
Signer

Actual PE Digest

90:4c:af:ce:da:a9:82:38:a8:3e:55:0e:f6:e9:5f:c2:d6:8a:ad:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4399\Bin\Release\1322AppFix.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
InitializeCriticalSectionAndSpinCount
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoW
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA

shell32

ord43
ShellExecuteW

shlwapi

PathFileExistsW

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1322PluginFix.exe
.exe windows:5 windows x86 arch:x86

7f24ec6fc7438a52167ad2f40a1fe007

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:ed:79:94:6a:ad:57:f6:8c:b8:5a:76:47:39:f0:9a:7c:30:31:17
Signer

Actual PE Digest

1a:ed:79:94:6a:ad:57:f6:8c:b8:5a:76:47:39:f0:9a:7c:30:31:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4399\Bin\Release\1322PluginFix.pdb

Imports

trace

WriteLog
AiSetDefaultLogDir

kernel32

HeapAlloc
SetEndOfFile
GetACP
FormatMessageW
SetThreadPriority
GetCurrentDirectoryW
FreeResource
ExitProcess
DosDateTimeToFileTime
SystemTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
InterlockedDecrement
InterlockedIncrement
GetLocalTime
TlsGetValue
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
TlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CreateMutexW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapFree
GetStringTypeW
GetStringTypeA
ReadFile
LoadLibraryA
GetModuleHandleA
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
VirtualAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
GetCurrentThreadId
ExitThread
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
GetProcessHeap
DeleteCriticalSection
SetFilePointer
GetFileSize
GetCurrentProcessId
GetLastError
CloseHandle
GetModuleFileNameW
FreeLibrary
LoadLibraryW
TerminateProcess
GetNativeSystemInfo
SetLastError
GetCurrentProcess
GetModuleHandleW
GetVersionExW
WideCharToMultiByte
OpenProcess
MoveFileW
GetWindowsDirectoryW
TerminateThread
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedCompareExchange
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
GetProcAddress
LockResource
SizeofResource
Sleep
WaitForMultipleObjects
ResetEvent
CreateEventW
CopyFileW
DeleteFileW
SetEvent
WriteFile
GetTickCount
CreateFileW
GetLocaleInfoA

user32

ClientToScreen
SetCaretPos
HideCaret
ShowCaret
CreateCaret
CharNextW
IntersectRect
SetCursor
GetSysColor
SetRect
CharPrevW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
MsgWaitForMultipleObjectsEx
GetCaretPos
DrawTextW
FindWindowW
SetForegroundWindow
GetWindowRect
SetWindowPos
SetWindowLongW
GetWindowLongW
InflateRect
OffsetRect
MessageBoxW
SetWindowRgn
PeekMessageW
CallMsgFilterW
GetQueueStatus
WaitMessage
UnregisterClassW
FillRect
PostQuitMessage
TranslateMessage
DispatchMessageW
PostMessageW
IsZoomed
IsIconic
MoveWindow
GetDesktopWindow
GetWindow
GetParent
CreateWindowExW
DefWindowProcW
RegisterClassExW
SetPropW
RemovePropW
GetPropW
SendMessageW
GetKeyState
DestroyWindow
ReleaseDC
GetDC
CallWindowProcW
GetClassInfoExW
RegisterClassW
GetClientRect
SetFocus
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetCursorPos
GetMessageW
GetFocus
SetTimer
IsWindow
KillTimer
SetCapture
ReleaseCapture
PtInRect
ShowWindow
EnableWindow
GetMonitorInfoW
LoadCursorW
GetSystemMetrics
LoadImageW
MonitorFromWindow

gdi32

SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
CreatePen
GetStockObject
GetObjectW
GetTextExtentPoint32W
SetStretchBltMode
BitBlt
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
TextOutW
RestoreDC
Rectangle
SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
GetObjectA
GetDeviceCaps
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
CreateDIBSection
SetBkColor
CreateFontIndirectW
StretchBlt

advapi32

RegCloseKey
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
ord680

ole32

CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

winmm

timeEndPeriod
timeGetTime

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipFree
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusShutdown
GdiplusStartup
GdipCloneBrush
GdipDrawString
GdipAlloc
GdipDeleteBrush

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

wininet

InternetErrorDlg
InternetReadFileExA
InternetQueryOptionW
HttpAddRequestHeadersW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetSetOptionW
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetSetStatusCallbackW
InternetCloseHandle
HttpQueryInfoW

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z.dll
.dll windows:4 windows x86 arch:x86

71fc45db7a81ce236f432a828a4e8fcd

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:a2:d8:7c:d3:a7:81:e3:39:12:f8:d3:d3:51:b3:7b:68:c3:69:b4
Signer

Actual PE Digest

30:a2:d8:7c:d3:a7:81:e3:39:12:f8:d3:d3:51:b3:7b:68:c3:69:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysFreeString
SysAllocStringByteLen

user32

CharLowerW
CharUpperA
CharNextA
CharPrevExA
CharUpperW
CharLowerA

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
realloc
memcmp
_purecall
strlen
free
malloc
memmove
_CxxThrowException
memcpy
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zMgr.dll
.dll windows:5 windows x86 arch:x86

49593a4bf5e7b3729d4d3c64e30389fa

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:e4:d0:35:18:03:af:e1:f8:86:3d:3d:b3:14:fc:7f:66:80:21:39
Signer

Actual PE Digest

eb:e4:d0:35:18:03:af:e1:f8:86:3d:3d:b3:14:fc:7f:66:80:21:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\4399\Bin\Release\7zMgr.pdb

Imports

kernel32

CreateEventW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
SetEvent
GetProcAddress
GetVersionExW
Sleep
TerminateThread
ResetEvent
SetThreadPriority
ResumeThread
GetDiskFreeSpaceExW
GetLastError
ReadFile
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
CreateFileW
SetFileTime
SetFileAttributesW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileSize
SetFilePointer
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetModuleHandleA

user32

CharUpperW

shell32

SHFileOperationW

oleaut32

VariantClear
SysAllocString

Exports

Exports

CancelDeCompress
ExtractFile

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BoxDownMgr.exe
.exe windows:5 windows x86 arch:x86

c9e4c4767df4cc3bbde900333b60c43a

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:0e:c6:57:24:df:57:10:a4:65:e7:01:58:cc:6b:f3:f0:45:4e:7e
Signer

