ebb3f78e5d40a1123dfae5f5fa599375_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebb3f78e5d40a1123dfae5f5fa599375_JaffaCakes118
Size

1.3MB
MD5

ebb3f78e5d40a1123dfae5f5fa599375
SHA1

a30bb2d8cdc1368a9ac4df909e8a63b13beb366e
SHA256

9aaecb9fe62d29bdeee11de6bb475e6d9e27860205809a041b62e84c99679497
SHA512

0e6bee93c96f97ab958573ad683c431c008b4d052d70b1f3c12f7b97b9cd8425b1995180fed9fab721a6df65d0b6f297b9faad4e1ea6b9d73b910629d0bc0428
SSDEEP

24576:vAptxkh1NvEVKkiPYwYuxFwZ7KXakPpFxbxwS0G7vhAXBnPUTLOlsUS35qsiPY+c:etxwG/wYuocjPbxmsvhUVlsUgqsOB8jN

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/processwork.dll
unpack002/lib/sqlite3.dll
unpack002/lib/xmlparse.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/xiaomo.exe	nsis_installer_1
static1/unpack001/xiaomo.exe	nsis_installer_2

Files

ebb3f78e5d40a1123dfae5f5fa599375_JaffaCakes118
.rar
xiaomo.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/03/2010, 00:00

Not After

16/03/2012, 23:59

Subject

CN=Beijing Xinen Technology Ltd,O=Beijing Xinen Technology Ltd,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:a1:03:53:62:16:ee:98:46:65:22:8f:94:75:64:cd:e4:4d:71:f2
Signer

Actual PE Digest

34:a1:03:53:62:16:ee:98:46:65:22:8f:94:75:64:cd:e4:4d:71:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/processwork.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CloseProcess
ExistsProcess
KillProcess
QuitProcess

Sections

CODE
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 47B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/update.exe
.exe windows:4 windows x86 arch:x86

5e604100943cc14e7b48109dae8bf6f3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/03/2010, 00:00

Not After

16/03/2012, 23:59

Subject

CN=Beijing Xinen Technology Ltd,O=Beijing Xinen Technology Ltd,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:ab:81:6c:60:be:30:3c:8c:4b:28:e8:4b:c1:58:5e:54:fc:7f:20
Signer

Actual PE Digest

76:ab:81:6c:60:be:30:3c:8c:4b:28:e8:4b:c1:58:5e:54:fc:7f:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

kernel32

OpenProcess
LocalFree
FormatMessageA
CopyFileA
WinExec
GetModuleFileNameA
MoveFileExA
Sleep
WritePrivateProfileStringA
GetTickCount
TerminateProcess
WaitForSingleObject
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetFileAttributesA
GetVersionExA
DeviceIoControl
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
MoveFileA
FindFirstFileA
DeleteFileA
RemoveDirectoryA
FindNextFileA
FindClose
CreateDirectoryA
CreateMutexA
GetLastError
ReleaseMutex
InterlockedExchange
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetEnvironmentStringsW
CloseHandle
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
SetStdHandle
GetStartupInfoA
GetStdHandle
SetHandleCount
SetEndOfFile
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
RtlUnwind
SetUnhandledExceptionFilter
GetCPInfo
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCommandLineA
GetCurrentProcess
GetModuleHandleA
ExitProcess
SetFilePointer
WriteFile
ReadFile
GetFileType
HeapFree
HeapAlloc
RaiseException

user32

MessageBoxA
EnumWindows
PostMessageA
SendMessageTimeoutA
GetWindowThreadProcessId

advapi32

RegQueryValueExA
RegCloseKey
ControlService
OpenServiceA
QueryServiceStatus
OpenSCManagerA
CloseServiceHandle
RegOpenKeyExA

ws2_32

select
socket
getprotobyname
closesocket
send
connect
htons
gethostbyname
gethostname
WSACleanup
recv
setsockopt
WSAStartup
inet_addr
WSAGetLastError

netapi32

Netbios

xmlparse

??0TiXmlDeclaration@@QAE@PBD00@Z
?LinkEndChild@TiXmlNode@@QAEPAV1@PAV1@@Z
??0TiXmlElement@@QAE@PBD@Z
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
?SaveFile@TiXmlDocument@@QBE_NPBD@Z
??1TiXmlDocument@@UAE@XZ
?Print@TiXmlDeclaration@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlDeclaration@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?StreamOut@TiXmlDeclaration@@MBEXPAVTiXmlOutStream@@@Z
?ToDocument@TiXmlNode@@UAEPAVTiXmlDocument@@XZ
?ToDocument@TiXmlNode@@UBEPBVTiXmlDocument@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
??0TiXmlDocument@@QAE@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlDeclaration@@UAEPAV1@XZ
?ToDeclaration@TiXmlDeclaration@@UBEPBV1@XZ
?Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ
?Print@TiXmlElement@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlElement@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?StreamOut@TiXmlElement@@MBEXPAVTiXmlOutStream@@@Z
?ToElement@TiXmlElement@@UAEPAV1@XZ
?ToElement@TiXmlElement@@UBEPBV1@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
??1TiXmlElement@@UAE@XZ
??1TiXmlDeclaration@@UAE@XZ
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?GetText@TiXmlElement@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?LoadFile@TiXmlDocument@@QAE_NPBDW4TiXmlEncoding@@@Z
?SetAttribute@TiXmlElement@@QAEXPBDH@Z
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ

cabinet

ord20
ord21
ord23
ord22

wininet

InternetGetCookieA

Sections

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/webos.exe
.exe windows:4 windows x86 arch:x86

c19194e4ff7f2a4fc75e5f4378971669

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/03/2010, 00:00

Not After

16/03/2012, 23:59

Subject

CN=Beijing Xinen Technology Ltd,O=Beijing Xinen Technology Ltd,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:f9:3f:ac:9c:f8:b9:b8:e7:09:4e:c2:fd:37:d2:91:0a:0b:32:30
Signer

Actual PE Digest

8e:f9:3f:ac:9c:f8:b9:b8:e7:09:4e:c2:fd:37:d2:91:0a:0b:32:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
SetLastError
lstrcpynA
SetEvent
WaitForSingleObject
ResetEvent
CreateEventA
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
CreateMutexA
GetLastError
ReadFile
WriteFile
DuplicateHandle
GetCurrentProcess
CreatePipe
GetExitCodeProcess
TerminateProcess
CreateProcessA
SetHandleInformation
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThreadId
FindNextFileA
FreeEnvironmentStringsA
WritePrivateProfileStringA
InitializeCriticalSection
GetEnvironmentStrings
Sleep
ExitThread
CreateThread
GetTickCount
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
ResumeThread
GetTimeZoneInformation
GetVersionExA
GetSystemInfo
SetConsoleTextAttribute
GetStdHandle
GetModuleFileNameA
lstrcmpA
HeapFree
HeapAlloc
SetConsoleCtrlHandler
SetConsoleMode
OpenMutexA
lstrcpyA
SetFilePointer
FlushFileBuffers
GetFullPathNameA
FindFirstFileA
FindClose
GetFileSize
CreateFileA
CloseHandle
GetFileAttributesA
DeleteFileA
FreeLibrary
LoadLibraryA
GetProcAddress
SetEndOfFile
GetLocaleInfoW
SetStdHandle
CompareStringW
CompareStringA
GetOEMCP
GetACP
SetEnvironmentVariableW
IsBadCodePtr
IsBadReadPtr
GetCurrentProcessId
QueryPerformanceCounter
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
VirtualQuery
VirtualProtect
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
ExitProcess
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
InterlockedExchange
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetSystemTimeAsFileTime
HeapReAlloc
GetCurrentDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetModuleHandleA
GetCommandLineA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
SetServiceStatus
StartServiceA

ws2_32

WSAEnumNetworkEvents
WSACreateEvent
inet_ntoa
gethostbyname
gethostname
send
getpeername
accept
bind
listen
htons
recv
ioctlsocket
socket
WSAGetLastError
WSAStartup
WSAWaitForMultipleEvents
WSACloseEvent
shutdown
closesocket
WSAEventSelect
WSACleanup

Sections

.text
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
etc/ModuleList.xml
.xml
etc/language.ini
home/htdocs/bookmark/BookMark.dll
.dll windows:4 windows x86 arch:x86

db76ab22b58cc5a605d489b471e18593

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/03/2010, 00:00

Not After

16/03/2012, 23:59

Subject

CN=Beijing Xinen Technology Ltd,O=Beijing Xinen Technology Ltd,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:42:4b:4f:81:cb:98:99:e9:9b:97:23:d1:ef:a7:0e:4c:50:f9:99
Signer

Actual PE Digest

24:42:4b:4f:81:cb:98:99:e9:9b:97:23:d1:ef:a7:0e:4c:50:f9:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
SetNamedSecurityInfoA
SetEntriesInAclA
AllocateAndInitializeSid
GetNamedSecurityInfoA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyExA
RegEnumValueA

kernel32

GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
FindClose
FindFirstFileA
GetPrivateProfileStringA
CloseHandle
ReadFile
GetFileSize
GetLastError
CreateFileA
GetCurrentDirectoryA
HeapFree
GetProcessHeap
WaitForSingleObject
WriteFile
HeapAlloc
CreateProcessA
GetStartupInfoA
WritePrivateProfileStringA
CreateDirectoryA
DuplicateHandle
GetCurrentProcess
CreatePipe
DeleteFileA
WritePrivateProfileStringW
GetPrivateProfileIntA
Sleep
GetPrivateProfileStringW
LocalFree
WinExec
CreateThread
CopyFileA
FindNextFileW
FindFirstFileW
GetFileAttributesExA
GetPrivateProfileSectionW
ReleaseMutex
SetLastError
TerminateThread
SleepEx
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
LoadLibraryA
GetCurrentProcessId
QueryPerformanceCounter
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
HeapSize
TerminateProcess
ExitProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetOEMCP
GetACP
SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
GetCPInfo
LCMapStringW
LCMapStringA
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
SetEnvironmentVariableA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoCreateInstance
CoUninitialize
CoInitialize

xmlparse

?ToDocument@TiXmlNode@@UBEPBVTiXmlDocument@@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlDeclaration@@UAEPAV1@XZ
?ToDeclaration@TiXmlDeclaration@@UBEPBV1@XZ
?Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ
?Print@TiXmlElement@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlElement@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?StreamOut@TiXmlElement@@MBEXPAVTiXmlOutStream@@@Z
?ToElement@TiXmlElement@@UAEPAV1@XZ
?ToElement@TiXmlElement@@UBEPBV1@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
?Print@TiXmlText@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlText@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?StreamOut@TiXmlText@@MBEXPAVTiXmlOutStream@@@Z
?ToText@TiXmlText@@UAEPAV1@XZ
?ToText@TiXmlText@@UBEPBV1@XZ
?Clone@TiXmlText@@MBEPAVTiXmlNode@@XZ
?FirstChild@TiXmlNode@@QAEPAV1@XZ
?NextSibling@TiXmlNode@@QAEPAV1@XZ
?Value@TiXmlNode@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
??0TiXmlDocument@@QAE@XZ
?LoadFile@TiXmlDocument@@QAE_NPBDW4TiXmlEncoding@@@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
??1TiXmlDocument@@UAE@XZ
?GetText@TiXmlElement@@QBEPBDXZ
?StreamOut@TiXmlDeclaration@@MBEXPAVTiXmlOutStream@@@Z
?Parse@TiXmlDeclaration@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Print@TiXmlDeclaration@@UBEXPAU_iobuf@@H@Z
?SaveFile@TiXmlDocument@@QBE_NPBD@Z
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
??0TiXmlText@@QAE@PBD@Z
??0TiXmlElement@@QAE@PBD@Z
?LinkEndChild@TiXmlNode@@QAEPAV1@PAV1@@Z
??0TiXmlDeclaration@@QAE@PBD00@Z
??1TiXmlText@@UAE@XZ
??1TiXmlDeclaration@@UAE@XZ
??1TiXmlElement@@UAE@XZ
?ToDocument@TiXmlNode@@UAEPAVTiXmlDocument@@XZ

sqlite3

sqlite3_free
sqlite3_last_insert_rowid
sqlite3_open
sqlite3_bind_blob
sqlite3_bind_text16
sqlite3_bind_text
sqlite3_bind_double
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_null
sqlite3_prepare16
sqlite3_errmsg
sqlite3_mprintf
sqlite3_column_count
sqlite3_column_name16
sqlite3_column_name
sqlite3_close
sqlite3_finalize
sqlite3_column_bytes16
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_text
sqlite3_reset
sqlite3_column_int64
sqlite3_column_int
sqlite3_step
sqlite3_free_table
sqlite3_get_table
sqlite3_prepare
sqlite3_column_double

ws2_32

recv
recvfrom
WSAGetLastError
inet_ntoa
gethostbyname
gethostname
ntohs
getservbyname
accept
closesocket
shutdown
getpeername
ntohl
inet_addr
htonl
htons
bind
socket
connect
sendto
send
select
__WSAFDIsSet

wininet

HttpEndRequestA
InternetCrackUrlA
InternetOpenUrlA
HttpSendRequestExA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetWriteFile
InternetReadFile
InternetCloseHandle
HttpQueryInfoA

Exports

Exports

GetExtensionVersion
HttpExtensionProc
Load
TerminateExtension

Sections

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 372KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
home/htdocs/bookmark/WebPageSnapShot.exe
.exe windows:4 windows x86 arch:x86