Actual PE Digest

5c:0e:c6:57:24:df:57:10:a4:65:e7:01:58:cc:6b:f3:f0:45:4e:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4399\Bin\Release\BoxDownMgr.pdb

Imports

libp2p

_BOX_SetHttpNumPerTask@8
ord13
ord8
ord17
ord11
ord12
ord16
ord5
_BOX_SetLogFunc@4
ord1
ord21
ord2
_BOX_SetGlobalSpeedLimit@8
ord10

ipc

IPCCleanup
IPCStartup
ChannelCreate
ChannelDestroy
ChannelWaitForEvent
ChannelGetRecvPacket
ChannelSendResponse
DestroySharePacket
ChannelGetDisconnect
ChannelSendRequest
ChannelSendRequestSync
IPCIsActive

trace

WriteLogA
AiSetDefaultLogDirA
SessionLog

kernel32

GetStringTypeExA
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetShortPathNameA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileSizeEx
SetErrorMode
TerminateProcess
TlsGetValue
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapReAlloc
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapSize
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
LocalAlloc
GetModuleHandleW
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
MoveFileA
lstrcmpiA
InterlockedIncrement
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
LoadLibraryA
lstrcmpW
GetProcAddress
GetVersionExA
SetLastError
CopyFileA
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
lstrlenW
GetCurrentProcessId
ReleaseMutex
GetCurrentThreadId
DeleteFileA
lstrlenA
GetFileSize
MultiByteToWideChar
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
GetModuleFileNameA
WaitForMultipleObjects
ResetEvent
CreateEventA
WriteFile
CreateFileA
OutputDebugStringA
CreateThread
TerminateThread
WaitForSingleObject
SetEvent
GetModuleHandleA
InterlockedCompareExchange
CreateMutexA
InterlockedExchange
CloseHandle
Sleep
GetLastError
GetTickCount
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalFlags
GlobalReAlloc
UnhandledExceptionFilter

user32

PostThreadMessageA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
DestroyIcon
CharUpperA
SendNotifyMessageA
DrawTextA
TabbedTextOutA
FillRect
GetMenuItemInfoA
ShowOwnedPopups
ValidateRect
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
IsZoomed
LoadCursorA
DestroyCursor
SetCursorPos
SetCapture
ReleaseDC
GetDC
ClientToScreen
InflateRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetWindowThreadProcessId
SetCursor
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
BeginDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
MessageBoxA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetDesktopWindow
GetActiveWindow
UnregisterClassA
LockWindowUpdate
GetDCEx
WindowFromPoint
GetSysColorBrush
CountClipboardFormats
SetActiveWindow
CreateDialogIndirectParamA
IsClipboardFormatAvailable
SetRect
MessageBeep
SetWindowRgn
DrawIcon
EndPaint
BeginPaint
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
IsWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
DefWindowProcA
GetWindowLongA
AppendMenuA
CreatePopupMenu
ScreenToClient
GetCursorPos
GetClientRect
SendMessageA
GetLastInputInfo
GetClassNameA
GetForegroundWindow
KillTimer
GetClassInfoA
SetTimer
SetWindowLongA
PostMessageA
EnableWindow
GetWindowDC
GrayStringA
EndDeferWindowPos
DrawTextExA
GetMessageTime

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteObject
GetCharWidthA
CreateFontA
DeleteDC
CreatePatternBrush
SetViewportOrgEx
ScaleViewportExtEx
GetTextExtentPoint32A
DPtoLP
LPtoDP
Ellipse
SetRectRgn
CombineRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetViewportExtEx
Escape
TextOutA
RectVisible
PtVisible
GetTextMetricsA
SelectObject
PatBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetStockObject
CreateEllipticRgn
CreateSolidBrush
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
ExtTextOutA
BitBlt
CreateFontIndirectA
CreateRectRgnIndirect
StretchDIBits
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
GetFileSecurityA
SetFileSecurityA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueA

shell32

SHGetSpecialFolderPathA
SHCreateDirectoryExA
DragFinish
DragAcceptFiles
ExtractIconA
SHGetFileInfoA
DragQueryFileA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA
PathFileExistsA
StrStrIA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

oledlg

ord3
ord4
ord8
ord11

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
CoCreateInstance
CLSIDFromString
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeEx
OleGetClipboard
OleSetMenuDescriptor
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleLockRunning
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
OleSave
CreateFileMoniker
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CLSIDFromProgID
OleFlushClipboard

oleaut32

SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysStringLen

wsock32

WSASetLastError
connect
sendto
recvfrom
htonl
shutdown
WSAAsyncSelect
WSAGetLastError
htons
bind
ioctlsocket
send
gethostbyname
select
socket
accept
closesocket
WSACleanup
WSAStartup
recv

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetSetStatusCallback
InternetCloseHandle
HttpQueryInfoA
InternetReadFile

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BoxUI.exe
.exe windows:5 windows x86 arch:x86

1d0547c44e0468f8b083485dc27c6d2b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:1d:d3:2e:cd:a0:f0:1c:2a:79:c9:9d:63:b8:42:3b:ca:cd:ad:77
Signer

Actual PE Digest

b0:1d:d3:2e:cd:a0:f0:1c:2a:79:c9:9d:63:b8:42:3b:ca:cd:ad:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4399\Bin\Release\BoxUI.pdb

Imports

ipc

DestroySharePacket
ChannelSendResponse
ChannelGetRecvPacket
ChannelGetDisconnect
ChannelDestroy
ChannelCreate
IPCStartup
IPCIsActive
ChannelSendRequest
ChannelSendRequestSync
ChannelWaitForEvent
IPCCleanup

trace

WriteLog
AiSetDefaultLogDir

kernel32

CreateFileMappingW
MapViewOfFile
CreateProcessW
UnmapViewOfFile
CreateSemaphoreA
lstrcmpiW
RaiseException
LoadLibraryExW
OpenMutexW
GetFileSizeEx
GetLocalTime
SystemTimeToFileTime
GetFileTime
TerminateProcess
GetVersionExW
GetCurrentProcess
GetProcessId
GetFullPathNameW
OpenProcess
GetVolumeInformationW
SetSystemPowerState
SetFilePointer
GetACP
FormatMessageW
GetCommandLineW
LocalFree
CreateFileA
GetSystemDirectoryW
lstrcatW
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetUnhandledExceptionFilter
GetSystemInfo
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
IsDebuggerPresent
CreateThread
GetFullPathNameA
HeapReAlloc
CreateMutexW
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
UnlockFile
LockFile
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
LoadLibraryW
GetSystemTime
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetCurrentDirectoryW
ExitProcess
DosDateTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
GetModuleHandleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
UnhandledExceptionFilter
HeapSize
GetProcAddress
FreeLibrary
WriteFile
GetTickCount
GetCurrentThreadId
GetExitCodeProcess
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedCompareExchange
Sleep
InterlockedExchange
InterlockedIncrement
ResumeThread
SetThreadPriority
GetDriveTypeW
GetLogicalDriveStringsW
LeaveCriticalSection
EnterCriticalSection
CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
SetEvent
InitializeCriticalSection
OutputDebugStringW
GlobalFree
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
SetLastError
FindClose
FindNextFileW
RemoveDirectoryW
SetFileAttributesW
CopyFileW
GetFileAttributesW
FindFirstFileW
WideCharToMultiByte
WritePrivateProfileStringW
GetPrivateProfileStringW
TerminateThread
WaitForSingleObject
ReadFile
GetFileSize
lstrlenA
MultiByteToWideChar
GetDiskFreeSpaceExW
GetWindowsDirectoryW
CloseHandle
CreateFileW
MoveFileExW
MoveFileW
lstrlenW
GetModuleFileNameW
GetLastError
GetCurrentProcessId
DeleteFileW
GetTempPathW

user32

WaitMessage
GetQueueStatus
CallMsgFilterW
PeekMessageW
MsgWaitForMultipleObjectsEx
ExitWindowsEx
BringWindowToTop
MessageBoxW
wsprintfW
GetWindowThreadProcessId
WaitForInputIdle
IntersectRect
MonitorFromWindow
GetMonitorInfoW
UnregisterClassW
MapVirtualKeyW
EndPaint
SetCaretPos
IsRectEmpty
GetMessageW
GetFocus
SetCapture
ReleaseCapture
OffsetRect
InflateRect
LoadImageW
GetSystemMetrics
RegisterClassW
CallWindowProcW
GetKeyState
GetKeyNameTextW
GetUpdateRect
PostMessageW
GetPropW
DestroyWindow
InvalidateRect
IsWindowVisible
KillTimer
SetActiveWindow
SetFocus
GetCursorPos
DrawTextW
BeginPaint
MapWindowPoints
GetParent
GetWindow
CharNextW
LoadCursorW
SetCursor
GetWindowRect
PtInRect
SetTimer
MessageBeep
GetWindowTextW
GetWindowTextLengthW
EnableWindow
SetLayeredWindowAttributes
MoveWindow
SetWindowLongW
GetWindowLongW
SystemParametersInfoW
ClientToScreen
ShowWindow
IsZoomed
IsIconic
SetWindowRgn
IsWindow
UnregisterHotKey
PostQuitMessage
TranslateMessage
DispatchMessageW
FindWindowExW
AllowSetForegroundWindow
SetForegroundWindow
ScreenToClient
RegisterHotKey
SetWindowPos
SetPropW
GetClassInfoExW
DefWindowProcW
RegisterClassExW
CreateWindowExW
SetWindowTextW
SendMessageW
LoadIconW
GetClientRect
FillRect
SetRect
CharPrevW
CreateCaret
ShowCaret
HideCaret
GetSysColor
GetCaretPos
InvalidateRgn
CreateAcceleratorTableW
FindWindowW
GetDC
UpdateLayeredWindow
ReleaseDC

gdi32

CreateRoundRectRgn
CreateSolidBrush
GetObjectW
GetStockObject
CreateFontIndirectW
CreatePen
CreateCompatibleBitmap
SaveDC
CreateDIBSection
RestoreDC
Rectangle
SetWindowOrgEx
GetTextMetricsW
GetObjectA
SelectClipRgn
GetClipBox
ExtSelectClipRgn
DeleteObject
SetStretchBltMode
SetBkColor
ExtTextOutW
CreatePenIndirect
MoveToEx
LineTo
RoundRect
GetCharABCWidthsW
TextOutW
GetDeviceCaps
SelectObject
DeleteDC
CreateRectRgnIndirect
CombineRgn
SetBkMode
GetTextExtentPoint32W
StretchBlt
CreateCompatibleDC
BitBlt
SetTextColor

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegEnumValueW
RegQueryValueExW
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ord43
SHCreateDirectoryExW
SHFileOperationW
ShellExecuteExW
SHChangeNotify
CommandLineToArgvW
ord165

ole32

CoCreateGuid
CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
StringFromGUID2

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantClear

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusShutdown
GdipDrawString
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipDeleteStringFormat

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

shlwapi

StrStrIA
UrlIsW
PathFileExistsW
PathIsDirectoryW
PathStripPathW
StrStrIW
PathMakeSystemFolderW
PathFindFileNameW
PathRemoveBackslashW
PathRemoveFileSpecW

wininet

InternetSetStatusCallbackW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetGetConnectedState
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW
FindFirstUrlCacheEntryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

Exports

Exports

?SendHttpQuestA@@YAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@HHHH@Z
?SendHttpQuestW@@YAXABV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@std@@HHHH@Z
InitSendStatus
UninitSendStatus

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BoxWebPage.exe
.exe windows:5 windows x86 arch:x86

638c5afcc3b71e063f2f8d3e1daf332e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:d6:f7:5e:2a:43:8c:4a:98:45:8b:84:9c:7e:d0:c1:a5:77:31:bc
Signer

Actual PE Digest

cb:d6:f7:5e:2a:43:8c:4a:98:45:8b:84:9c:7e:d0:c1:a5:77:31:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4399\Bin\Release\BoxWebPage.pdb