1b9beb39aad6a95e067abc3760c60b24

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/03/2010, 00:00

Not After

16/03/2012, 23:59

Subject

CN=Beijing Xinen Technology Ltd,O=Beijing Xinen Technology Ltd,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c3:aa:d8:0e:f4:23:69:ec:96:b1:83:6b:56:25:19:26:fe:14:6f:5b
Signer

Actual PE Digest

c3:aa:d8:0e:f4:23:69:ec:96:b1:83:6b:56:25:19:26:fe:14:6f:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Snapshot\Release\Snapshot.pdb

Imports

kernel32

HeapFree
ExitProcess
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateFileA
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetCurrentDirectoryW
CreateFileW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFullPathNameW
GetFileTime
GetFileAttributesW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
GetVersion
GlobalGetAtomNameW
GetProfileIntW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetModuleHandleW
GetVersionExA
lstrlenA
lstrcmpiW
GetModuleFileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
InterlockedDecrement
InterlockedIncrement
SetLastError
GlobalFree
MulDiv
lstrcpyW
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCommandLineA
CreateMutexW
Sleep
GetProcAddress
ReleaseMutex
WritePrivateProfileStringW
GetEnvironmentVariableW
GetPrivateProfileStringW
LoadLibraryW
FreeLibrary
FormatMessageW
LocalFree
CreateDirectoryA
WritePrivateProfileStringA
GetModuleFileNameA
GetLastError
DeleteFileA
GetPrivateProfileStringA
DeleteFileW
GetPrivateProfileIntA
GetTickCount
WideCharToMultiByte
FindFirstFileW
FindClose
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
QueryPerformanceCounter
InterlockedExchange

user32

CharUpperW
CharNextW
GetSysColorBrush
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
ValidateRect
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetParent
GetSystemMenu
DeleteMenu
IsZoomed
LoadMenuW
DestroyMenu
GetActiveWindow
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
GetCursorPos
SetCursor
LoadCursorW
SetWindowRgn
DrawIcon
FindWindowW
SystemParametersInfoW
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
InflateRect
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
GetMenuItemInfoW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconW
PeekMessageW
MapWindowPoints
ScrollWindow
MessageBoxW
TrackPopupMenu
wsprintfW
GetWindowRect
GetClientRect
AdjustWindowRectEx
IsWindow
EnableWindow
SetTimer
KillTimer
UpdateWindow
UnregisterClassW
PostMessageW
GetDC
SetWindowPos
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetMenu
GetSysColor
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
LockWindowUpdate
GetDCEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
PtInRect
GetWindow
SetMenuItemBitmaps
GetParent
WindowFromPoint
SetPropW
GetSubMenu
GetMenuItemCount
GetMenuItemID
AppendMenuW
GetMenuState
CopyRect
IsRectEmpty
SetRect
OffsetRect
IntersectRect
EqualRect
CopyAcceleratorTableW
GetWindowLongW
IsWindowVisible
ReleaseDC
InvalidateRect
InvalidateRgn
SetCapture
GetFocus
GetDesktopWindow
SetFocus
ReleaseCapture
LoadBitmapW
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuW
SendMessageW

gdi32

CreateEllipticRgn
LPtoDP
Ellipse
StretchDIBits
GetCharWidthW
CreateFontW
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
CombineRgn
GetMapMode
PatBlt
GetBkColor
GetTextColor
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
SetRectRgn
SelectObject
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetRgnBox
CreateRectRgnIndirect
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
ExtTextOutW

comdlg32

PrintDlgW
GetFileTitleW
CommDlgExtendedError

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragFinish
SHGetSpecialFolderPathW
DragQueryFileW

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
CoTaskMemFree
CoDisconnectObject
RegisterDragDrop
CoLockObjectExternal
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
RevokeDragDrop
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
VariantInit
VariantCopy
SysStringLen
SystemTimeToVariantTime
SafeArrayDestroy
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
OleCreateFontIndirect
LoadTypeLi
SysAllocString