Imports

ipc

ChannelSendRequestSync
ChannelSendRequest
ChannelGetDisconnect
DestroySharePacket
ChannelSendResponse
ChannelGetRecvPacket
ChannelWaitForEvent
ChannelDestroy
ChannelCreate
IPCStartup
IPCIsActive
IPCCleanup

mhook

?Mhook_SetHook@@YAHPAPAXPAX@Z

gbhook

SetSpeed
EnableFlashBGVisible
EnableSound
SetCookieHook

trace

AiSetDefaultLogDir
WriteLog

kernel32

MapViewOfFile
UnmapViewOfFile
InterlockedCompareExchange
Sleep
InterlockedExchange
WideCharToMultiByte
GetCurrentThreadId
SetLastError
LocalFree
TerminateProcess
GetCurrentProcessId
GlobalAlloc
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
GlobalAddAtomW
DeleteFileW
CreateFileW
GetFileSizeEx
LoadLibraryW
GetVersionExW
WaitForSingleObject
FindFirstFileW
FindClose
GetFileSize
ReadFile
SetFilePointer
WriteFile
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetUnhandledExceptionFilter
GetTickCount
GetSystemInfo
FileTimeToSystemTime
GetCommandLineW
GetACP
FormatMessageW
CreateEventW
SetEvent
ResetEvent
GetProcessHeap
HeapFree
HeapAlloc
SetEndOfFile
SetThreadPriority
TerminateThread
WaitForMultipleObjects
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleHandleA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
IsValidCodePage
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
VirtualProtect
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FlushInstructionCache
GetCurrentProcess
FreeLibrary
lstrlenA
MultiByteToWideChar
GetLastError
CloseHandle
InterlockedIncrement
InterlockedDecrement
CreateProcessW
LoadLibraryExW
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW

user32

GetPropW
TranslateMessage
DispatchMessageW
CharLowerBuffW
CharUpperBuffW
FindWindowW
RegisterClassExW
DefWindowProcW
GetParent
PostMessageW
CreateWindowExW
SetWindowLongW
LoadCursorW
GetClassInfoExW
IsWindow
MessageBoxW
SetForegroundWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
GetQueueStatus
WaitMessage
UnregisterClassW
CharNextW
DestroyWindow
PostQuitMessage
GetWindowLongW
SendMessageW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
BeginPaint
EndPaint
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetTimer
KillTimer
SetCapture
UnregisterClassA
SetFocus
GetWindow
IsChild
GetDlgItem
GetClassNameW
GetSysColor
DestroyAcceleratorTable
GetFocus
FillRect
GetDesktopWindow
CreateAcceleratorTableW
ReleaseCapture
RegisterWindowMessageW
SetPropW
RemovePropW
FindWindowExW
CallWindowProcW

gdi32

SetDIBColorTable
SelectObject
CreateDIBSection
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
GetObjectW
GetDeviceCaps

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegDeleteKeyW
RegCloseKey

shell32

CommandLineToArgvW
ord165
SHGetSpecialFolderPathW

ole32

CoInitialize
OleUninitialize
OleInitialize
OleLockRunning
StringFromGUID2
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
VariantInit
DispCallFunc
OleCreateFontIndirect
VariantChangeType
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
SysStringLen
VarUI4FromStr

shlwapi

UrlGetPartW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
UrlIsW

urlmon

CoInternetSetFeatureEnabled

wininet

InternetOpenW
InternetCanonicalizeUrlW
HttpOpenRequestW
HttpSendRequestW
InternetGetCookieW
InternetSetCookieW
InternetConnectW
InternetCrackUrlW
InternetReadFileExA
HttpQueryInfoW
InternetCloseHandle
InternetSetStatusCallbackW
HttpAddRequestHeadersW
InternetSetOptionW
InternetQueryOptionW
InternetErrorDlg

winmm

timeGetTime
timeEndPeriod

gdiplus

GdipFree
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipSaveImageToFile
GdipAlloc
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BugCollector.exe
.exe windows:5 windows x86 arch:x86

2302766a3a015ec7119611bbf32185a5

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:d1:80:3e:dc:8c:13:e6:2a:2a:82:33:21:b2:db:ab:df:da:06:37
Signer

Actual PE Digest

1f:d1:80:3e:dc:8c:13:e6:2a:2a:82:33:21:b2:db:ab:df:da:06:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4399\Bin\Release\BugCollector.pdb

Imports

kernel32

GetFileTime
GetStartupInfoW
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
RtlUnwind
RaiseException
Sleep
ExitProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
GetFileSizeEx
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
FileTimeToSystemTime
GetThreadLocale
lstrlenA
GlobalFlags
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleA
InterlockedDecrement
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
MulDiv
WriteFile
SetFilePointer
ReadFile
CreateFileW
GetFileSize
CreateFileA
WideCharToMultiByte
LocalFree
GetCommandLineW
CloseHandle
WaitForSingleObject
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
OutputDebugStringW
MultiByteToWideChar

user32

RegisterClipboardFormatW
PostThreadMessageW
ReleaseCapture
SetCapture
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
EnableMenuItem
UnregisterClassW
CharUpperW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
SetFocus
CheckMenuItem
GetWindowRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadBitmapW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow
PostMessageW

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
ScaleWindowExtEx
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
CreateRectRgnIndirect
GetObjectW
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
PtVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteW

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

urlmon

FindMimeFromData

wininet

InternetConnectW
InternetOpenW
HttpEndRequestW
InternetWriteFile
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
InternetGetConnectedState
HttpSendRequestExW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CatchScreen.exe
.exe windows:5 windows x86 arch:x86

6d3299fa58ec94410ca34214e29464ce

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:38:67:bc:d4:dc:db:63:56:9e:12:d8:f1:96:cd:13:31:b5:ec:19
Signer

Actual PE Digest

12:38:67:bc:d4:dc:db:63:56:9e:12:d8:f1:96:cd:13:31:b5:ec:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4399\Bin\Release\CatchScreen.pdb