gdiplus

GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageThumbnail

wininet

InternetOpenUrlW
InternetOpenW
InternetOpenUrlA
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
home/htdocs/bookmark/blank.gif
.gif
home/htdocs/bookmark/bookmark.gif
.gif
home/htdocs/bookmark/bookmark.ini
home/htdocs/bookmark/favicon/favicon.ico
home/htdocs/bookmark/snapshot/bookmark.gif
.gif
home/htdocs/favicon.ico
home/htdocs/index.html
.html
home/htdocs/res/bookmark/images/backup.gif
.gif
home/htdocs/res/bookmark/images/restore.gif
.gif
home/htdocs/res/bookmark/images/sync.gif
.gif
home/htdocs/res/bookmark/js/xm.min.js
.js
home/htdocs/res/bookmark/template/0/saveUrl.html
.html .js polyglot
home/htdocs/res/bookmark/template/0/saveUrls.html
.html
home/htdocs/res/bookmark/template/0/searchdetail.html
home/htdocs/res/bookmark/template/0/searchhistory.html
home/htdocs/res/bookmark/template/0/searchnormal.html
home/htdocs/res/bookmark/template/0/searchpic.html
home/htdocs/res/bookmark/template/0/searchsimple.html
home/htdocs/res/bookmark/template/t0/history.html
.html .js polyglot
home/htdocs/res/bookmark/template/t0/mainindex.html
.html .js polyglot
home/htdocs/res/bookmark/template/t1/backupStore.html
home/htdocs/res/bookmark/template/t1/base.html
home/htdocs/res/bookmark/template/t1/baseHistory.html
home/htdocs/res/bookmark/template/t1/batEdit.html
home/htdocs/res/bookmark/template/t1/batEditBase.html
home/htdocs/res/bookmark/template/t1/detail.html
home/htdocs/res/bookmark/template/t1/history.html
home/htdocs/res/bookmark/template/t1/loadByPageBase.html
home/htdocs/res/bookmark/template/t1/loadUrl.html
home/htdocs/res/bookmark/template/t1/loadUrlRec.html
home/htdocs/res/bookmark/template/t1/login.html
home/htdocs/res/bookmark/template/t1/normal.html
home/htdocs/res/bookmark/template/t1/pic.html
home/htdocs/res/bookmark/template/t1/setAccount.html
home/htdocs/res/bookmark/template/t1/setSys.html
home/htdocs/res/bookmark/template/t1/simple.html
home/htdocs/res/bookmark/theme/00/home.css
home/htdocs/res/bookmark/theme/00/images/arrow.gif
.gif
home/htdocs/res/bookmark/theme/00/images/bg_tabs.gif
.gif
home/htdocs/res/bookmark/theme/00/images/bg_tags.gif
.gif
home/htdocs/res/bookmark/theme/00/images/btn_search.gif
.gif
home/htdocs/res/bookmark/theme/00/images/buttons.gif
.gif
home/htdocs/res/bookmark/theme/00/images/close.png
.png
home/htdocs/res/bookmark/theme/00/images/edit.gif
.gif
home/htdocs/res/bookmark/theme/00/images/home_btn_add.gif
.gif
home/htdocs/res/bookmark/theme/00/images/home_btn_del.gif
.gif
home/htdocs/res/bookmark/theme/00/images/home_btn_edit.gif
.gif
home/htdocs/res/bookmark/theme/00/images/icon_btn.gif
.gif
home/htdocs/res/bookmark/theme/00/images/icon_move.gif
.gif
home/htdocs/res/bookmark/theme/00/images/icons_y.gif
.gif
home/htdocs/res/bookmark/theme/00/images/pic_box.gif
.gif
home/htdocs/res/bookmark/theme/00/images/pic_box.png
.png
home/htdocs/res/bookmark/theme/00/images/reload.png
.png
home/htdocs/res/bookmark/theme/00/images/site_box_120.gif
.gif
home/htdocs/res/bookmark/theme/00/images/site_box_120_2.gif
.gif
home/htdocs/res/bookmark/theme/00/images/top_so.gif
.gif
home/htdocs/res/bookmark/theme/00/images/win.gif
.gif
home/htdocs/res/bookmark/theme/00/images/xiaomo.gif
.gif
home/htdocs/res/bookmark/theme/00/skin.ini
home/htdocs/res/bookmark/theme/00/style.css
home/htdocs/res/bookmark/theme/00/win.css
home/htdocs/res/bookmark/theme/01/images/arrow.gif
.gif
home/htdocs/res/bookmark/theme/01/images/bg_tabs.gif
.gif
home/htdocs/res/bookmark/theme/01/images/bg_tags.gif
.gif
home/htdocs/res/bookmark/theme/01/images/btn_search.gif
.gif
home/htdocs/res/bookmark/theme/01/images/buttons.gif
.gif
home/htdocs/res/bookmark/theme/01/images/close.png
.png
home/htdocs/res/bookmark/theme/01/images/edit.gif
.gif
home/htdocs/res/bookmark/theme/01/images/icon_msg.gif
.gif
home/htdocs/res/bookmark/theme/01/images/icons_y.gif
.gif
home/htdocs/res/bookmark/theme/01/images/pic_box.gif
.gif
home/htdocs/res/bookmark/theme/01/images/reload.png
.png
home/htdocs/res/bookmark/theme/01/images/top_so.gif
.gif
home/htdocs/res/bookmark/theme/01/images/win.gif
.gif
home/htdocs/res/bookmark/theme/01/images/xiaomo.gif
.gif
home/htdocs/res/bookmark/theme/01/skin.ini
home/htdocs/res/bookmark/theme/01/style.css
home/htdocs/res/bookmark/theme/01/win.css
home/htdocs/res/bookmark/theme/02/images/arrow.gif
.gif
home/htdocs/res/bookmark/theme/02/images/bg_tabs.gif
.gif
home/htdocs/res/bookmark/theme/02/images/bg_tags.gif
.gif
home/htdocs/res/bookmark/theme/02/images/btn_search.gif
.gif
home/htdocs/res/bookmark/theme/02/images/buttons.gif
.gif
home/htdocs/res/bookmark/theme/02/images/close.png
.png
home/htdocs/res/bookmark/theme/02/images/edit.gif
.gif
home/htdocs/res/bookmark/theme/02/images/icon_msg.gif
.gif
home/htdocs/res/bookmark/theme/02/images/icons_y.gif
.gif
home/htdocs/res/bookmark/theme/02/images/pic_box.gif
.gif
home/htdocs/res/bookmark/theme/02/images/reload.png
.png
home/htdocs/res/bookmark/theme/02/images/top_so.gif
.gif
home/htdocs/res/bookmark/theme/02/images/win.gif
.gif
home/htdocs/res/bookmark/theme/02/images/xiaomo.gif
.gif
home/htdocs/res/bookmark/theme/02/skin.ini
home/htdocs/res/bookmark/theme/02/style.css
home/htdocs/res/bookmark/theme/02/win.css
home/htdocs/res/bookmark/theme/03/images/arrow.gif
.gif
home/htdocs/res/bookmark/theme/03/images/bg_tabs.gif
.gif
home/htdocs/res/bookmark/theme/03/images/bg_tags.gif
.gif
home/htdocs/res/bookmark/theme/03/images/btn_search.gif
.gif
home/htdocs/res/bookmark/theme/03/images/buttons.gif
.gif
home/htdocs/res/bookmark/theme/03/images/close.png
.png
home/htdocs/res/bookmark/theme/03/images/edit.gif
.gif
home/htdocs/res/bookmark/theme/03/images/icon_msg.gif
.gif
home/htdocs/res/bookmark/theme/03/images/icons_y.gif
.gif
home/htdocs/res/bookmark/theme/03/images/pic_box.gif
.gif
home/htdocs/res/bookmark/theme/03/images/reload.png
.png
home/htdocs/res/bookmark/theme/03/images/top_so.gif
.gif
home/htdocs/res/bookmark/theme/03/images/win.gif
.gif
home/htdocs/res/bookmark/theme/03/images/xiaomo.gif
.gif
home/htdocs/res/bookmark/theme/03/skin.ini
home/htdocs/res/bookmark/theme/03/style.css
home/htdocs/res/bookmark/theme/03/win.css
home/htdocs/res/bookmark/theme/04/images/arrow.gif
.gif
home/htdocs/res/bookmark/theme/04/images/bg_tabs.gif
.gif
home/htdocs/res/bookmark/theme/04/images/bg_tags.gif
.gif
home/htdocs/res/bookmark/theme/04/images/btn_search.gif
.gif
home/htdocs/res/bookmark/theme/04/images/buttons.gif
.gif
home/htdocs/res/bookmark/theme/04/images/close.png
.png
home/htdocs/res/bookmark/theme/04/images/edit.gif
.gif
home/htdocs/res/bookmark/theme/04/images/icon_msg.gif
.gif
home/htdocs/res/bookmark/theme/04/images/icons_y.gif
.gif
home/htdocs/res/bookmark/theme/04/images/pic_box.gif
.gif
home/htdocs/res/bookmark/theme/04/images/reload.png
.png
home/htdocs/res/bookmark/theme/04/images/top_so.gif
.gif
home/htdocs/res/bookmark/theme/04/images/win.gif
.gif
home/htdocs/res/bookmark/theme/04/images/xiaomo.gif
.gif
home/htdocs/res/bookmark/theme/04/skin.ini
home/htdocs/res/bookmark/theme/04/style.css
home/htdocs/res/bookmark/theme/04/win.css
home/htdocs/res/bookmark/theme/base.css
home/htdocs/res/bookmark/theme/home.css
home/htdocs/res/language/en_US/language.ini
home/htdocs/res/language/zh_CN/language.ini
home/htdocs/res/language/zh_TW/language.ini
home/htdocs/res/search/baidu.gif
.gif
home/htdocs/res/search/baidu.xml
home/htdocs/res/search/bing.gif
.gif
home/htdocs/res/search/bing.xml
.xml
home/htdocs/res/search/google.gif
.gif
home/htdocs/res/search/google.xml
.xml
home/htdocs/res/search/yahoo.gif
.gif
home/htdocs/res/search/yahoo.xml
.xml
home/htdocs/startup_tpl.html
.html
lib/sqlite3.dll
.dll windows:4 windows x86 arch:x86