Imports

kernel32

ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
Sleep
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapReAlloc
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
GetStartupInfoW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
WritePrivateProfileStringW
GlobalFlags
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetThreadLocale
InterlockedIncrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetCurrentProcessId
GetModuleHandleA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
WideCharToMultiByte
FormatMessageW
LocalFree
lstrlenW
MulDiv
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleW
GetProfileIntW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalFree
GlobalUnlock
WriteFile
GlobalLock
GlobalAlloc
GetTempPathW
LockResource
CreateFileW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
CloseHandle
InterlockedExchange
LeaveCriticalSection
GetOEMCP
EnterCriticalSection

user32

RegisterClipboardFormatW
PostThreadMessageW
UnregisterClassW
WindowFromPoint
DestroyMenu
SetWindowContextHelpId
MapDialogRect
CharNextW
TranslateMessage
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
PostQuitMessage
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetMenu
SetForegroundWindow
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
ReleaseCapture
EqualRect
SetCapture
GetCapture
SetRectEmpty
DispatchMessageW
GetMessageW
GetSysColorBrush
ClientToScreen
FillRect
CopyRect
OffsetRect
InflateRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharUpperW
IsWindow
GetParent
SetWindowLongW
GetWindowLongW
SetMenuItemBitmaps
AppendMenuW
LoadBitmapW
CreatePopupMenu
SetWindowPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseDC
GetDC
IsRectEmpty
ScreenToClient
UpdateWindow
IsWindowVisible
DrawIcon
IsIconic
SendMessageW
LoadIconW
GetSystemMetrics
SetRect
InvalidateRect
GetKeyState
IsChild
LoadCursorW
SetCursor
KillTimer
SetTimer
PtInRect
GetWindowRect
GetCursorPos
DrawTextW
GetClientRect
EnableWindow
LoadImageW
GetDlgItem

gdi32

GetWindowExtEx
SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetViewportExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
SetROP2
MoveToEx
LineTo
DeleteDC
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreatePen
PatBlt
UnrealizeObject
CreatePatternBrush
CreateBitmap
CreateSolidBrush
Polygon
GetTextExtentPoint32W
SetDIBits
FillRgn
CreatePolygonRgn
Ellipse
Rectangle
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetDeviceCaps
CreateDCW
CreateFontIndirectW
CreateFontW
CreateRectRgn
CreateCompatibleBitmap
GetObjectW
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
BitBlt
CreateCompatibleDC

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipFree
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusStartup
GdipGetImageEncodersSize

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GBHook.dll
.dll windows:5 windows x86 arch:x86

428327503c18cd1b5ef0d427b0d4e946

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:c9:db:39:7a:4d:d3:2d:7a:9e:0f:a8:9d:b3:c9:87:5f:97:c2:f9
Signer

Actual PE Digest

25:c9:db:39:7a:4d:d3:2d:7a:9e:0f:a8:9d:b3:c9:87:5f:97:c2:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\4399\Bin\Release\GBHook.pdb

Imports

mhook

?Mhook_Unhook@@YAHPAPAX@Z
?Mhook_SetHook_RET@@YAHPAPAXPAX@Z
?Mhook_SetHook_JMP_ABS@@YAHPAPAXPAX@Z
?Mhook_SetHook@@YAHPAPAXPAX@Z

trace

WriteLog

kernel32

GetModuleHandleW
GetLastError
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary
CreateFileMappingW
CreateFileMappingA
GetCurrentProcessId
LoadLibraryW
WriteProcessMemory
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventW
WaitForSingleObject
CloseHandle
DeleteCriticalSection
ResetEvent
SetEvent
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetProcAddress
SetLastError
GetWindowsDirectoryW
GetVersionExW
Sleep
CreateFileW
TerminateProcess
ReadFile
SetFilePointer
WriteFile
CompareStringA
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetSystemTimeAsFileTime
SleepEx
GetSystemTime
GetLocalTime
QueryPerformanceCounter
GetTickCount
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryExW
GetModuleHandleA
GetStringTypeA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
HeapSize
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
ExitProcess
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
RaiseException

user32

SetTimer

gdi32

RectVisible

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord165

ole32

CoCreateInstance
CoInitializeEx
PropVariantClear

shlwapi

PathFileExistsW
UrlGetPartA

wininet

HttpQueryInfoA
InternetSetStatusCallbackW
InternetQueryOptionW
InternetConnectW
HttpOpenRequestW
HttpOpenRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestA
HttpSendRequestW
InternetGetCookieExW
InternetGetCookieExA
InternetSetCookieExW
InternetSetCookieExA
InternetGetCookieW
InternetGetCookieA
InternetSetCookieW
InternetSetCookieA
InternetSetOptionW
InternetOpenW
InternetOpenA
InternetConnectA
InternetCloseHandle

winmm

timeSetEvent
waveOutWrite
midiStreamOut
timeGetTime

ntdll

RtlCreateHeap
RtlAllocateHeap
_strlwr
_wcsicmp
RtlUnwind
NtClose
NtQueryObject
NtOpenFile
NtCreateFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtDeleteFile
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtQueryInformationProcess
RtlInitUnicodeString
RtlFreeHeap

Exports

Exports

EnableFlashBGVisible
EnableGameMoreOpen
EnableSound
HookRedirect
InitProxy
SetCookieHook
SetPathMap
SetProxyNotUseSetting
SetProxyUseIESetting
SetProxyUseMySetting
SetSpeed
UnInitProxy
UnSetCookieHook

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameRecognition.ini
GameRecognition.xml
IPC.dll
.dll windows:5 windows x86 arch:x86

157cd76aee8223bc1a87277ee8ba05d9

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:96:48:61:ef:4a:82:36:fb:f0:af:c8:32:bb:ba:9c:d4:74:da:65
Signer

Actual PE Digest

10:96:48:61:ef:4a:82:36:fb:f0:af:c8:32:bb:ba:9c:d4:74:da:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\4399\Bin\Release\IPC.pdb

Imports

kernel32

CreateSemaphoreA
CloseHandle
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
WaitForMultipleObjects
ResumeThread
CreateMutexA
OpenMutexA
CreateFileMappingA
GetLastError
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
ReleaseMutex
OpenSemaphoreA
LCMapStringW
LCMapStringA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

user32

TranslateMessage
PeekMessageW
PostQuitMessage
DispatchMessageW

Exports

Exports

ChannelClose
ChannelCreate
ChannelDestroy
ChannelGetDisconnect
ChannelGetRecvPacket
ChannelSend
ChannelSendRequest
ChannelSendRequestSync
ChannelSendResponse
ChannelWaitForEvent
CreateSharePacket
DestroySharePacket
IPCCheckActive
IPCCleanup
IPCGetName
IPCIsActive
IPCStartup
IPCTryCleanup
ShareMemoryConnect
ShareMemoryCreate
ShareMemoryDestroy
ShareMemoryDisconnect
ShareMemoryGetData
ShareMemoryGetName
ShareMemoryGetSize
ShareMemoryIsValid
ShareMemoryOpen

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LibP2P.dll
.dll windows:5 windows x86 arch:x86

f64e61519bc561f9888bdc777800c22e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:2e:ff:09:c4:02:8b:49:56:e5:59:88:64:58:d0:c0:94:08:67:33
Signer

Actual PE Digest

c7:2e:ff:09:c4:02:8b:49:56:e5:59:88:64:58:d0:c0:94:08:67:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\4399\Bin\Release\LibP2P.pdb

Imports

ws2_32

inet_addr
WSACleanup
ntohl
inet_ntoa
shutdown
WSASetLastError
recvfrom
sendto
setsockopt
socket
accept
listen
bind
getsockname
connect
recv
send
closesocket
ioctlsocket
WSAGetLastError
gethostbyname
gethostname
select
ntohs
htons
htonl
WSAStartup

wininet

InternetGetCookieA

kernel32

CreateFileW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
GetModuleFileNameA
GetTickCount
InterlockedIncrement
InterlockedDecrement
CopyFileA
MoveFileA
Sleep
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
CloseHandle
SetFilePointer
GetLastError
ReadFile
WriteFile
FlushFileBuffers
CreateFileA
SetEndOfFile
GetFileSize
GetOverlappedResult
GetProcessHeap
WaitForSingleObject
CreateMutexA
GetCurrentThreadId
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
GetOEMCP
GetVolumeInformationA
GetLocalTime
GetFileTime
CompareFileTime
ResetEvent
CreateEventA
TerminateThread
SetEvent
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateDirectoryA
GetDiskFreeSpaceExA
FindFirstFileA
FindNextFileA
FindClose
GlobalMemoryStatus
GetCurrentThread
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
VirtualFree
HeapDestroy
HeapCreate
HeapAlloc
GetCommandLineA
CreateThread
CompareStringA
CompareStringW
GetFileAttributesA
SetEnvironmentVariableA
ExitThread
HeapFree
GetConsoleMode
GetConsoleCP
GetStdHandle
IsValidCodePage
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetACP

user32

IsWindow
SetTimer
EnumThreadWindows
PostMessageA
GetDlgItem
GetWindowTextA
GetClassNameA
KillTimer
SendMessageA

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear
VariantInit

iphlpapi

GetIfEntry
GetBestInterface
GetAdaptersInfo

rpcrt4

UuidCreate

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

?BOX_IsIntialized@@YGHXZ
BOX_ClearMakeThreads
BOX_CreateConfiguration
BOX_DeleteDownload
BOX_FreeArray
BOX_FreeMem
BOX_GetDefaultProfile
BOX_GetDownloadInfo
BOX_GetFinishedBitField
BOX_GetJobProfile
BOX_GetMemoryUsage
BOX_GetPreferrence
BOX_GetTorrentInfo
BOX_Initialize
BOX_IsJobActive
BOX_MakeTorrent
BOX_PackMemoryPool
BOX_ParseTorrent
BOX_ParseTorrentFile
BOX_RegisterCallback
BOX_SetBitTorrentId
BOX_SetDefaultProfile
BOX_SetDownloadFlags
BOX_SetDownloadPath
BOX_SetJobProfile
BOX_SetJobTrackers
BOX_SetPreferrence
BOX_StartDownload
BOX_StartDownloadByHandle
BOX_StartDownloadByTorrent
BOX_StopDownload
BOX_Uninitialize
_BOX_AddProxy@4
_BOX_CoreInfo@4
_BOX_FindProxyByName@8
_BOX_GetPeerCount@16
_BOX_GetPeerInfo@16
_BOX_SetBITSFlags@16
_BOX_SetBITSProfile@16
_BOX_SetBITSProfileAll@12
_BOX_SetBITSReseedTime@4
_BOX_SetGlobalSpeedLimit@8
_BOX_SetHttpNumPerTask@8
_BOX_SetLogFunc@4
_BOX_SetProxyActive@8
_BOX_UpdateProxy@8

Sections

.text
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiveUpdate.exe
.exe windows:5 windows x86 arch:x86

511a67dfb5ec86afe09bb0518773a172

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:b1:a6:67:0f:8c:8c:be:4c:0a:e0:28:8d:94:52:f7:b1:62:95:5e
Signer

Actual PE Digest

52:b1:a6:67:0f:8c:8c:be:4c:0a:e0:28:8d:94:52:f7:b1:62:95:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4399\Bin\Release\LiveUpdate.pdb

Imports

kernel32

TerminateProcess
ReadFile
GetCommandLineW
LocalFree
GetACP
TlsGetValue
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
TlsFree
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
ResumeThread
lstrlenA
LoadLibraryW
GetCurrentDirectoryW
GetTickCount
FreeResource
ExitProcess
DosDateTimeToFileTime
SystemTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
InterlockedCompareExchange
Sleep
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
GetModuleHandleA
LCMapStringA
VirtualAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
LCMapStringW
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetModuleFileNameA
RtlUnwind
GetStartupInfoW
CreateThread
GetCurrentThreadId
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
WriteConsoleA
SetLastError
GetExitCodeProcess
GetCurrentProcess
GetProcAddress
InterlockedExchange
CreateMutexW
GetLastError
CloseHandle
GetModuleFileNameW
GetVersionExW
FormatMessageW
WideCharToMultiByte
GetSystemTime
GetCurrentProcessId
GetLocalTime
GetStdHandle
FreeConsole
WaitForMultipleObjects
TerminateThread
SetThreadPriority
WaitForSingleObject
lstrlenW
GetTempPathW
DeleteFileW
GetModuleHandleW
SetEndOfFile
SetFilePointer
SizeofResource
GetFileSize
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
ResetEvent
SetEvent
CreateFileW
CreateEventW
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
OpenSemaphoreW
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource

user32

MessageBoxW
SetWindowRgn
SetCursor
CreateCaret
OffsetRect
HideCaret
SetCaretPos
ClientToScreen
GetSysColor
GetCaretPos
FillRect
ShowCaret
PostQuitMessage
TranslateMessage
DispatchMessageW
GetDesktopWindow
CreateWindowExW
PostMessageW
DefWindowProcW
IsZoomed
IsIconic
CharNextW
IntersectRect
DrawTextW
SetRect
CharPrevW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
InflateRect
RegisterClassExW
SetPropW
RemovePropW
GetPropW
CallWindowProcW
GetClassInfoExW
MoveWindow
GetWindowRect
GetWindowLongW
GetWindow
GetParent
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
GetQueueStatus
WaitMessage
KillTimer
UnregisterClassW
SetTimer
DestroyWindow
SendMessageW
RegisterClassW
LoadCursorW
GetSystemMetrics
LoadImageW
GetKeyState
ReleaseDC
GetDC
GetClientRect
SetWindowPos
SetWindowLongW
SetFocus
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetCursorPos
GetFocus
IsWindow
SetCapture
ReleaseCapture
PtInRect
MonitorFromWindow
GetMonitorInfoW
EnableWindow
ShowWindow

gdi32

SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetTextMetricsW
GetStockObject
GetObjectW
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetObjectA
CreateRoundRectRgn
GetDeviceCaps
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
CreateDIBSection
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
CreatePen
CreateFontIndirectW
RoundRect

advapi32

FreeSid
RegOpenKeyExW
RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

shell32

ord165
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW

ole32

CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shlwapi

PathAppendW
PathFileExistsW
StrStrIA
PathFindFileNameW

winmm

timeEndPeriod
timeGetTime

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipFree
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusShutdown
GdiplusStartup
GdipCloneBrush
GdipDrawString
GdipAlloc
GdipDeleteBrush

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

wininet

InternetOpenUrlW
InternetCrackUrlW
InternetCanonicalizeUrlW
HttpQueryInfoW
InternetErrorDlg
InternetReadFileExA
InternetQueryOptionW
InternetSetOptionW
HttpAddRequestHeadersW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetSetStatusCallbackW
InternetOpenW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

Exports

Exports

?SendHttpQuestA@@YAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@HHHH@Z
?SendHttpQuestW@@YAXABV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@std@@HHHH@Z
InitSendStatus
UninitSendStatus

Sections

.text
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mhook.dll
.dll windows:5 windows x86 arch:x86

8b0cab8feac45acac4586d5c6c28d50e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:5d:1e:8a:7b:6c:36:44:8d:84:09:38:2f:1c:f9:94:a0:3e:7e:1c
Signer

Actual PE Digest

41:5d:1e:8a:7b:6c:36:44:8d:84:09:38:2f:1c:f9:94:a0:3e:7e:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\4399\Bin\Release\Mhook.pdb

Imports

kernel32

GetThreadContext
VirtualQuery
GetCurrentProcess
GetModuleHandleW
GetCurrentThread
VirtualFree
InitializeCriticalSection
Sleep
LeaveCriticalSection
SetThreadPriority
FlushInstructionCache
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualProtectEx
OpenThread
GetSystemInfo
GetThreadPriority
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
WriteProcessMemory
SuspendThread
ResumeThread
CreateFileA
HeapSize
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetLastError
LoadLibraryW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
HeapFree
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
MultiByteToWideChar
SetFilePointer
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlCreateHeap
RtlUnwind

Exports

Exports

?Mhook_SetHook@@YAHPAPAXPAX@Z
?Mhook_SetHook_JMP_ABS@@YAHPAPAXPAX@Z
?Mhook_SetHook_RET@@YAHPAPAXPAX@Z
?Mhook_Unhook@@YAHPAPAX@Z
_AiFree@4
_AiMalloc@4