70cff164b3b0a1f033c1479cc7a5bd2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
CloseHandle
ReadFile
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
LockFileEx
GetTempPathA
GetTempPathW
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
CreateFileW
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetTimeZoneInformation
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

.text
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib/xmlparse.dll
.dll windows:4 windows x86 arch:x86

a24ccb7092c609c18e55cf3c2a0a87ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetProcAddress
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
CloseHandle
ReadFile
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
FlushFileBuffers
SetStdHandle
CreateFileA
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile

Exports

Exports

??0TiXmlAttribute@@QAE@PBD0@Z
??0TiXmlAttribute@@QAE@XZ
??0TiXmlAttributeSet@@QAE@XZ
??0TiXmlBase@@QAE@XZ
??0TiXmlComment@@QAE@ABV0@@Z
??0TiXmlComment@@QAE@XZ
??0TiXmlCursor@@QAE@XZ
??0TiXmlDeclaration@@QAE@ABV0@@Z
??0TiXmlDeclaration@@QAE@PBD00@Z
??0TiXmlDeclaration@@QAE@XZ
??0TiXmlDocument@@QAE@ABV0@@Z
??0TiXmlDocument@@QAE@PBD@Z
??0TiXmlDocument@@QAE@XZ
??0TiXmlElement@@QAE@ABV0@@Z
??0TiXmlElement@@QAE@PBD@Z
??0TiXmlHandle@@QAE@ABV0@@Z
??0TiXmlHandle@@QAE@PAVTiXmlNode@@@Z
??0TiXmlNode@@IAE@W4NodeType@0@@Z
??0TiXmlOutStream@@QAE@ABV0@@Z
??0TiXmlOutStream@@QAE@XZ
??0TiXmlString@@QAE@ABV0@@Z
??0TiXmlString@@QAE@PBD@Z
??0TiXmlString@@QAE@PBDI@Z
??0TiXmlString@@QAE@XZ
??0TiXmlText@@QAE@ABV0@@Z
??0TiXmlText@@QAE@PBD@Z
??0TiXmlUnknown@@QAE@ABV0@@Z
??0TiXmlUnknown@@QAE@XZ
??1TiXmlAttribute@@UAE@XZ
??1TiXmlAttributeSet@@QAE@XZ
??1TiXmlBase@@UAE@XZ
??1TiXmlComment@@UAE@XZ
??1TiXmlDeclaration@@UAE@XZ
??1TiXmlDocument@@UAE@XZ
??1TiXmlElement@@UAE@XZ
??1TiXmlNode@@UAE@XZ
??1TiXmlOutStream@@QAE@XZ
??1TiXmlString@@QAE@XZ
??1TiXmlText@@UAE@XZ
??1TiXmlUnknown@@UAE@XZ
??4TiXmlComment@@QAEXABV0@@Z
??4TiXmlCursor@@QAEAAU0@ABU0@@Z
??4TiXmlDeclaration@@QAEXABV0@@Z
??4TiXmlDocument@@QAEXABV0@@Z
??4TiXmlElement@@QAEXABV0@@Z
??4TiXmlHandle@@QAE?AV0@ABV0@@Z
??4TiXmlOutStream@@QAEAAV0@ABV0@@Z
??4TiXmlString@@QAEAAV0@ABV0@@Z
??4TiXmlString@@QAEAAV0@PBD@Z
??4TiXmlText@@QAEXABV0@@Z
??4TiXmlUnknown@@QAEXABV0@@Z
??6TiXmlOutStream@@QAEAAV0@ABVTiXmlString@@@Z
??6TiXmlOutStream@@QAEAAV0@PBD@Z
??8TiXmlAttribute@@QBE_NABV0@@Z
??ATiXmlString@@QBEAADI@Z
??MTiXmlAttribute@@QBE_NABV0@@Z
??OTiXmlAttribute@@QBE_NABV0@@Z
??YTiXmlString@@QAEAAV0@ABV0@@Z
??YTiXmlString@@QAEAAV0@D@Z
??YTiXmlString@@QAEAAV0@PBD@Z
??_7TiXmlAttribute@@6B@
??_7TiXmlBase@@6B@
??_7TiXmlComment@@6B@
??_7TiXmlDeclaration@@6B@
??_7TiXmlDocument@@6B@
??_7TiXmlElement@@6B@
??_7TiXmlNode@@6B@
??_7TiXmlText@@6B@
??_7TiXmlUnknown@@6B@
??_C@_00A@?$AA@
?Add@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAH@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAN@Z
?Blank@TiXmlText@@IBE_NXZ
?CDATA@TiXmlText@@QAE_NXZ
?Child@TiXmlHandle@@QBE?AV1@H@Z
?Child@TiXmlHandle@@QBE?AV1@PBDH@Z
?ChildElement@TiXmlHandle@@QBE?AV1@H@Z
?ChildElement@TiXmlHandle@@QBE?AV1@PBDH@Z
?Clear@TiXmlCursor@@QAEXXZ
?Clear@TiXmlNode@@QAEXXZ
?ClearError@TiXmlDocument@@QAEXXZ
?ClearThis@TiXmlElement@@IAEXXZ
?Clone@TiXmlComment@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlText@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlUnknown@@UBEPAVTiXmlNode@@XZ
?Column@TiXmlBase@@QBEHXZ
?ConvertUTF32ToUTF8@TiXmlBase@@KAXKPADPAH@Z
?CopyTo@TiXmlComment@@IBEXPAV1@@Z
?CopyTo@TiXmlDeclaration@@IBEXPAV1@@Z
?CopyTo@TiXmlDocument@@ABEXPAV1@@Z
?CopyTo@TiXmlElement@@IBEXPAV1@@Z
?CopyTo@TiXmlNode@@IBEXPAV1@@Z
?CopyTo@TiXmlText@@IBEXPAV1@@Z
?CopyTo@TiXmlUnknown@@IBEXPAV1@@Z
?DoubleValue@TiXmlAttribute@@QBENXZ
?Element@TiXmlHandle@@QBEPAVTiXmlElement@@XZ
?Encoding@TiXmlDeclaration@@QBEPBDXZ
?Error@TiXmlDocument@@QBE_NXZ
?ErrorCol@TiXmlDocument@@QAEHXZ
?ErrorDesc@TiXmlDocument@@QBEPBDXZ
?ErrorId@TiXmlDocument@@QBEHXZ
?ErrorRow@TiXmlDocument@@QAEHXZ
?Find@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@ABVTiXmlString@@@Z
?Find@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@ABVTiXmlString@@@Z
?First@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@XZ
?First@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@XZ
?FirstAttribute@TiXmlElement@@QAEPAVTiXmlAttribute@@XZ
?FirstAttribute@TiXmlElement@@QBEPBVTiXmlAttribute@@XZ
?FirstChild@TiXmlHandle@@QBE?AV1@PBD@Z
?FirstChild@TiXmlHandle@@QBE?AV1@XZ
?FirstChild@TiXmlNode@@QAEPAV1@PBD@Z
?FirstChild@TiXmlNode@@QAEPAV1@XZ
?FirstChild@TiXmlNode@@QBEPBV1@PBD@Z
?FirstChild@TiXmlNode@@QBEPBV1@XZ
?FirstChildElement@TiXmlHandle@@QBE?AV1@PBD@Z
?FirstChildElement@TiXmlHandle@@QBE?AV1@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@PBD@Z
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?GetChar@TiXmlBase@@KAPBDPBDPADPAHW4TiXmlEncoding@@@Z
?GetDocument@TiXmlNode@@QAEPAVTiXmlDocument@@XZ
?GetDocument@TiXmlNode@@QBEPBVTiXmlDocument@@XZ
?GetEntity@TiXmlBase@@KAPBDPBDPADPAHW4TiXmlEncoding@@@Z
?GetText@TiXmlElement@@QBEPBDXZ
?GetUserData@TiXmlBase@@QAEPAXXZ
?Identify@TiXmlNode@@IAEPAV1@PBDW4TiXmlEncoding@@@Z
?InsertAfterChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?InsertBeforeChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z
?IntValue@TiXmlAttribute@@QBEHXZ
?IsAlpha@TiXmlBase@@KAHEW4TiXmlEncoding@@@Z
?IsAlphaNum@TiXmlBase@@KAHEW4TiXmlEncoding@@@Z
?IsWhiteSpace@TiXmlBase@@KA_ND@Z
?IsWhiteSpace@TiXmlBase@@KA_NH@Z
?IsWhiteSpaceCondensed@TiXmlBase@@SA_NXZ
?IterateChildren@TiXmlNode@@QAEPAV1@PAV1@@Z
?IterateChildren@TiXmlNode@@QAEPAV1@PBDPAV1@@Z
?IterateChildren@TiXmlNode@@QBEPBV1@PBDPBV1@@Z
?IterateChildren@TiXmlNode@@QBEPBV1@PBV1@@Z
?Last@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@XZ
?Last@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@XZ
?LastAttribute@TiXmlElement@@QAEPAVTiXmlAttribute@@XZ
?LastAttribute@TiXmlElement@@QBEPBVTiXmlAttribute@@XZ
?LastChild@TiXmlNode@@QAEPAV1@PBD@Z
?LastChild@TiXmlNode@@QAEPAV1@XZ
?LastChild@TiXmlNode@@QBEPBV1@PBD@Z
?LastChild@TiXmlNode@@QBEPBV1@XZ
?LinkEndChild@TiXmlNode@@QAEPAV1@PAV1@@Z
?LoadBuffer@TiXmlDocument@@QAE_NPBDHW4TiXmlEncoding@@@Z
?LoadFile@TiXmlDocument@@QAE_NPAU_iobuf@@W4TiXmlEncoding@@@Z
?LoadFile@TiXmlDocument@@QAE_NPBDW4TiXmlEncoding@@@Z
?LoadFile@TiXmlDocument@@QAE_NW4TiXmlEncoding@@@Z
?Name@TiXmlAttribute@@QBEPBDXZ
?NameTStr@TiXmlAttribute@@QBEABVTiXmlString@@XZ
?Next@TiXmlAttribute@@QAEPAV1@XZ
?Next@TiXmlAttribute@@QBEPBV1@XZ
?NextSibling@TiXmlNode@@QAEPAV1@PBD@Z
?NextSibling@TiXmlNode@@QAEPAV1@XZ
?NextSibling@TiXmlNode@@QBEPBV1@PBD@Z
?NextSibling@TiXmlNode@@QBEPBV1@XZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@PBD@Z
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?NoChildren@TiXmlNode@@QBE_NXZ
?Node@TiXmlHandle@@QBEPAVTiXmlNode@@XZ
?Parent@TiXmlNode@@QAEPAV1@XZ
?Parent@TiXmlNode@@QBEPBV1@XZ
?Parse@TiXmlAttribute@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlComment@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlDeclaration@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlElement@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlText@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlUnknown@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Previous@TiXmlAttribute@@QAEPAV1@XZ
?Previous@TiXmlAttribute@@QBEPBV1@XZ
?PreviousSibling@TiXmlNode@@QAEPAV1@PBD@Z
?PreviousSibling@TiXmlNode@@QAEPAV1@XZ
?PreviousSibling@TiXmlNode@@QBEPBV1@PBD@Z
?PreviousSibling@TiXmlNode@@QBEPBV1@XZ
?Print@TiXmlAttribute@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlComment@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlDeclaration@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlDocument@@QBEXXZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlElement@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlText@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlUnknown@@UBEXPAU_iobuf@@H@Z
?PutString@TiXmlBase@@KAXABVTiXmlString@@PAV2@@Z
?PutString@TiXmlBase@@KAXABVTiXmlString@@PAVTiXmlOutStream@@@Z
?QueryDoubleAttribute@TiXmlElement@@QBEHPBDPAN@Z
?QueryDoubleValue@TiXmlAttribute@@QBEHPAN@Z
?QueryFloatAttribute@TiXmlElement@@QBEHPBDPAM@Z
?QueryIntAttribute@TiXmlElement@@QBEHPBDPAH@Z
?QueryIntValue@TiXmlAttribute@@QBEHPAH@Z
?ReadName@TiXmlBase@@KAPBDPBDPAVTiXmlString@@W4TiXmlEncoding@@@Z
?ReadText@TiXmlBase@@KAPBDPBDPAVTiXmlString@@_N02W4TiXmlEncoding@@@Z
?ReadValue@TiXmlElement@@IAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Remove@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z
?RemoveAttribute@TiXmlElement@@QAEXPBD@Z
?RemoveChild@TiXmlNode@@QAE_NPAV1@@Z
?ReplaceChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?RootElement@TiXmlDocument@@QBEPBVTiXmlElement@@XZ
?Row@TiXmlBase@@QBEHXZ
?SaveFile@TiXmlDocument@@QBE_NPAU_iobuf@@@Z
?SaveFile@TiXmlDocument@@QBE_NPBD@Z
?SaveFile@TiXmlDocument@@QBE_NXZ
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
?SetAttribute@TiXmlElement@@QAEXPBDH@Z
?SetCDATA@TiXmlText@@QAEX_N@Z
?SetCondenseWhiteSpace@TiXmlBase@@SAX_N@Z
?SetDocument@TiXmlAttribute@@QAEXPAVTiXmlDocument@@@Z
?SetDoubleAttribute@TiXmlElement@@QAEXPBDN@Z
?SetDoubleValue@TiXmlAttribute@@QAEXN@Z
?SetError@TiXmlDocument@@QAEXHPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?SetIntValue@TiXmlAttribute@@QAEXH@Z
?SetName@TiXmlAttribute@@QAEXPBD@Z
?SetTabSize@TiXmlDocument@@QAEXH@Z
?SetUserData@TiXmlBase@@QAEXPAX@Z
?SetValue@TiXmlAttribute@@QAEXPBD@Z
?SetValue@TiXmlNode@@QAEXPBD@Z
?SkipWhiteSpace@TiXmlBase@@KAPBDPBDW4TiXmlEncoding@@@Z
?Standalone@TiXmlDeclaration@@QBEPBDXZ
?StreamOut@TiXmlAttribute@@UBEXPAVTiXmlOutStream@@@Z
?StreamOut@TiXmlComment@@MBEXPAVTiXmlOutStream@@@Z
?StreamOut@TiXmlDeclaration@@MBEXPAVTiXmlOutStream@@@Z
?StreamOut@TiXmlDocument@@MBEXPAVTiXmlOutStream@@@Z
?StreamOut@TiXmlElement@@MBEXPAVTiXmlOutStream@@@Z
?StreamOut@TiXmlText@@MBEXPAVTiXmlOutStream@@@Z
?StreamOut@TiXmlUnknown@@MBEXPAVTiXmlOutStream@@@Z
?StringEqual@TiXmlBase@@KA_NPBD0_NW4TiXmlEncoding@@@Z
?TabSize@TiXmlDocument@@QBEHXZ
?Text@TiXmlHandle@@QBEPAVTiXmlText@@XZ
?ToComment@TiXmlComment@@UAEPAV1@XZ
?ToComment@TiXmlComment@@UBEPBV1@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToDeclaration@TiXmlDeclaration@@UAEPAV1@XZ
?ToDeclaration@TiXmlDeclaration@@UBEPBV1@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToDocument@TiXmlNode@@UAEPAVTiXmlDocument@@XZ
?ToDocument@TiXmlNode@@UBEPBVTiXmlDocument@@XZ
?ToElement@TiXmlElement@@UAEPAV1@XZ
?ToElement@TiXmlElement@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToLower@TiXmlBase@@KAHHW4TiXmlEncoding@@@Z
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToText@TiXmlText@@UAEPAV1@XZ
?ToText@TiXmlText@@UBEPBV1@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToUnknown@TiXmlUnknown@@UAEPAV1@XZ
?ToUnknown@TiXmlUnknown@@UBEPBV1@XZ
?Type@TiXmlNode@@QBEHXZ
?Unknown@TiXmlHandle@@QBEPAVTiXmlUnknown@@XZ
?Value@TiXmlAttribute@@QBEPBDXZ
?Value@TiXmlNode@@QBEPBDXZ
?Version@TiXmlDeclaration@@QBEPBDXZ
?append@TiXmlString@@QAEAAV1@PBDI@Z
?assign@TiXmlString@@QAEAAV1@PBDI@Z
?at@TiXmlString@@QBEABDI@Z
?c_str@TiXmlString@@QBEPBDXZ
?capacity@TiXmlString@@QBEIXZ
?clear@TiXmlString@@QAEXXZ
?condenseWhiteSpace@TiXmlBase@@0_NA
?data@TiXmlString@@QBEPBDXZ
?empty@TiXmlString@@QBE_NXZ
?entity@TiXmlBase@@0PAUEntity@1@A
?errorString@TiXmlBase@@1PAPBDA
?find@TiXmlString@@QBEID@Z
?find@TiXmlString@@QBEIDI@Z
?finish@TiXmlString@@ABEPADXZ
?init@TiXmlString@@AAEXI@Z
?init@TiXmlString@@AAEXII@Z
?length@TiXmlString@@QBEIXZ
?npos@TiXmlString@@2IB
?nullrep_@TiXmlString@@0URep@1@A
?quit@TiXmlString@@AAEXXZ
?reserve@TiXmlString@@QAEXI@Z
?set_size@TiXmlString@@AAEXI@Z
?size@TiXmlString@@QBEIXZ
?start@TiXmlString@@ABEPADXZ
?swap@TiXmlString@@QAEXAAV1@@Z
?utf8ByteTable@TiXmlBase@@2QBHB

Sections

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
startup.exe
.exe windows:4 windows x86 arch:x86

6682741f337fb88ac04e0529a473aa61

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/03/2010, 00:00

Not After

16/03/2012, 23:59

Subject

CN=Beijing Xinen Technology Ltd,O=Beijing Xinen Technology Ltd,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:a3:cf:1f:46:b4:49:bc:1f:53:96:3c:87:5e:48:74:21:a8:fd:db
Signer

Actual PE Digest

35:a3:cf:1f:46:b4:49:bc:1f:53:96:3c:87:5e:48:74:21:a8:fd:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
RtlUnwind
HeapReAlloc
ExitProcess
TerminateProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
SetErrorMode
WritePrivateProfileStringW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
FindResourceExW
RaiseException
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
lstrcmpiW
FileTimeToSystemTime
GetVersion
GlobalGetAtomNameW
VirtualProtect
GetProfileIntW
InterlockedDecrement
MulDiv
lstrcpynW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
lstrlenW
lstrcatW
lstrcmpW
GetModuleHandleW
HeapAlloc
WriteFile
ReadFile
CreateFileA
GetFileSize
GetProcessHeap
HeapFree
GetVersionExA
GetModuleFileNameW
GetPrivateProfileSectionA
GlobalAlloc
GlobalFree
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForMultipleObjects
ResetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameA
GetEnvironmentVariableW
DeleteFileW
CreateMutexA
SleepEx
TerminateThread
ResumeThread
SetEnvironmentVariableW
SetLastError
FormatMessageW
GetTickCount
LoadLibraryA
GetProcAddress
lstrlenA
CreateEventA
ExitThread
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
lstrcpyW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindFirstFileA
GetPrivateProfileIntW
GetPrivateProfileSectionW
FindNextFileA
GetLastError
FormatMessageA
LocalFree
WideCharToMultiByte
GetShortPathNameA
MultiByteToWideChar
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GlobalLock
GlobalSize
GlobalUnlock
FindFirstFileW
FindNextFileW
FindClose
GetUserDefaultLangID
OpenEventA
SetEvent
Sleep
ReleaseMutex
CloseHandle
GetPrivateProfileStringA
OpenMutexA
GetPrivateProfileStringW
CreateThread
WritePrivateProfileStringA
GetModuleFileNameA
GetPrivateProfileIntA
GetVersionExW
WinExec
FindResourceW
LoadResource
LockResource
SetUnhandledExceptionFilter
SizeofResource

user32

SetCapture
DrawIcon
FindWindowW
wsprintfW
LoadMenuW
UnpackDDElParam
ReuseDDElParam
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
SetMenu
TranslateAcceleratorW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IsClipboardFormatAvailable
SetMenuItemBitmaps
ModifyMenuW
GetMenuCheckMarkDimensions
WindowFromPoint
MapDialogRect
GetAsyncKeyState
IsWindowEnabled
ShowWindow
MoveWindow
IsDialogMessageW
SetDlgItemTextW
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
GetMenuState
RegisterWindowMessageW
WinHelpW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
PeekMessageW
MapWindowPoints
ShowOwnedPopups
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetSubMenu
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
DrawTextW
FindWindowExW
UpdateWindow
GetWindowTextLengthW
GetWindowLongW
GetWindow
AdjustWindowRectEx
RegisterHotKey
RegisterWindowMessageA
UnregisterHotKey
GetMenuItemID
DeleteMenu
SetWindowLongW
CopyIcon
MessageBeep
GetMessagePos
GetParent
InflateRect
SetCursor
SetWindowTextW
GetWindowTextW
SetDlgItemTextA
GetDlgItemTextW
GetDlgItem
MessageBoxW
PostQuitMessage
SendMessageTimeoutA
IsWindow
RegisterClipboardFormatW
SystemParametersInfoW
SetWindowPos
EnableWindow
SetForegroundWindow
CreatePopupMenu
CheckMenuItem
SetWindowContextHelpId
GetSysColorBrush
CharUpperW
SetRect
CopyAcceleratorTableW
InvalidateRgn
CharNextW
EnableMenuItem
TrackPopupMenu
DestroyMenu
GetSysColor
GetSystemMetrics
GetIconInfo
SetMenuInfo
SetMenuItemInfoW
GetMenuStringW
TrackMouseEvent
GetDoubleClickTime
AppendMenuW
LoadImageA
LoadBitmapW
GetWindowDC
PostThreadMessageW
ScrollWindow
GetNextDlgGroupItem
SetWindowRgn
GetCursorPos
DrawIconEx
SetLayeredWindowAttributes
LoadIconW
GetCapture
KillTimer
SetTimer
IsWindowVisible
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
GetClientRect
GetWindowRect
BringWindowToTop
GetSystemMenu
PostMessageW
SendMessageW
GetMenuItemInfoW
GetMenuItemCount
DrawEdge
EnumWindows
GetClassNameW
CopyRect
SetRectEmpty
PtInRect
IsRectEmpty
LoadCursorW
GetMessageTime

gdi32

GetViewportExtEx
GetTextColor
GetBkColor
GetRgnBox
EnumFontFamiliesExW
GetWindowExtEx
Ellipse
LPtoDP
CreateEllipticRgn
CreateCompatibleBitmap
GetMapMode
CreateRectRgnIndirect
CreateSolidBrush
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateRoundRectRgn
GetStockObject
GetTextExtentPoint32W
CreateCompatibleDC
SelectObject
BitBlt
CreateRectRgn
GetPixel
CombineRgn
DeleteObject
DeleteDC
GetObjectW
CreateFontW

comdlg32

GetFileTitleW
GetOpenFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

StartServiceA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegCreateKeyExA
RegSetValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteValueA
RegEnumKeyW
RegOpenKeyW
DeleteService
ControlService
RegCloseKey
QueryServiceConfigA
OpenServiceA
QueryServiceStatus
CreateServiceA
OpenSCManagerA
CloseServiceHandle
RegQueryInfoKeyA
RegDeleteKeyW
RegDeleteKeyA
RegDeleteValueW

shell32

DragFinish
DragQueryFileA
SHGetMalloc
SHGetPathFromIDListW
DragQueryFileW
ShellExecuteA
ShellExecuteW
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHBrowseForFolderW

comctl32

ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

RevokeDragDrop
StgOpenStorageOnILockBytes
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
CoLockObjectExternal
CoGetClassObject
OleGetClipboard
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoDisconnectObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes

oleaut32

LoadTypeLi
OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
OleLoadPicture
VariantClear

ws2_32

__WSAFDIsSet
select
socket
bind
listen
htons
setsockopt
htonl
getpeername
inet_addr
ntohl
shutdown
closesocket
recvfrom
recv
getservbyname
WSAGetLastError
ntohs
gethostname
gethostbyname
WSACleanup
WSAStartup
accept

wininet

HttpSendRequestExA
HttpEndRequestW
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestW
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetWriteFile
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
var/tmp/jpgini/Uninstall.exe.nsis
var/tmp/list.ini

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:ccCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:a1:03:53:62:16:ee:98:46:65:22:8f:94:75:64:cd:e4:4d:71:f2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 32KB - Virtual size: 32KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 200KB - Virtual size: 200KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 147B

.rdata Size: 512B - Virtual size: 47B

.reloc Size: 13KB - Virtual size: 12KB

.rsrc Size: 5KB - Virtual size: 5KB

5e604100943cc14e7b48109dae8bf6f3

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:ccCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

76:ab:81:6c:60:be:30:3c:8c:4b:28:e8:4b:c1:58:5e:54:fc:7f:20Signer

Headers

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:a1:03:53:62:16:ee:98:46:65:22:8f:94:75:64:cd:e4:4d:71:f2
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

CODE
Size: 200KB - Virtual size: 200KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 147B

.rdata
Size: 512B - Virtual size: 47B

.reloc
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 5KB - Virtual size: 5KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

76:ab:81:6c:60:be:30:3c:8c:4b:28:e8:4b:c1:58:5e:54:fc:7f:20
Signer

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 92KB - Virtual size: 97KB

.rsrc
Size: 12KB - Virtual size: 10KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

8e:f9:3f:ac:9c:f8:b9:b8:e7:09:4e:c2:fd:37:d2:91:0a:0b:32:30
Signer

.text
Size: 316KB - Virtual size: 312KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 2KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

3e:33:37:92:f1:cb:6b:16:e2:ff:07:13:73:54:5e:cc
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

24:42:4b:4f:81:cb:98:99:e9:9b:97:23:d1:ef:a7:0e:4c:50:f9:99
Signer

.rdata
Size: 84KB - Virtual size: 82KB