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NewPatchInfo.xml
Skin/Blue.data
.zip
AboutBox.png
.png
AboutBox.xml
.xml
AccelerateMenu.xml
.xml
Button.png
.png
ClearCache.png
.png
ClearCache.xml
.xml
CloseTips.png
.png
CloseTips.xml
.xml
CustomAcc.png
.png
CustomAccelerate.xml
.xml
CustomLoadMode.png
.png
CustomLoadMode.xml
.xml
DefauleItemPic.png
.png
DefaultLayout.xml
.xml
DownFinishTips.png
.png
DownFinishedTips.xml
.xml
DownInfoItem.xml
.xml
DownLoadMng.png
.png
FinishGameItem.png
.png
FinishGameItem.xml
.xml
GameBox.png
.png
GameBox.xml
.xml
GameLayout.xml
.xml
GameList.png
.png
GameSelect.png
.png
Game_Expand.png
.png
Game_Sort.png
.png
MessageBoxEx.png
.png
MessageBoxEx.xml
.xml
NetLayout.xml
PluginFrame.png
.png
PluginFrame.xml
.xml
PluginItem.xml
.xml
QuitFullScreen.xml
.xml
SearchExpand.xml
.xml
SearchItem.xml
.xml
SetMenu.xml
.xml
SettingFrame.png
.png
SettingFrame.xml
.xml
SkinWnd.png
.png
SkinWnd.xml
.xml
SubAccount.png
.png
SubAccount.xml
.xml
TaskLayout.xml
.xml
TinyGame.png
.png
TinyGame.xml
.xml
TinyGameItem.xml
.xml
TipsDialog.png
.png
TipsDialog.xml
.xml
ToolBar.png
.png
TopMenu.xml
.xml
TrayMenu.png
.png
TrayMenu.xml
.xml
VScrollBar.png
.png
WebGame.png
.png
WebGame.xml
.xml
WebGameItem.png
.png
WebGameItem.xml
.xml
WebWnd.xml
.xml
menu.png
.png
Skin/Default.data
.zip
AboutBox.png
.png
AboutBox.xml
.xml
AccelerateMenu.xml
.xml
Button.png
.png
ClearCache.png
.png
ClearCache.xml
.xml
CloseTips.png
.png
CloseTips.xml
.xml
CustomAcc.png
.png
CustomAccelerate.xml
.xml
CustomLoadMode.png
.png
CustomLoadMode.xml
.xml
DefauleItemPic.png
.png
DefaultLayout.xml
.xml
DownFinishTips.png
.png
DownFinishedTips.xml
.xml
DownInfoItem.xml
.xml
DownLoadMng.png
.png
FinishGameItem.png
.png
FinishGameItem.xml
.xml
GameBox.png
.png
GameBox.xml
.xml
GameLayout.xml
.xml
GameList.png
.png
GameSelect.png
.png
Game_Expand.png
.png
Game_Sort.png
.png
MessageBoxEx.png
.png
MessageBoxEx.xml
.xml
NetLayout.xml
PluginFrame.png
.png
PluginFrame.xml
.xml
PluginItem.xml
.xml
QuitFullScreen.xml
.xml
SearchExpand.xml
.xml
SearchItem.xml
.xml
SetMenu.xml
.xml
SettingFrame.png
.png
SettingFrame.xml
.xml
SkinWnd.png
.png
SkinWnd.xml
.xml
SubAccount.png
.png
SubAccount.xml
.xml
TaskLayout.xml
.xml
TinyGame.png
.png
TinyGame.xml
.xml
TinyGameItem.xml
.xml
TipsDialog.png
.png
TipsDialog.xml
.xml
ToolBar.png
.png
TopMenu.xml
.xml
TrayMenu.png
.png
TrayMenu.xml
.xml
VScrollBar.png
.png
WebGame.png
.png
WebGame.xml
.xml
WebGameItem.png
.png
WebGameItem.xml
.xml
WebWnd.xml
.xml
menu.png
.png
Skin/Light.data
.zip
AboutBox.png
.png
AboutBox.xml
.xml
AccelerateMenu.xml
.xml
Button.png
.png
ClearCache.png
.png
ClearCache.xml
.xml
CloseTips.png
.png
CloseTips.xml
.xml
CustomAcc.png
.png
CustomAccelerate.xml
.xml
CustomLoadMode.png
.png
CustomLoadMode.xml
.xml
DefauleItemPic.png
.png
DefaultLayout.xml
.xml
DownFinishTips.png
.png
DownFinishedTips.xml
.xml
DownInfoItem.xml
.xml
DownLoadMng.png
.png
FinishGameItem.png
.png
FinishGameItem.xml
.xml
GameBox.png
.png
GameBox.xml
.xml
GameLayout.xml
.xml
GameList.png
.png
GameSelect.png
.png
Game_Expand.png
.png
Game_Sort.png
.png
MessageBoxEx.png
.png
MessageBoxEx.xml
.xml
NetLayout.xml
PluginFrame.png
.png
PluginFrame.xml
.xml
PluginItem.xml
.xml
QuitFullScreen.xml
.xml
SearchExpand.xml
.xml
SearchItem.xml
.xml
SetMenu.xml
.xml
SettingFrame.png
.png
SettingFrame.xml
.xml
SkinWnd.png
.png
SkinWnd.xml
.xml
SubAccount.png
.png
SubAccount.xml
.xml
TaskLayout.xml
.xml
TinyGame.png
.png
TinyGame.xml
.xml
TinyGameItem.xml
.xml
TipsDialog.png
.png
TipsDialog.xml
.xml
ToolBar.png
.png
TopMenu.xml
.xml
TrayMenu.png
.png
TrayMenu.xml
.xml
VScrollBar.png
.png
WebGame.png
.png
WebGame.xml
.xml
WebGameItem.png
.png
WebGameItem.xml
.xml
WebWnd.xml
.xml
menu.png
.png
Trace.dll
.dll windows:5 windows x86 arch:x86

95f3ec00d439e1906cc7817e9b6ad95b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:cb:ee:5a:6f:0f:b3:33:82:03:84:ce:5d:14:88:fc:7c:07:00:a4
Signer

Actual PE Digest

60:cb:ee:5a:6f:0f:b3:33:82:03:84:ce:5d:14:88:fc:7c:07:00:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\4399\Bin\Release\Trace.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeConsole
GetStdHandle
WriteFile
GetLocalTime
GetCurrentProcessId
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
lstrlenA
FormatMessageW
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
GetLastError
HeapFree
CloseHandle
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
CreateFileW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
ReadFile
CreateFileA
GetModuleHandleA

shell32

ord165

shlwapi

PathFileExistsW

Exports

Exports

AISetDebugLevel
AIShowTheError
AiGetDefaultLogDir
AiSetDefaultLogDir
AiSetDefaultLogDirA
SessionLog
WriteLog
WriteLogA
makeCompilerHappyWithFloatPoint

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
np1322Plugin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

4186ac3d0ba58b2b1042d02f493f5720

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:ab:ba:60:df:e2:ca
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

16/05/2013, 20:16

Not After

18/05/2014, 17:02

Subject

CN=四三九九网络股份有限公司,O=四三九九网络股份有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0c626f7840343339392e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:85:5f:83:2a:e0:fd:67:d0:ca:fa:8a:7e:46:c7:e1:b6:19:c7:f7
Signer

Actual PE Digest

a3:85:5f:83:2a:e0:fd:67:d0:ca:fa:8a:7e:46:c7:e1:b6:19:c7:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\4399\Bin\Release\np1322Plugin.pdb

Imports

kernel32

EnterCriticalSection
DisableThreadLibraryCalls
lstrcmpiW
DeleteCriticalSection
WideCharToMultiByte
GetCurrentProcess
WaitForSingleObject
CloseHandle
SetLastError
Sleep
DeleteFileW
GetFullPathNameW
CreateFileW
TerminateProcess
GetCurrentProcessId
GetFileSize
ReadFile
SetFilePointer
WriteFile
GetFullPathNameA
HeapReAlloc
CreateFileA
CreateMutexW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
LockFile
GetProcAddress
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
LoadLibraryW
FormatMessageW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetLastError
RaiseException
GetModuleHandleA
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
SetEnvironmentVariableA
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
GetCurrentThreadId

user32

CharNextW
SetWindowLongW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc

oleaut32

LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
PathFindFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
使用说明.url
极速软件下载.url
.url

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

1e:ab:ba:60:df:e2:caCertificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

a1:c6:c2:df:ff:73:d5:ea:fa:72:f6:17:a6:6e:9c:24:0a:d8:fb:d4Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 6KB - Virtual size: 6KB

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

a9988f98d52a3c7d16228f87844f85ea

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:9d:f8:8e
Certificate

1e:ab:ba:60:df:e2:ca
Certificate

3d
Certificate

a1:c6:c2:df:ff:73:d5:ea:fa:72:f6:17:a6:6e:9c:24:0a:d8:fb:d4
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

CODE
Size: 148KB - Virtual size: 148KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 470B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 144B

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate