fece4563ef5f96b8ed2a327e87cfb3c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fece4563ef5f96b8ed2a327e87cfb3c2_JaffaCakes118
Size

16.0MB
MD5

fece4563ef5f96b8ed2a327e87cfb3c2
SHA1

51d9993ebb56eb05f9c36fa3dc0dd38f52d1e736
SHA256

ccc5d9af589ab59d634ba4b8e3d16959183326fb889b2f4d8f58deb9b4e484ef
SHA512

4a1af29c55acc09753ddb12cedb7e28c3178a149ad1c414542a32fe9ecda0774c1076d3e154e3958096c21972c4a5ba8ffbb552420912b42ec98cd85a9d4528c
SSDEEP

393216:bkmczUfnWe1lBXB+rg7i0EhaEeQXMlAeaUHA4:Tmpe1XBaJ0EhaEPXMqeaUg4

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UNACEV2.DLL
unpack001/sfx/HaoZip7zCon.sfx
unpack001/sfx/HaoZip7zSetup.sfx

Files

fece4563ef5f96b8ed2a327e87cfb3c2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9679f250d91a527cbbb99da9f96997e8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:f9:59:fa:77:63:25:4a:d7:f9:d9:f6:5c:5b:29:d1:e5:4c:69:7d:73:aa:26:7a:2c:f0:08:24:1e:b0:94:a1
Signer

Actual PE Digest

04:f9:59:fa:77:63:25:4a:d7:f9:d9:f6:5c:5b:29:d1:e5:4c:69:7d:73:aa:26:7a:2c:f0:08:24:1e:b0:94:a1

Digest Algorithm

sha256

PE Digest Matches

true

38:9f:75:8b:5b:a5:35:55:1a:2f:98:08:32:75:85:2a:10:be:7f:e3
Signer

Actual PE Digest

38:9f:75:8b:5b:a5:35:55:1a:2f:98:08:32:75:85:2a:10:be:7f:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
GetTickCount
GetModuleFileNameW
GetProcAddress
GetCommandLineW
SetEnvironmentVariableW
WriteFile
GetTempPathW
SetErrorMode
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetVersion
GetWindowsDirectoryW
LoadLibraryW
CopyFileW
GetDiskFreeSpaceW
CreateThread
GlobalLock
GlobalUnlock
lstrcmpiW
lstrlenW
CreateDirectoryW
GetTempFileNameW
RemoveDirectoryW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcatW
MoveFileExW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
VirtualQuery
RtlUnwind
IsProcessorFeaturePresent
lstrcmpW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
Sleep
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
lstrcpynW
ExpandEnvironmentStringsW

user32

GetSysColor
GetWindowLongW
SetClassLongW
LoadBitmapW
LoadCursorW
SystemParametersInfoW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
ScreenToClient
CharPrevW
MessageBoxIndirectW
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamW
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
CharNextA
GetSystemMenu
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessagePos
CharNextW
ExitWindowsEx
SetTimer
CreateDialogParamW
DestroyWindow
PostMessageW
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
ReleaseDC
GetDC
DefWindowProcW
DrawTextW
BeginPaint
EndPaint
GetClientRect
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
SetWindowTextW

gdi32

SetBkColor
GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
SetFileSecurityW
LookupPrivilegeValueW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
AdjustTokenPrivileges

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ord17

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FileInfo.dll
.dll windows:5 windows x86 arch:x86

4524a6d7d0c33c1a41cabdb7a47456e9

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

43:07:f7:f0:50:c3:0e:7b:58:3f:c9:b6:3b:51:c2:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/05/2017, 00:00

Not After

23/07/2018, 23:59

Subject

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/05/2016, 00:00

Not After

06/05/2019, 23:59

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:b0:ed:b0:49:78:5d:98:ad:c0:3f:8d:4a:38:52:7b:bd:57:ea:c9:68:10:70:97:d8:fa:37:6d:25:d6:bf:e1
Signer

Actual PE Digest

ea:b0:ed:b0:49:78:5d:98:ad:c0:3f:8d:4a:38:52:7b:bd:57:ea:c9:68:10:70:97:d8:fa:37:6d:25:d6:bf:e1

Digest Algorithm

sha256

PE Digest Matches

true

57:11:5c:e2:5d:93:f9:b0:61:6b:65:3e:02:4d:bd:fc:be:ee:23:8c
Signer

Actual PE Digest

57:11:5c:e2:5d:93:f9:b0:61:6b:65:3e:02:4d:bd:fc:be:ee:23:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetFileAttributesW
GetLastError
DeleteFileW
SetFileAttributesW
WaitForSingleObject
OpenProcess
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
GlobalAlloc
lstrcpynW
MultiByteToWideChar
GlobalFree
lstrcpyW
CreateProcessW
GetCurrentProcess
SetLastError
GetFileSize
SetFilePointer
WriteFile
CreateFileW
GetModuleFileNameW
RtlUnwind
HeapReAlloc
Sleep
MoveFileExW
CreateMutexW
SetStdHandle
WriteConsoleW
OutputDebugStringW
WideCharToMultiByte
SetUnhandledExceptionFilter
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
HeapAlloc
UnhandledExceptionFilter
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW
LoadLibraryExW

user32

wsprintfW

advapi32

FreeSid
AllocateAndInitializeSid
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetLengthSid

Exports

Exports

CheckInstallerInstance
CheckUserID_01
CheckUserID_02
CheckUserID_03
CheckUserID_04
CheckUserID_05
CreateLowIntegrityProcess
DeleteInstallFile
FindProcess
GetSpecialBuild
IsValidUserID
KillProcess

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/RCWidgetPlugin.dll
.dll windows:5 windows x86 arch:x86

e1e9778968a499eee07b6202e2d77282

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c1:6e:06:6d:ab:0e:ed:c1:ce:d1:3d:5e:4c:ce:61:e6:ef:c8:12:27:9a:56:14:80:33:3b:10:7f:c8:23:63:98
Signer

Actual PE Digest

c1:6e:06:6d:ab:0e:ed:c1:ce:d1:3d:5e:4c:ce:61:e6:ef:c8:12:27:9a:56:14:80:33:3b:10:7f:c8:23:63:98

Digest Algorithm

sha256

PE Digest Matches

true

91:e9:3e:ff:85:88:73:dd:02:b7:23:76:e0:ca:04:be:40:22:85:1a
Signer

Actual PE Digest

91:e9:3e:ff:85:88:73:dd:02:b7:23:76:e0:ca:04:be:40:22:85:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
VirtualProtect
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetLogicalProcessorInformation
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
GetProcessAffinityMask
CreateTimerQueue
DuplicateHandle
SetEnvironmentVariableA
GetTimeZoneInformation
ExitThread
LocalFree
GetCommandLineW
CreateFileW
CreateThread
GetModuleFileNameW
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
ReadFile
SetErrorMode
lstrcatW
FindClose
GetFileAttributesW
FindFirstFileW
CloseHandle
GetShortPathNameW
LockResource
GetProcAddress
lstrlenW
SizeofResource
LoadLibraryW
GetModuleHandleW
WaitForSingleObject
LoadResource
FreeLibrary
FindResourceW
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemInfo
lstrcpyW
GlobalFree
MultiByteToWideChar
lstrcpynW
WideCharToMultiByte
GetThreadPriority
GlobalAlloc
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
FreeResource
SetWaitableTimer
CreateWaitableTimerW
MulDiv
InterlockedDecrement
InterlockedIncrement
lstrcmpW
FlushInstructionCache
InterlockedExchange
GlobalMemoryStatusEx
GetLogicalDriveStringsW
ReleaseMutex
CreateMutexW
QueryDosDeviceW
SetEndOfFile
SetFilePointer
GetFileSize
FindNextFileW
SetFileAttributesW
DeleteFileW
GetWindowsDirectoryW
RemoveDirectoryW
GetTempPathW
CopyFileW
CreateDirectoryW
GetTempFileNameW
GetFullPathNameW
InterlockedExchangeAdd
ResetEvent
SetEvent
InitializeCriticalSection
GetFileAttributesExW
GetLongPathNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
OpenProcess
ResumeThread
lstrcmpiW
GetVersionExW
GetStringTypeW
OutputDebugStringW
WriteConsoleW
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlUnwind
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
EncodePointer
HeapFree
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
HeapSize
HeapAlloc
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
SetFilePointerEx
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetLastError
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateSemaphoreW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

SendMessageW
wsprintfW
GetWindowLongW
SetWindowPos
SetFocus
IsWindow
CreateWindowExW
EnableWindow
GetActiveWindow
LoadIconW
CharNextW
CharPrevW
PostMessageW
SetWindowLongW
EndDialog
UnregisterClassW
RemovePropW
SetPropW
GetForegroundWindow
GetPropW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
GetIconInfo
DrawIconEx
GetSysColor
DestroyAcceleratorTable
CreateAcceleratorTableW
GetFocus
GetClassInfoExW
RegisterClassExW
RegisterWindowMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CallWindowProcW
GetCaretBlinkTime
ToAscii
GetKeyboardState
LoadImageW
LoadBitmapW
MsgWaitForMultipleObjects
SetCaretPos
SetRect
FillRect
UpdateLayeredWindow
SetRectEmpty
PtInRect
UnionRect
IntersectRect
GetClassLongW
GetWindow
CopyRect
GetMonitorInfoW
SetWindowTextW
MapWindowPoints
ShowWindow
GetDesktopWindow
GetDlgItem
MonitorFromWindow
ReleaseDC
GetClassNameW
SystemParametersInfoW
GetWindowTextW
GetDC
GetClientRect
GetParent
SetForegroundWindow
GetWindowRect
GetWindowTextLengthW
DefWindowProcW
IsIconic
IsZoomed
GetSystemMetrics
GetWindowDC
InvalidateRect
RedrawWindow
SetCursor
GetCursorPos
ClientToScreen
OffsetRect
IsRectEmpty
EqualRect
EnumChildWindows
LoadCursorW
DialogBoxParamW
DestroyWindow
TrackMouseEvent
GetKeyState
SetCapture
ReleaseCapture
ScreenToClient
IsChild
ShowWindowAsync
MoveWindow
IsWindowVisible
OpenClipboard
SetTimer
KillTimer
BeginPaint
EndPaint
SetWindowRgn
ValidateRect
InvalidateRgn
GetWindowThreadProcessId

gdi32

CreatePolygonRgn
CreateSolidBrush
SetBkColor
SetTextColor
EnumFontsW
GetObjectW
SetViewportOrgEx
CreateRoundRectRgn
PtInRegion
CreateRectRgnIndirect
CreateDCW
GetDIBits
ExtTextOutW
SelectObject
SelectClipRgn
DeleteObject
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
SetWorldTransform
GetClipBox
SetGraphicsMode
GetDeviceCaps
BitBlt
CreateFontIndirectW
CreateDIBSection
GetStockObject
DeleteDC

advapi32

RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

DragFinish
ord190
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
ord155
SHBrowseForFolderW
DragQueryFileW
CommandLineToArgvW
SHGetPathFromIDListW

ole32

OleInitialize
OleLockRunning
OleUninitialize
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocString
VarBstrCmp
VarUI4FromStr
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
LoadTypeLi
SysFreeString

shlwapi

PathRemoveFileSpecW
StrToIntA
ord12

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

gdiplus

GdipCloneRegion
GdipDeleteRegion
GdipTransformRegion
GdipCloneBrush
GdipDeleteBrush
GdipCreateTexture
GdipGetTextureTransform
GdipCreateSolidFill
GdipCreateLineBrushI
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipGetLineTransform
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipGetImageGraphicsContext
GdipCloneBitmapArea
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipSetInterpolationMode
GdipGetInterpolationMode
GdipMultiplyWorldTransform
GdipTranslateWorldTransform
GdipScaleWorldTransform
GdipRotateWorldTransform
GdipDrawLine
GdipDrawArcI
GdipDrawRectangle
GdipGetMatrixElements
GdipGraphicsClear
GdipFillRectangleI
GdipFillEllipse
GdipCreateMatrix2
GdipCreateMatrix
GdipGetPathWorldBounds
GdipAddPathString
ord1
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusStartup
GdipFillPath
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipSetClipRectI
GdipDrawPath
GdipCreateHBITMAPFromBitmap
GdipSetCompositingMode
GdipSetLineTransform
GdipSetTextureTransform
GdipGetBrushType
GdipCombineRegionRegion
GdipCombineRegionPath
GdipCreateRegionPath
GdipSetClipRegion
GdipGetClipBoundsI
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipEndContainer
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetFamilyName
GdipGetEmHeight
GdipGetCellAscent
GdipGetCellDescent
GdipGetLineSpacing
GdipCreateFont
GdipDeleteFont
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathBezierI
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipAddPathLineI
GdipAddPathArcI
GdipDeleteMatrix

winmm

timeGetTime

Exports

Exports

AddFirewallNetworkRule
BindSoftware
CheckInstall
DeleteFirewallNetworkRule
GetCheckValue
GetDesktopShortcutCheckValue
GetInstDir
GetInstallResult
GetInstallVersion
Init
OnRepair
OnSetup
OnSetupPost
OnUninstall
PopInt
PopString
PushInt
PushString
ShowInstall
ShowUnInstall

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

127a02894b36e3dd18bd638b1758f9f7

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:60:6a:c0:0a:2f:9f:36:80:8c:ab:db:6c:6e:7e:37
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/06/2016, 00:00

Not After

15/06/2017, 23:59

Subject

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/05/2016, 00:00

Not After

06/05/2019, 23:59

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:bb:56:f8:17:f2:43:b7:6d:6d:18:d7:a6:ec:64:f5:7d:e8:59:be:a9:d6:be:e6:c2:19:9e:f5:81:cb:b8:56
Signer

Actual PE Digest

22:bb:56:f8:17:f2:43:b7:6d:6d:18:d7:a6:ec:64:f5:7d:e8:59:be:a9:d6:be:e6:c2:19:9e:f5:81:cb:b8:56

Digest Algorithm

sha256

PE Digest Matches

true

97:22:0a:20:93:eb:6a:4c:82:ad:37:63:39:bc:81:74:43:e6:a6:48
Signer

Actual PE Digest

97:22:0a:20:93:eb:6a:4c:82:ad:37:63:39:bc:81:74:43:e6:a6:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
VirtualAlloc
VirtualFree
VirtualProtect
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0
.dll regsvr32 windows:5 windows x86 arch:x86

d7bb6ba0dc2e80e17cac46103e6a8d8c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:b5:0d:5f:fb:5f:fb:5b:d7:cd:47:c8:9e:a1:66:64:1a:82:17:6e:a6:a5:37:51:14:16:9e:7d:8e:6b:55:19
Signer

Actual PE Digest

5c:b5:0d:5f:fb:5f:fb:5b:d7:cd:47:c8:9e:a1:66:64:1a:82:17:6e:a6:a5:37:51:14:16:9e:7d:8e:6b:55:19

Digest Algorithm

sha256

PE Digest Matches

true

96:21:e7:aa:04:30:ed:75:af:96:b9:3e:7c:cd:6f:7b:3a:5c:0c:2f
Signer

Actual PE Digest

96:21:e7:aa:04:30:ed:75:af:96:b9:3e:7c:cd:6f:7b:3a:5c:0c:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\rczip\bin\Win32\release\pdb\HaoZipExt32.pdb

Imports

kernel32

GetVersion
WaitForSingleObject
GetCurrentProcess
GetVersionExW
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryW
GetSystemDefaultLangID
GetFileAttributesW
FindFirstFileW
CreateFileW
GetLongPathNameW
GetACP
MapViewOfFile
UnmapViewOfFile
Sleep
CreateFileMappingW
FindClose
FindNextFileW
InitializeCriticalSection
SetFilePointer
ReadFile
GetEnvironmentVariableW
OpenProcess
GetCurrentThreadId
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
lstrlenW
GetTempPathW
DeleteFileW
SetFileAttributesW
GetFileSize
lstrcmpiW
InterlockedExchangeAdd
CreateMutexW
ReleaseMutex
CreateEventW
GetPrivateProfileStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
HeapReAlloc
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
DisableThreadLibraryCalls
EnterCriticalSection
GetProcAddress
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
GetModuleHandleW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
EncodePointer
CloseHandle
DecodePointer
DeleteCriticalSection
GetLastError
RaiseException
GlobalUnlock
lstrcpynW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GlobalLock
InterlockedDecrement
InterlockedIncrement
WriteFile
lstrcpynA
TlsGetValue
TlsAlloc
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetModuleHandleExW
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent

user32

GetMenuInfo
GetMenuItemCount
InsertMenuItemW
AppendMenuW
CreatePopupMenu
DestroyIcon
SetMenuItemInfoW
DestroyMenu
GetIconInfo
LoadStringW
SetRect
GetDesktopWindow
GetDC
ReleaseDC
wsprintfW
LoadImageW
CharNextW
IsMenu
DrawIconEx
GetMenuItemInfoW

gdi32

CreateDIBSection
GetDIBits
SetBkColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
DeleteObject
DeleteDC

advapi32

RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW

shell32

DragQueryFileW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc

oleaut32

VarUI4FromStr

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2345DirectUI.dll
.dll windows:5 windows x64 arch:x64

51dcb9e351489e3c75db9c583e4f741e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c6:cd:0f:09:13:2a:5e:db:52:52:9c:00:55:37:49:e2:54:1f:5f:f8:5c:b8:90:07:bc:77:a2:9c:30:1f:a8:8d
Signer

Actual PE Digest

c6:cd:0f:09:13:2a:5e:db:52:52:9c:00:55:37:49:e2:54:1f:5f:f8:5c:b8:90:07:bc:77:a2:9c:30:1f:a8:8d

Digest Algorithm

sha256

PE Digest Matches

true

86:fb:5d:44:29:01:4a:1d:80:bb:f5:b5:bc:90:fb:fe:8f:c1:5c:f4
Signer

Actual PE Digest

86:fb:5d:44:29:01:4a:1d:80:bb:f5:b5:bc:90:fb:fe:8f:c1:5c:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\DirectUI\SVNServer\DirectUI\bin\vs2013\x64\release_unicode\pdb\2345DirectUI.pdb

Imports

kernel32

IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
lstrlenA
LocalFree
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThreadId
SetLastError
FlushInstructionCache
ReadFile
FreeLibrary
GetCurrentProcess
SetFilePointer
FreeResource
EncodePointer
DeleteFileW
CopyFileW
CreateEventW
GetTickCount
GetCurrentDirectoryW
WideCharToMultiByte
DisableThreadLibraryCalls
MultiByteToWideChar
SizeofResource
LoadLibraryExW
LoadResource
FindResourceW
IsBadReadPtr
GlobalFree
CreateFileW
WriteFile
DecodePointer
GetLastError
RaiseException
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GlobalUnlock
GlobalAlloc
GetModuleHandleW
GlobalLock
MulDiv
ExpandEnvironmentStringsW
lstrcpyW
lstrcatW
lstrcmpiW
lstrlenW
GetFileAttributesW
GetVersionExW
LoadLibraryW
CloseHandle
DeleteCriticalSection
LoadLibraryA
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
InitializeCriticalSection
IsDebuggerPresent

user32

FindWindowW
IsRectEmpty
SetRectEmpty
GetMonitorInfoW
MonitorFromWindow
DrawTextW
UnionRect
GetSysColor
EndPaint
ClientToScreen
IsWindow
PtInRect
LoadCursorW
GetParent
SetForegroundWindow
PostMessageW
IsIconic
GetWindowRect
RemovePropW
UpdateLayeredWindow
DestroyWindow
UnregisterClassW
CopyRect
SetCursor
GetIconInfo
DrawIconEx
MoveWindow
SetWindowTextW
GetDlgCtrlID
UpdateWindow
SendMessageW
CloseWindow
GetDlgItem
GetWindowTextW
BringWindowToTop
InvalidateRect
LockWindowUpdate
GetCapture
SetFocus
GetClientRect
SetParent
IsWindowEnabled
IsZoomed
KillTimer
SetCapture
SetActiveWindow
SetTimer
GetWindowTextLengthW
CharNextW
GetWindow
SystemParametersInfoW
MessageBoxW
CallWindowProcW
EndDeferWindowPos
SetWindowLongPtrW
GetSystemMetrics
BeginDeferWindowPos
ReleaseCapture
EqualRect
GetCursorPos
GetDesktopWindow
DestroyCursor
EnableMenuItem
GetClassNameW
GetClassLongPtrW
IntersectRect
OffsetRect
InflateRect
BeginPaint
DrawTextExW
GetWindowLongPtrW
GetKeyState
GetTopWindow
ScreenToClient
GetSystemMenu
FillRect
DrawFrameControl
LoadStringW
LoadImageW
MonitorFromPoint
CallNextHookEx
WindowFromPoint
TrackPopupMenuEx
RemoveMenu
SetWindowsHookExW
UnhookWindowsHookEx
LoadMenuW
DeferWindowPos
GetDoubleClickTime
DestroyIcon
GetWindowDC
GetMessagePos
EndDialog
GetFocus
DialogBoxParamW
GetAsyncKeyState
IsMenu
GetMenuItemID
GetSubMenu
DeleteMenu
GetMenuStringW
GetMenuItemInfoW
ModifyMenuW
GetClassLongW
SetRect
AppendMenuW
CreatePopupMenu
GetMenuItemCount
GetClassInfoExW
SetPropW
GetDC
GetForegroundWindow
RegisterClassExW
GetWindowLongW
ReleaseDC
InsertMenuW
DestroyMenu
GetWindowThreadProcessId
DefWindowProcW
GetPropW
EnableWindow
IsWindowVisible
CreateWindowExW
SetWindowPos
GetActiveWindow
ShowWindow
RedrawWindow
SetWindowLongW
SetWindowRgn

gdi32

CreateRectRgn
OffsetRgn
CreateCompatibleBitmap
CombineRgn
CreateRectRgnIndirect
PtInRegion
SetRectRgn
SelectClipRgn
CreateBitmap
SetViewportOrgEx
PatBlt
CreateSolidBrush
CreatePen
FillPath
PolyBezierTo
EndPath
ExtCreateRegion
PolyDraw
GetRegionData
CreateFontIndirectW
SetTextColor
WidenPath
CreatePatternBrush
GetViewportOrgEx
GetWindowOrgEx
GetPath
MoveToEx
BeginPath
CreateICW
GetPixel
SetDIBits
ExtTextOutW
SetBkColor
GetCurrentObject
RestoreDC
SetROP2
SaveDC
IntersectClipRect
SetWindowOrgEx
Rectangle
GetClipBox
SetBkMode
CreateDIBSection
BitBlt
GetDeviceCaps
GetDIBits
CreateDCW
RealizePalette
SelectPalette
GetObjectW
GetStockObject
DeleteDC
SelectObject
CreateCompatibleDC
LineTo
DeleteObject

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteW

ole32

CoCreateGuid
CoFreeUnusedLibraries
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
OleUninitialize
OleInitialize

oleaut32

SafeArrayGetUBound
VariantClear
VarBstrCmp
VarUI4FromStr
SysAllocStringLen
VariantCopy
SysStringByteLen
VarBstrCat
SysAllocStringByteLen
SysStringLen
SafeArrayPutElement
SafeArrayGetElement
SafeArrayRedim
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SysAllocString
OleTranslateColor
LoadRegTypeLi
SysFreeString
VariantChangeType
VariantInit
LoadTypeLi

msvcp120

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Orphan_all@_Container_base12@std@@QEAAXXZ
??0_Container_base12@std@@QEAA@XZ
?_Swap_all@_Container_base12@std@@QEAAXAEAU12@@Z
?_Winerror_map@std@@YAPEBDH@Z

msvcr120

_malloc_crt
_amsg_exit
__CppXcptFilter
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__CxxFrameHandler3
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
atof
?terminate@@YAXXZ
sprintf_s
strchr
toupper
_wcstoui64
wcstoul
wcschr
_snwprintf_s
atoi
_waccess
vswprintf_s
strstr
_wtoi
_wcsicmp
strncpy_s
fclose
wcscpy_s
fseek
_initterm
wcscat_s
ftell
fwrite
fread
swprintf_s
_wfopen_s
wcsstr
wcsncpy_s
_resetstkoflw
malloc
memcpy_s
_recalloc
calloc
??_V@YAXPEAX@Z
free
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_purecall
_beginthreadex
memmove
memcpy
_initterm_e
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
memset
_CxxThrowException
__RTDynamicCast
ceilf
floorf
memcmp

comctl32

ImageList_Destroy
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_LoadImageW
_TrackMouseEvent
ImageList_GetIcon

msimg32

AlphaBlend

gdiplus

GdipFillRectangleI
GdipCloneImage
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipCreateLineBrushFromRectWithAngleI
GdipSetStringFormatFlags
GdipGetStringFormatFlags
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetStringFormatAlign
GdipSetSmoothingMode
GdipBitmapUnlockBits
GdipDrawString
GdipCreateFontFromLogfontW
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipBitmapLockBits
GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipDrawImageI
GdipDeletePen
GdipCreatePen1
GdipDrawRectangleI
GdipFillPolygon
GdipDrawPolygon
GdipCreateHICONFromBitmap
GdipCreateTexture
GdipFillPieI
GdipCloneBitmapAreaI
GdipSetCompositingMode
GdipDisposeImage
GdipAlloc
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipGetImageHeight
GdipCloneBrush
GdipFree
GdipDeleteBrush
GdipCreateHBITMAPFromBitmap

rpcrt4

UuidFromStringW

Exports

Exports

CloseSkin
FreeSkinFileBytes
GetSkinFileBytes
OpenSkin

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zNew.data
.7z
Benchmark.data
HaoZip.chm
.chm
HaoZip.dll
.dll windows:5 windows x64 arch:x64

22b49550b180d6607999183935ec1116

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f1:69:09:29:39:8b:b7:bd:fc:74:63:69:0b:e7:8e:b9:49:f8:60:4b:5b:c4:c0:44:7f:00:87:d6:02:98:9e:af
Signer

Actual PE Digest

f1:69:09:29:39:8b:b7:bd:fc:74:63:69:0b:e7:8e:b9:49:f8:60:4b:5b:c4:c0:44:7f:00:87:d6:02:98:9e:af

Digest Algorithm

sha256

PE Digest Matches

true

4d:00:76:bb:47:82:ad:36:2f:71:f9:1e:26:4a:b8:98:1e:fa:e7:d8
Signer

Actual PE Digest

4d:00:76:bb:47:82:ad:36:2f:71:f9:1e:26:4a:b8:98:1e:fa:e7:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZip.dll.pdb

Imports

gdiplus

GdipBitmapLockBits
GdipDeleteMatrix
GdipCreateRegion
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipTransformPointsI
GdipDeleteRegion
GdipGetClipBoundsI
GdipSaveGraphics
GdipBitmapUnlockBits
GdipGetMatrixElements
GdipSetClipRectI
GdipGetClip
GdipCreateMatrix
GdipScaleWorldTransform
GdipSetImageAttributesColorMatrix
GdipGetRegionHRgn
GdipCloneBitmapAreaI
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipSetPageUnit
GdipGetImagePixelFormat
GdipReleaseDC
GdipGetDC
GdipGetImageThumbnail
GdipGraphicsClear
GdipLoadImageFromFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipImageGetFrameCount
GdipImageRotateFlip
GdipImageGetFrameDimensionsCount
GdipSaveImageToFile
GdipRestoreGraphics
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipDrawImageRectRect
GdipDeleteStringFormat
GdipCreateStringFormat
GdipFillRectangleI
GdipCreateFontFromLogfontW
GdipDrawString
GdipCreateImageAttributes
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipSetImageAttributesWrapMode
GdipDeleteFont
GdipSetTextRenderingHint
GdipMeasureString
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromResource
GdipSetSmoothingMode
GdipGetPropertyItemSize
GdipSetCompositingMode
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipFree
GdipDrawImageRectI
GdiplusShutdown

imm32

ImmGetContext
ImmReleaseContext
ImmSetConversionStatus
ImmGetDescriptionW
ImmGetConversionStatus
ImmAssociateContextEx

kernel32

FindFirstFileW
CreateFileW
GetLongPathNameW
GetFileAttributesExW
FormatMessageW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
GetFileSize
SetEndOfFile
SetFileTime
ResumeThread
ResetEvent
OpenEventW
CreateMutexW
ReleaseMutex
GetFileTime
GetEnvironmentVariableW
OpenProcess
GetSystemInfo
LoadLibraryA
QueryDosDeviceW
lstrcatW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetSystemDirectoryW
CopyFileW
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
GetFileSizeEx
DeviceIoControl
GlobalMemoryStatusEx
WinExec
SetThreadPriority
OpenThread
FreeResource
GlobalSize
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
RtlVirtualUnwind
SizeofResource
EnumResourceTypesW
GlobalAlloc
FindResourceExW
EnumResourceNamesW
EnumSystemCodePagesW
LeaveCriticalSection
MulDiv
GetModuleFileNameW
lstrcmpW
MultiByteToWideChar
GlobalUnlock
FlushInstructionCache
GetTickCount
GetModuleHandleW
GlobalLock
GetCurrentProcess
SetEvent
SearchPathW
FindNextFileW
FindClose
GetACP
SwitchToThread
SystemTimeToTzSpecificLocalTime
MoveFileW
lstrcpyW
MoveFileExW
GetDriveTypeW
InitializeCriticalSection
LockResource
GlobalFree
RemoveDirectoryW
Sleep
GetVolumeInformationW
GetDiskFreeSpaceW
GetLogicalDriveStringsW
LocalFree
LocalAlloc
GetShortPathNameW
lstrlenW
lstrcpynW
GetCurrentProcessId
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
CreateEventW
GetFileAttributesW
ExpandEnvironmentStringsW
IsBadStringPtrW
IsBadWritePtr
IsBadReadPtr
GetProcessTimes
GetCurrentThread
SetPriorityClass
UpdateResourceW
BeginUpdateResourceW
EndUpdateResourceW
GetLocalTime
GetComputerNameW
GetOverlappedResult
ReadDirectoryChangesW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CompareFileTime
WritePrivateProfileStringW
GetPrivateProfileStringW
QueryPerformanceFrequency
OutputDebugStringW
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
SetErrorMode
GetCommandLineW
WideCharToMultiByte
CreatePipe
GetStartupInfoW
TerminateProcess
CreateSemaphoreW
FileTimeToLocalFileTime
ReleaseSemaphore
RaiseException
EnumResourceLanguagesW
GetCPInfoExW
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
DecodePointer
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
SetFilePointer
ReadFile
CloseHandle
CompareStringW
LoadLibraryW
GetVersionExW
FileTimeToSystemTime
WriteFile
GetStdHandle
GetSystemDefaultLangID
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount

user32

FindWindowW
CopyRect
GetWindowDC
WindowFromPoint
SetScrollPos
GetScrollPos
RegisterClipboardFormatW
SetScrollRange
CallWindowProcW
GetScrollInfo
IsClipboardFormatAvailable
GetIconInfo
SetWindowRgn
DrawEdge
GetMenu
LoadBitmapW
AdjustWindowRectEx
SetWindowPlacement
IsZoomed
GetMessageA
LoadImageW
MsgWaitForMultipleObjects
SetWindowTextW
GetMenuState
IsWindowUnicode
DispatchMessageA
SwitchToThisWindow
SetRectEmpty
PtInRect
GetCapture
GetCursorPos
UpdateWindow
CreateMenu
CheckMenuRadioItem
EnableMenuItem
GetForegroundWindow
IsRectEmpty
EnumWindows
PostQuitMessage
GetWindowThreadProcessId
DrawIcon
IsMenu
MonitorFromPoint
TrackPopupMenu
DeleteMenu
AppendMenuW
LoadIconW
ShowScrollBar
SendMessageW
SetWindowLongPtrW
ReleaseCapture
CreateWindowExW
GetSysColorBrush
IsWindow
ShowWindow
SetWindowPos
GetSysColor
MoveWindow
PeekMessageW
SetTimer
KillTimer
GetSubMenu
DrawIconEx
GetMenuItemInfoW
InsertMenuItemW
DrawFocusRect
OffsetRect
TrackPopupMenuEx
DrawStateW
CreatePopupMenu
GetMenuItemCount
DestroyMenu
DestroyIcon
DrawFrameControl
InflateRect
GetSystemMetrics
GetWindow
GetScrollRange
GetDesktopWindow
RedrawWindow
SetWindowLongW
GetDlgItem
ReleaseDC
GetClassNameW
GetWindowTextW
GetWindowLongW
InvalidateRect
RegisterClassExW
GetDC
GetClassInfoExW
BeginPaint
SetFocus
CreateAcceleratorTableW
GetClientRect
GetWindowLongPtrW
LoadCursorW
InvalidateRgn
GetParent
GetFocus
PostMessageW
UnregisterClassW
SetCapture
IsChild
FillRect
RegisterWindowMessageW
CharNextW
ScreenToClient
DestroyAcceleratorTable
DefWindowProcW
GetWindowTextLengthW
SetCursor
DestroyWindow
ClientToScreen
EndPaint
DispatchMessageW
CreateDialogParamW
TranslateMessage
GetMessageW
MapVirtualKeyExW
GetKeyNameTextW
MonitorFromRect
EqualRect
WaitMessage
GetUpdateRect
IntersectRect
LoadMenuW
InsertMenuW
RemovePropW
GetClassLongW
CopyIcon
TrackMouseEvent
UnionRect
SetMenuItemInfoW
UpdateLayeredWindow
GetTopWindow
GetMenuStringW
SetDlgItemTextW
CheckDlgButton
CheckRadioButton
SendMessageTimeoutW
FrameRect
CreateIconIndirect
ExitWindowsEx
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
DialogBoxParamW
MessageBoxW
LoadStringW
GetActiveWindow
GetDlgCtrlID
EnableWindow
SetPropW
GetClassLongPtrW
GetPropW
DrawTextW
GetDlgItemInt
MessageBeep
SetDlgItemInt
SendDlgItemMessageW
EndDialog
GetSystemMenu
SetRect
SetActiveWindow
GetKeyState
IsWindowEnabled
IsDialogMessageW
MonitorFromWindow
PostThreadMessageW
IsWindowVisible
GetMonitorInfoW
IsIconic
SetForegroundWindow
BringWindowToTop
wsprintfW
GetKeyboardLayoutList
ActivateKeyboardLayout
GetKeyboardLayout
GetWindowRect
SystemParametersInfoW
FindWindowExW
MapWindowPoints

gdi32

AngleArc
GetCurrentObject
CreatePolygonRgn
CreateRectRgnIndirect
SetStretchBltMode
SetViewportOrgEx
CombineRgn
CreateRectRgn
GetTextExtentPoint32W
GetTextMetricsW
StretchBlt
SetBkMode
SetTextColor
SetBkColor
ExtTextOutW
CreateFontIndirectW
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
GetPixel
SetPixel
GetDIBits
CreateDIBSection
SetWorldTransform
SetGraphicsMode
GetClipBox
GetMapMode
SetMapMode
DPtoLP
LPtoDP
SetWindowOrgEx
EnumFontFamiliesExW
EnumFontsW
CreatePen
GetTextExtentPointW
GetBkMode
LineTo
MoveToEx
PathToRegion
TextOutW
FillPath
GetBkColor
EndPath
BeginPath
SetROP2
SetDCPenColor
SelectClipRgn
SetArcDirection
SetDCBrushColor
SetBrushOrgEx
ExtCreatePen

comdlg32

GetSaveFileNameW
ChooseFontW
GetOpenFileNameW

advapi32

RegOpenCurrentUser
GetUserNameW
LookupPrivilegeValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
OpenProcessToken
AdjustTokenPrivileges

shell32

SHFileOperationW
SHChangeNotify
SHGetDesktopFolder
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderLocation
SHGetPathFromIDListW
ord190
SHGetFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHBindToParent
ord155
SHGetFileInfoW
ord645
ord644
ord74
ord2
ord4
DragFinish
DragQueryFileW
ord28
FindExecutableW
SHGetSpecialFolderPathW

ole32

OleLockRunning
CoTaskMemRealloc
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoInitializeEx
IIDFromString
CoInitializeSecurity
OleRun
RevokeDragDrop
DoDragDrop
RegisterDragDrop
ReleaseStgMedium
OleDuplicateData
CoCreateInstance

oleaut32

VariantChangeType
LoadRegTypeLi
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
GetErrorInfo

msvcp120

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??7ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_BADOFF@std@@3_JB
??1_Container_base12@std@@QEAA@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_JD@Z
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?ignore@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_JG@Z
?wcin@std@@3V?$basic_istream@_WU?$char_traits@_W@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z

msvcr120

??0exception@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
??1bad_cast@std@@UEAA@XZ
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_purecall
wcsncpy_s
free
malloc
wcsstr
_recalloc
??_V@YAXPEAX@Z
memcpy_s
_isatty
__iob_func
_fileno
?terminate@@YAXXZ
strncpy
_wtof
wcsncpy
_time64
rand
srand
_snwprintf_s
wcschr
_wcsicmp
wcsrchr
_vsnwprintf
towupper
_localtime64
wcscpy_s
_wtoi
fputc
_unlock_file
ungetc
fgetpos
_fseeki64
memcmp
fflush
fgetc
ispunct
fsetpos
setvbuf
_lock_file
fwrite
toupper
iswascii
fclose
iswpunct
_wcsnset
_mktime64
_errno
signal
towlower
_beginthreadex
_stricmp
_splitpath_s
_vswprintf_c_l
calloc
_wcsnicmp
strstr
strchr
memchr
tolower
sscanf
swscanf_s
sprintf
isalnum
wcstoul
sprintf_s
_dtest
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
modf
swscanf
_itow
_snwprintf
strtol
memcpy
memmove_s
memset
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
__CxxFrameHandler3
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_wcsupr
_CxxThrowException
_endthreadex
_waccess
wcsncmp
_itow_s
_localtime64_s
wcstol
round
_wfopen_s
feof
fread
_wchmod
__RTDynamicCast
swprintf_s
memmove

shlwapi

StrToIntW
StrStrIW
StrRetToBufW
PathIsRelativeW
StrStrW
SHDeleteKeyW
AssocQueryStringW
SHAutoComplete
PathRemoveFileSpecW
StrCmpIW

comctl32

ImageList_Add
ImageList_Destroy
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_GetIcon
ImageList_SetBkColor
ImageList_LoadImageW
ImageList_ReplaceIcon
ImageList_GetImageCount
ord8
_TrackMouseEvent
ImageList_Draw
InitCommonControlsEx
PropertySheetW
CreateStatusWindowW
ImageList_Create
ImageList_Remove

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msimg32

TransparentBlt
GradientFill

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

Exports

Exports

BatchRenameUtils
BatchTextReplace
ConsoleMain
HaoZipCheck
HaoZipCheckUpdate
HaoZipFix
HaoZipFixDesktopLink
HaoZipInit
HaoZipInstall
HaoZipInstall02
HaoZipInstall03
HaoZipLoaderInitialize
HaoZipMain
HaoZipPreUninstall
HaoZipRecordStatistics
HaoZipRegister
HaoZipUnInit
HaoZipUninstall
HaoZipUpdate
HaoZipUpdateIcons
HaoZipUpdateLang
HaoZipUpdateRegister
HaoZipUpgrade
HaozipCDInstance
Initialize
MD5Utils
ModuleFinitialize
ModuleInitialize
RescueBrotherProducts
RescueHaozip
RescueSelf
SetResFileName
UpdateMain

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZip.exe
.exe windows:5 windows x64 arch:x64

19858d5b2e8bde8d2189d0aac66a7d15

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c0:c2:71:39:95:87:42:40:b9:50:f7:80:b7:13:2b:d3:87:bd:db:72:38:0f:f6:3e:0c:8b:42:aa:56:d0:9c:52
Signer

Actual PE Digest

c0:c2:71:39:95:87:42:40:b9:50:f7:80:b7:13:2b:d3:87:bd:db:72:38:0f:f6:3e:0c:8b:42:aa:56:d0:9c:52

Digest Algorithm

sha256

PE Digest Matches

true

91:58:34:84:ad:bf:03:41:9b:87:42:c0:89:bf:0c:3f:cd:38:d2:e3
Signer

Actual PE Digest

91:58:34:84:ad:bf:03:41:9b:87:42:c0:89:bf:0c:3f:cd:38:d2:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZip.pdb

Imports

kernel32

FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetModuleHandleW
GetCurrentThreadId
FindFirstFileW
CreateFileW
GetLastError
GetLongPathNameW
GetFileAttributesExW
LoadLibraryA
ExpandEnvironmentStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
lstrlenW
lstrcmpiW
lstrcatW
lstrcpyW
CreateMutexW
WaitForSingleObject
Sleep
ReleaseMutex
CloseHandle
GetFullPathNameW
CreateDirectoryW
SetFileTime
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
FindClose
FindNextFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
GetFileTime
GetFileSizeEx
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
LocalFree
SetEvent
GetTickCount
WaitForMultipleObjects
FindResourceW
LoadResource
LockResource
GetSystemInfo
FormatMessageW
ResumeThread
WideCharToMultiByte
GetACP
MultiByteToWideChar
ResetEvent
CreateEventW
SetLastError
GlobalMemoryStatusEx
GetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
LoadLibraryExW
FileTimeToSystemTime
GetCurrentProcess
DeviceIoControl
RtlVirtualUnwind
FlushFileBuffers
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
HeapReAlloc
EncodePointer
DecodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineW
GetSystemTimeAsFileTime
CreateThread
ExitThread
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
SetEnvironmentVariableA

user32

SetDlgItemTextW
SetWindowsHookExW
UnhookWindowsHookEx
MessageBoxW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipAce32Loader.exe
.exe windows:5 windows x86 arch:x86

f0e9e9ca9ba2552f5627b56ce908b5f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

da:94:2e:a7:ad:6c:39:8d:d4:c3:2c:cc:5a:6b:ba:00:0d:a5:f7:bf:c6:3a:bd:3f:cf:1b:37:3c:64:2f:ec:9d
Signer

Actual PE Digest

da:94:2e:a7:ad:6c:39:8d:d4:c3:2c:cc:5a:6b:ba:00:0d:a5:f7:bf:c6:3a:bd:3f:cf:1b:37:3c:64:2f:ec:9d

Digest Algorithm

sha256

PE Digest Matches

true

df:06:00:e0:38:b6:79:47:db:b5:21:b5:79:ad:cc:c4:1d:a4:19:c6
Signer

Actual PE Digest

df:06:00:e0:38:b6:79:47:db:b5:21:b5:79:ad:cc:c4:1d:a4:19:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipAce32Loader.pdb

Imports

kernel32

GetModuleHandleW
ExitProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
WaitForMultipleObjects
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
GetProcAddress
WideCharToMultiByte
GetACP
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindFirstFileW
CreateFileW
GetLastError
GetLongPathNameW
GetFileAttributesExW
InterlockedExchangeAdd
MapViewOfFile
UnmapViewOfFile
Sleep
OpenFileMappingW
CloseHandle
FindClose
FindNextFileW
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
lstrlenW
GetTempPathW
MoveFileW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
SetEvent
OpenEventW
EncodePointer
DecodePointer
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetModuleHandleExW
HeapSize
SetLastError
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
HeapReAlloc
LCMapStringW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipC.exe
.exe windows:5 windows x64 arch:x64

6f730414b0a94257fca6387d48940cac

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:98:d4:f9:1a:f4:fd:e6:f4:6f:c8:57:f0:05:86:a2:58:ee:ac:ae:2c:80:cb:de:a7:ce:84:68:a7:f4:bb:0e
Signer

Actual PE Digest

3e:98:d4:f9:1a:f4:fd:e6:f4:6f:c8:57:f0:05:86:a2:58:ee:ac:ae:2c:80:cb:de:a7:ce:84:68:a7:f4:bb:0e

Digest Algorithm

sha256

PE Digest Matches

true

76:8c:08:1b:eb:26:e5:21:86:1e:5d:80:f9:de:c0:47:63:00:55:a2
Signer

Actual PE Digest

76:8c:08:1b:eb:26:e5:21:86:1e:5d:80:f9:de:c0:47:63:00:55:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipC.pdb

Imports

kernel32

GetLastError
CloseHandle
ExpandEnvironmentStringsW
FreeLibrary
GetModuleFileNameW
GetVersionExW
HeapAlloc
HeapFree
GetProcessHeap
SetFilePointer
ReadFile
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
CreateFileW
GetFileAttributesExW
LoadLibraryA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
LocalFree
FindResourceW
lstrcmpiW
FindClose
WaitForSingleObject
SystemTimeToFileTime
GetSystemTime
GetFileSize
SetEndOfFile
SetFileTime
WriteFile
SetEvent
ResetEvent
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
lstrlenW
MoveFileW
DeleteFileW
SetFileAttributesW
lstrcatW
lstrcpyW
GetFileSizeEx
CreateMutexW
ReleaseMutex
GetStdHandle
RtlVirtualUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetFileAttributesW
LoadLibraryW
GetProcAddress
FormatMessageW

user32

LoadStringW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcp120

?id@?$ctype@_W@std@@2V0locale@2@A
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_JD@Z
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?ignore@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_JG@Z
?wcin@std@@3V?$basic_istream@_WU?$char_traits@_W@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcr120

memset
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
__CxxFrameHandler3
_onexit
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
_CxxThrowException
__crtSetUnhandledExceptionFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtCaptureCurrentContext
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
memcpy
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBV01@@Z
memmove
strlen
wcslen
_purecall
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wprintf
wcsncpy
??_V@YAXPEAX@Z
?terminate@@YAXXZ
wcschr
towlower
wcsstr
_vsnwprintf
towupper
_wcsicmp

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipCD.exe
.exe windows:5 windows x64 arch:x64

28c7dbd7fd1824058f1c57ecc9190680

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f4:e5:08:dc:7e:4a:71:7c:e5:e6:31:5e:be:e3:7c:ef:35:7e:86:8a:02:b7:3a:b0:80:1b:72:4b:17:00:6f:21
Signer

Actual PE Digest

f4:e5:08:dc:7e:4a:71:7c:e5:e6:31:5e:be:e3:7c:ef:35:7e:86:8a:02:b7:3a:b0:80:1b:72:4b:17:00:6f:21

Digest Algorithm

sha256

PE Digest Matches

true

4b:9d:96:d4:42:d1:de:a6:e5:a8:87:23:27:39:8d:f1:63:03:04:d4
Signer

Actual PE Digest

4b:9d:96:d4:42:d1:de:a6:e5:a8:87:23:27:39:8d:f1:63:03:04:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipCD.pdb

Imports

kernel32

CreateFileW
GetLongPathNameW
GetFileAttributesExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
ResumeThread
InitializeCriticalSection
GetFileSize
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
ReadFile
GetFileTime
GetEnvironmentVariableW
OpenProcess
LocalFree
LoadResource
LockResource
GetSystemInfo
lstrcmpiW
LoadLibraryA
FindClose
FindNextFileW
FormatMessageW
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetSystemDirectoryW
CopyFileW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
lstrcatW
GetFileSizeEx
GetTickCount
GlobalMemoryStatusEx
GetCurrentProcessId
FileTimeToSystemTime
DeviceIoControl
RtlVirtualUnwind
FindFirstFileW
MultiByteToWideChar
SetEnvironmentVariableA
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
ExitThread
CreateThread
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetCommandLineW
HeapReAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
EncodePointer
GetStringTypeW
GetACP
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryExW
ReleaseMutex
CreateMutexW
Sleep
GetProcessHeap
HeapFree
HeapAlloc
GetVersionExW
GetFileAttributesW
LoadLibraryW
ExpandEnvironmentStringsW
CreateEventW
ResetEvent
SetEvent
WaitForSingleObject
lstrlenW
GetVolumeInformationW
lstrcpyW
WaitForMultipleObjects
CloseHandle
GetCurrentThreadId
EnterCriticalSection
SetLastError
FlushInstructionCache
LeaveCriticalSection
GetModuleHandleW
GetCurrentProcess
MoveFileExW
FindResourceW
DeleteCriticalSection
DecodePointer
GetProcAddress
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
FreeLibrary

user32

GetClassLongW
IsMenu
FillRect
DrawIconEx
DrawStateW
GetSysColor
CopyRect
GetMenuItemInfoW
SystemParametersInfoW
GetMenuItemCount
SetMenuItemInfoW
GetDC
ShowScrollBar
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MonitorFromWindow
GetDlgItem
EndDialog
SetWindowPos
MessageBoxW
MapWindowPoints
GetMonitorInfoW
GetWindow
DestroyWindow
SetTimer
PostQuitMessage
TrackPopupMenu
GetWindowDC
RegisterWindowMessageW
DrawTextW
KillTimer
GetSubMenu
SetForegroundWindow
LoadCursorW
GetWindowLongPtrW
GetClassInfoExW
wsprintfW
RegisterClassExW
SetRect
AppendMenuW
ReleaseDC
GetMenuState
GetCursorPos
CreatePopupMenu
IsWindow
CreateWindowExW
GetSystemMetrics
DestroyMenu
DestroyIcon
CallWindowProcW
DefWindowProcW
CheckMenuItem
GetMessageW
DialogBoxParamW
TranslateMessage
LoadIconW
PeekMessageW
LoadStringW
GetActiveWindow
SetWindowLongPtrW
SendMessageW
DispatchMessageW
UnregisterClassW
SetScrollRange

gdi32

SetBkMode
SetTextColor
CreateCompatibleBitmap
ExtTextOutW
GetObjectW
CreatePen
SetBkColor
GetTextMetricsW
CreateFontIndirectW
GetTextExtentPoint32W
DeleteObject
SelectObject
DeleteDC
SetViewportOrgEx
BitBlt
GetCurrentObject
CreateSolidBrush
GetBkMode
CreateCompatibleDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteExW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

StrCpyNW

comctl32

ImageList_GetIconSize
ImageList_Remove
ImageList_GetIcon
ImageList_Create
ImageList_ReplaceIcon

Sections

.text
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipCom.dll
.dll windows:5 windows x64 arch:x64

fada82a3e53df7e1c6af537305be76c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:5f:a7:64:e3:ab:4f:7b:2b:67:ff:c0:10:98:83:a0:62:c8:f4:04:12:48:ed:c6:4a:e2:9d:f0:43:ef:12:3a
Signer

Actual PE Digest

3a:5f:a7:64:e3:ab:4f:7b:2b:67:ff:c0:10:98:83:a0:62:c8:f4:04:12:48:ed:c6:4a:e2:9d:f0:43:ef:12:3a

Digest Algorithm

sha256

PE Digest Matches

true

0a:82:d7:b5:30:d8:97:e2:7b:89:3d:e9:67:0f:4e:e0:5e:c0:48:08
Signer

Actual PE Digest

0a:82:d7:b5:30:d8:97:e2:7b:89:3d:e9:67:0f:4e:e0:5e:c0:48:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipCom.pdb

Imports

kernel32

OpenProcess
GetCurrentProcessId
WideCharToMultiByte
WaitForMultipleObjects
WaitForSingleObject
FindFirstFileW
CreateFileW
GetLastError
GetLongPathNameW
MapViewOfFile
UnmapViewOfFile
Sleep
CreateFileMappingW
OpenFileMappingW
CloseHandle
GetProcAddress
SetEndOfFile
WriteFile
ReadFile
ResumeThread
SetEvent
ResetEvent
CreateEventW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindClose
FindNextFileW
GetFileAttributesW
GetTempPathW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
LoadLibraryW
GetModuleHandleW
ReadConsoleW
OutputDebugStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
CreateThread
ExitThread
LoadLibraryExW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
HeapSize
RtlUnwindEx
RtlPcToFileHeader
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetModuleFileNameW
HeapReAlloc
CompareStringW
LCMapStringW
SetFilePointerEx
SetEnvironmentVariableA

user32

wsprintfW
wvsprintfW

shell32

SHFileOperationW

Exports

Exports

GetClientProcessor
GetServerProcessor
TrackLog
WriteLog

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipCom32.dll
.dll windows:5 windows x86 arch:x86

cdcf832c2f4eecb092db02582b621d5c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f5:cf:4f:17:79:aa:35:0f:0c:e0:0c:f1:6b:ab:dc:22:8b:ec:43:46:00:5a:c3:ce:09:a1:96:c3:01:47:69:48
Signer

Actual PE Digest

f5:cf:4f:17:79:aa:35:0f:0c:e0:0c:f1:6b:ab:dc:22:8b:ec:43:46:00:5a:c3:ce:09:a1:96:c3:01:47:69:48

Digest Algorithm

sha256

PE Digest Matches

true

9c:3d:27:2e:60:b2:91:5d:67:49:ec:cc:8e:25:31:b9:72:3e:07:f8
Signer

Actual PE Digest

9c:3d:27:2e:60:b2:91:5d:67:49:ec:cc:8e:25:31:b9:72:3e:07:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\rczip\bin\Win32\release\pdb\HaoZipCom.pdb

Imports

kernel32

OpenProcess
GetCurrentProcessId
WideCharToMultiByte
WaitForMultipleObjects
WaitForSingleObject
FindFirstFileW
CreateFileW
GetLastError
GetLongPathNameW
InterlockedExchangeAdd
MapViewOfFile
UnmapViewOfFile
Sleep
CreateFileMappingW
OpenFileMappingW
CloseHandle
GetProcAddress
SetEndOfFile
WriteFile
ReadFile
ResumeThread
SetEvent
ResetEvent
CreateEventW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindClose
FindNextFileW
GetFileAttributesW
GetTempPathW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
LoadLibraryW
GetModuleHandleW
ReadConsoleW
OutputDebugStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
CreateThread
ExitThread
LoadLibraryExW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
HeapSize
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetModuleFileNameW
HeapReAlloc
CompareStringW
LCMapStringW
SetFilePointerEx
SetEnvironmentVariableA

user32

wsprintfW
wvsprintfW

shell32

SHFileOperationW

Exports

Exports

GetClientProcessor
GetServerProcessor
TrackLog
WriteLog

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipEditor.dll
.dll windows:5 windows x64 arch:x64

963c5b4c339983901958636823a9f242

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

86:6d:ea:1c:48:22:5a:df:0e:03:9f:3e:1d:eb:cf:3f:26:c3:31:53:1d:96:dd:51:26:5e:b1:0a:a3:6c:21:1b
Signer

Actual PE Digest

86:6d:ea:1c:48:22:5a:df:0e:03:9f:3e:1d:eb:cf:3f:26:c3:31:53:1d:96:dd:51:26:5e:b1:0a:a3:6c:21:1b

Digest Algorithm

sha256

PE Digest Matches

true

f9:06:1e:85:13:51:d3:01:57:c3:48:f3:50:b8:77:2f:9a:c9:9f:4b
Signer

Actual PE Digest

f9:06:1e:85:13:51:d3:01:57:c3:48:f3:50:b8:77:2f:9a:c9:9f:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipEditor.pdb

Imports

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
GetFileAttributesW
SetFilePointer
CreateFileW
FindFirstFileW
LocalFree
FormatMessageW
GetACP
WideCharToMultiByte
GetCurrentProcessId
lstrcatW
LockResource
GlobalFree
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetLongPathNameW
GetPrivateProfileIntW
GetTempPathW
GlobalUnlock
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleFileNameW
WritePrivateProfileStructW
SizeofResource
GetPrivateProfileStructW
GetLocaleInfoW
LoadLibraryW
GlobalAlloc
InitializeCriticalSection
GetPrivateProfileStringW
GetTickCount
GetModuleHandleW
GetProfileStringW
GlobalLock
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
GetFullPathNameW
lstrcmpiW
FindClose
GetCurrentDirectoryW
ReadFile
lstrcpynW
GetVersionExW
WriteFile
GetFileSize
lstrcpyW
lstrlenW
lstrcmpW
CloseHandle
GetCurrentThreadId
CreateEventW
EnterCriticalSection
SetLastError
FlushInstructionCache
MulDiv
LeaveCriticalSection
SetEvent
WaitForSingleObject
GetCurrentProcess
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
EncodePointer

user32

wvsprintfW
LoadImageW
KillTimer
SetForegroundWindow
LoadStringA
DeleteMenu
DialogBoxParamW
MessageBeep
GetMenuStringW
IsWindowEnabled
WindowFromPoint
SetParent
PtInRect
CharLowerW
DrawFocusRect
SetDlgItemInt
GetMenu
OffsetRect
GetKeyboardLayout
CheckMenuRadioItem
BringWindowToTop
AppendMenuW
SystemParametersInfoW
IsIconic
SetWindowLongW
EndDialog
ScreenToClient
UnregisterClassW
DispatchMessageW
MoveWindow
CopyRect
LoadStringW
SetMenu
CreatePopupMenu
FrameRect
LoadBitmapW
RemoveMenu
SetMenuDefaultItem
InsertMenuW
IsWindowVisible
SwitchToThisWindow
DrawFrameControl
GetMessagePos
GetWindowThreadProcessId
IsRectEmpty
ClientToScreen
IsMenu
GetWindowDC
CharNextW
EnableMenuItem
PostQuitMessage
DefWindowProcW
CallWindowProcW
SendMessageW
SetWindowLongPtrW
GetSystemMetrics
ReleaseCapture
DispatchMessageA
GetDlgItemInt
TranslateAcceleratorW
GetCursorPos
MonitorFromPoint
GetSubMenu
GetFocus
CallNextHookEx
GetMenuItemInfoW
ModifyMenuW
wsprintfW
TrackPopupMenuEx
LoadMenuW
GetWindowTextW
GetClassNameW
GetCaretPos
GetActiveWindow
GetMenuItemCount
SetWindowsHookExW
UnhookWindowsHookEx
MessageBoxW
DestroyMenu
SetWindowTextW
SetMenuItemInfoW
EndPaint
SetCursor
GetWindowTextLengthW
RegisterWindowMessageW
PostMessageW
DrawTextW
GetKeyState
LoadCursorW
SetRectEmpty
BeginPaint
SetScrollRange
GetScrollRange
IsDialogMessageW
LoadIconW
SetRect
GetScrollInfo
GetWindowLongW
SetScrollPos
MonitorFromWindow
CheckDlgButton
IsDlgButtonChecked
EnableScrollBar
IsWindow
CheckRadioButton
DeferWindowPos
BeginDeferWindowPos
GetDlgItemTextW
SetDlgItemTextW
MapWindowPoints
UpdateWindow
EnableWindow
DestroyIcon
EndDeferWindowPos
GetScrollPos
GetMonitorInfoW
GetWindow
DestroyWindow
GetMessageA
GetWindowRect
GetMessageW
FillRect
SetCapture
GetParent
GetWindowLongPtrW
GetClientRect
SetFocus
DrawEdge
GetClassInfoExW
GetDC
GetCapture
TranslateMessage
InflateRect
RegisterClassExW
InvalidateRect
PeekMessageW
ReleaseDC
IsWindowUnicode
GetDlgItem
GetSysColor
SetWindowPos
MsgWaitForMultipleObjectsEx
ShowWindow
GetSysColorBrush
CreateDialogParamW
CreateWindowExW
LoadAcceleratorsW

gdi32

EndPage
PatBlt
SetViewportOrgEx
DeleteEnhMetaFile
EnumFontsW
StartPage
CreateDIBSection
SetBrushOrgEx
GetEnhMetaFileHeader
CreateBitmap
SelectClipRgn
CreateRectRgnIndirect
PlayEnhMetaFile
CombineRgn
Rectangle
SaveDC
OffsetWindowOrgEx
GetObjectW
StartDocW
CreatePatternBrush
ResetDCW
TextOutW
EndDoc
CloseEnhMetaFile
CreateEnhMetaFileW
RestoreDC
AbortDoc
GetTextMetricsW
CreateDCW
CreatePolygonRgn
MoveToEx
FrameRgn
LineTo
CreateFontIndirectW
CreateSolidBrush
GetTextColor
GetStockObject
GetBkColor
ExtTextOutW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkColor
DeleteDC
SetTextColor
GetTextExtentPoint32W
BitBlt
CreatePen
FillRgn
DPtoLP
GetDeviceCaps
SetBkMode

winspool.drv

GetPrinterW
OpenPrinterW
ClosePrinter

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW
ChooseFontW
ChooseColorW

advapi32

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

DragQueryFileW
DragAcceptFiles
DragFinish

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc

oleaut32

OleTranslateColor
VarUI4FromStr

msvcp120

?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ

comctl32

ImageList_Draw
CreateStatusWindowW
ImageList_AddMasked
ImageList_LoadImageW
ImageList_Create
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy

msvcr120

??3@YAXPEAX@Z
memcpy
memmove
free
strlen
memset
??_V@YAXPEAX@Z
_purecall
??2@YAPEAX_K@Z
malloc
_resetstkoflw
wcslen
_recalloc
wcscat_s
wcscpy_s
swprintf_s
memmove_s
labs
wcsncpy_s
memcpy_s
memcmp
wcscmp
wcsncpy
vswprintf_s
_beginthreadex
wcsstr
towupper
wcscpy
strncpy_s
_errno
_vsnwprintf
?terminate@@YAXXZ
__C_specific_handler
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CxxFrameHandler3
__clean_type_info_names_internal
_CxxThrowException

Exports

Exports

HaoZip_CloseEditor
HaoZip_GetFormats
HaoZip_GetReadOnly
HaoZip_GetWindowMode
HaoZip_Initialize
HaoZip_SetCodePage
HaoZip_SetConfigDirectory
HaoZip_SetLogoIcon
HaoZip_SetResFileName
HaoZip_ShowEditor
HaoZip_Uninitialize

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipExt32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d7bb6ba0dc2e80e17cac46103e6a8d8c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:b5:0d:5f:fb:5f:fb:5b:d7:cd:47:c8:9e:a1:66:64:1a:82:17:6e:a6:a5:37:51:14:16:9e:7d:8e:6b:55:19
Signer

Actual PE Digest

5c:b5:0d:5f:fb:5f:fb:5b:d7:cd:47:c8:9e:a1:66:64:1a:82:17:6e:a6:a5:37:51:14:16:9e:7d:8e:6b:55:19

Digest Algorithm

sha256

PE Digest Matches

true

96:21:e7:aa:04:30:ed:75:af:96:b9:3e:7c:cd:6f:7b:3a:5c:0c:2f
Signer

Actual PE Digest

96:21:e7:aa:04:30:ed:75:af:96:b9:3e:7c:cd:6f:7b:3a:5c:0c:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\rczip\bin\Win32\release\pdb\HaoZipExt32.pdb

Imports

kernel32

GetVersion
WaitForSingleObject
GetCurrentProcess
GetVersionExW
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryW
GetSystemDefaultLangID
GetFileAttributesW
FindFirstFileW
CreateFileW
GetLongPathNameW
GetACP
MapViewOfFile
UnmapViewOfFile
Sleep
CreateFileMappingW
FindClose
FindNextFileW
InitializeCriticalSection
SetFilePointer
ReadFile
GetEnvironmentVariableW
OpenProcess
GetCurrentThreadId
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
lstrlenW
GetTempPathW
DeleteFileW
SetFileAttributesW
GetFileSize
lstrcmpiW
InterlockedExchangeAdd
CreateMutexW
ReleaseMutex
CreateEventW
GetPrivateProfileStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
HeapReAlloc
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
DisableThreadLibraryCalls
EnterCriticalSection
GetProcAddress
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
GetModuleHandleW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
EncodePointer
CloseHandle
DecodePointer
DeleteCriticalSection
GetLastError
RaiseException
GlobalUnlock
lstrcpynW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GlobalLock
InterlockedDecrement
InterlockedIncrement
WriteFile
lstrcpynA
TlsGetValue
TlsAlloc
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetModuleHandleExW
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent

user32

GetMenuInfo
GetMenuItemCount
InsertMenuItemW
AppendMenuW
CreatePopupMenu
DestroyIcon
SetMenuItemInfoW
DestroyMenu
GetIconInfo
LoadStringW
SetRect
GetDesktopWindow
GetDC
ReleaseDC
wsprintfW
LoadImageW
CharNextW
IsMenu
DrawIconEx
GetMenuItemInfoW

gdi32

CreateDIBSection
GetDIBits
SetBkColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
DeleteObject
DeleteDC

advapi32

RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW

shell32

DragQueryFileW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc

oleaut32

VarUI4FromStr

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipFormats.dll
.dll windows:5 windows x64 arch:x64

2c2b97a17de60c9a484bea3823e4a0d1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:fd:49:5e:66:66:08:dd:db:09:e0:cb:fc:34:6c:f4:00:a9:54:b7:80:21:5d:1e:f5:5d:fd:fc:30:d7:98:9f
Signer

Actual PE Digest

52:fd:49:5e:66:66:08:dd:db:09:e0:cb:fc:34:6c:f4:00:a9:54:b7:80:21:5d:1e:f5:5d:fd:fc:30:d7:98:9f

Digest Algorithm

sha256

PE Digest Matches

true

c6:af:59:ae:b8:10:cf:06:f2:71:2b:71:a3:47:68:ef:a7:37:e7:7d
Signer

Actual PE Digest

c6:af:59:ae:b8:10:cf:06:f2:71:2b:71:a3:47:68:ef:a7:37:e7:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipFormats.pdb

Imports

kernel32

GetShortPathNameW
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetSystemDirectoryW
GetFileAttributesW
lstrlenW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
CloseHandle
DeleteFileW
SetFileAttributesW
FindClose
FindNextFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetDriveTypeW
FreeLibrary
LoadLibraryW
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
GetCurrentProcess
WaitForSingleObject
SetEvent
SetThreadPriority
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
GetProcessAffinityMask
CreateThread
Sleep
FormatMessageW
SetLastError
LocalFree
SetThreadExecutionState
GetStdHandle
GetFileType
GetCPInfo
IsDBCSLeadByte
CompareStringW
GetModuleFileNameW
FoldStringW
GetDiskFreeSpaceExW
ReadConsoleW
GetConsoleMode
SetConsoleMode
WriteConsoleW
GetLongPathNameW
ResumeThread
CreateFileMappingW
GetLastError
CreateFileW
FindFirstFileW
MultiByteToWideChar
GetACP
WideCharToMultiByte
VirtualAlloc
GetProcAddress
VirtualFree
GetSystemTime
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
LoadLibraryExW
FileTimeToDosDateTime
DosDateTimeToFileTime
EncodePointer

user32

MessageBeep
CharUpperW
OemToCharBuffA
CharLowerW
CharToOemA
OemToCharA

advapi32

IsTextUnicode

shell32

ShellExecuteExW

msvcp120

?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z

msvcr120

strchr
memchr
tolower
wcschr
towlower
_vsnwprintf
towupper
memcpy
wcslen
memcmp
memset
strcmp
atoi
sprintf
swprintf_s
wcscpy_s
?terminate@@YAXXZ
memcpy_s
strncpy
strrchr
calloc
strncpy_s
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
realloc
wcsncpy
_vswprintf_c_l
wcspbrk
exit
clock
wcsrchr
__iob_func
fflush
_fileno
strncat
wcsncat
strncmp
strpbrk
isdigit
isxdigit
_fstat64i32
ungetc
fread
fwrite
ftell
fseek
fclose
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
__CxxFrameHandler3
_vsnprintf
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
??_V@YAXPEAX@Z
_errno
malloc
free
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_purecall
memmove
_CxxThrowException
putc
_beginthreadex
_strnicmp
__RTDynamicCast

Exports

Exports

CreateArchiveInfoObjects
CreateCodecs
SetCodePage
SetResFileName
SetWorkDirectory

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipLoader.exe
.exe windows:5 windows x64 arch:x64

bf8e103988cf97d5b682593759c5a1af

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9e:b7:c8:03:7c:e2:a9:fa:78:23:e7:05:64:62:e3:71:88:a3:30:fa:75:8d:a8:3a:66:00:1f:2c:c6:8d:61:10
Signer

Actual PE Digest

9e:b7:c8:03:7c:e2:a9:fa:78:23:e7:05:64:62:e3:71:88:a3:30:fa:75:8d:a8:3a:66:00:1f:2c:c6:8d:61:10

Digest Algorithm

sha256

PE Digest Matches

true

89:b7:b2:7a:6b:1a:03:79:5a:4b:23:8b:92:54:20:c1:e7:ba:08:1d
Signer

Actual PE Digest

89:b7:b2:7a:6b:1a:03:79:5a:4b:23:8b:92:54:20:c1:e7:ba:08:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipLoader.pdb

Imports

kernel32

GetLastError
CloseHandle
ExpandEnvironmentStringsW
FreeLibrary
LoadLibraryW
GetVersionExW
HeapAlloc
HeapFree
GetProcessHeap
GetFileAttributesW
FindFirstFileW
CreateFileW
GetFileAttributesExW
GetEnvironmentVariableW
LoadLibraryExW
GetModuleHandleW
OpenProcess
GetCurrentThreadId
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrcmpiW
FindClose
FindNextFileW
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
lstrlenW
DeleteFileW
SetFileAttributesW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
lstrcatW
lstrcpyW
GetFileSizeEx
CreateMutexW
ReleaseMutex
FormatMessageW
GetPrivateProfileStringW
RtlVirtualUnwind
WaitForSingleObject
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetProcAddress
GetModuleFileNameW
LoadLibraryA
GetSystemDefaultLangID

user32

LoadStringW
MessageBoxW

advapi32

GetUserNameW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcp120

?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z

msvcr120

__setusermatherr
_configthreadlocale
_cexit
__crtCaptureCurrentContext
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
_CxxThrowException
_exit
__CxxFrameHandler3
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
_initterm_e
_initterm
_wcmdln
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
exit
__crtTerminateProcess
memcpy
memmove
strlen
wcslen
_purecall
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
wcsncpy
wcschr
towlower
wcsstr
_vsnwprintf
towupper
?terminate@@YAXXZ
_stricmp
free
malloc
_splitpath_s
_wcsicmp
memset

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipLoader32.exe
.exe windows:5 windows x86 arch:x86

c3c26aca034af24e164cdfe024ca7bec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:67:88:90:8e:6a:b7:f5:d6:59:20:55:54:cc:a3:88:e6:1b:f2:07:42:9d:f7:43:8b:d8:97:5c:92:66:7e:10
Signer

Actual PE Digest

64:67:88:90:8e:6a:b7:f5:d6:59:20:55:54:cc:a3:88:e6:1b:f2:07:42:9d:f7:43:8b:d8:97:5c:92:66:7e:10

Digest Algorithm

sha256

PE Digest Matches

true

49:69:40:55:17:23:ff:0e:fd:5d:d5:d0:fd:0c:8d:cb:2c:c8:71:3e
Signer

Actual PE Digest

49:69:40:55:17:23:ff:0e:fd:5d:d5:d0:fd:0c:8d:cb:2c:c8:71:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\rczip\bin\Win32\release\pdb\HaoZipLoader32.pdb

Imports

shlwapi

StrCmpIW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

kernel32

GetCurrentThreadId
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
LoadLibraryW
GetFileAttributesW
GetCommandLineW
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
lstrlenW
lstrcmpiW
lstrcatW
lstrcpyW
GetFileSizeEx
CloseHandle
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
DeleteFileW
CreateFileW
GetLastError
GetFileAttributesExW
CreateMutexW
WaitForSingleObject
Sleep
ReleaseMutex
CreateDirectoryW
GetFileSize
FormatMessageW
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
FlushFileBuffers
GetConsoleCP
OutputDebugStringW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
LoadLibraryExW
HeapReAlloc
LCMapStringW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipMd5.exe
.exe windows:5 windows x64 arch:x64

c408936f5d1ab4b066d7ce88d0b302f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:ab:6e:16:eb:56:e8:d9:ac:bf:e2:06:d9:9e:e8:12:31:66:4b:b5:7d:76:26:05:06:e7:26:32:48:f2:97:9f
Signer

Actual PE Digest

58:ab:6e:16:eb:56:e8:d9:ac:bf:e2:06:d9:9e:e8:12:31:66:4b:b5:7d:76:26:05:06:e7:26:32:48:f2:97:9f

Digest Algorithm

sha256

PE Digest Matches

true

e1:46:ec:e9:35:57:3d:d5:fb:ee:f7:15:6c:3e:35:10:3f:a2:ec:9a
Signer

Actual PE Digest

e1:46:ec:e9:35:57:3d:d5:fb:ee:f7:15:6c:3e:35:10:3f:a2:ec:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipMd5.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetVersionExW
FreeLibrary
LoadLibraryW
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetFileAttributesW
CreateFileW
GetFileAttributesExW
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrcmpiW
CloseHandle
LoadLibraryA
GetFullPathNameW
CreateDirectoryW
lstrlenW
GetCurrentDirectoryW
DeleteFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
lstrcatW
lstrcpyW
GetFileSizeEx
CreateMutexW
ReleaseMutex
FormatMessageW
RtlVirtualUnwind
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
WaitForSingleObject

user32

LoadIconW
GetDesktopWindow

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcp120

?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z

msvcr120

__setusermatherr
_configthreadlocale
_cexit
_exit
__crtCaptureCurrentContext
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
_CxxThrowException
exit
__CxxFrameHandler3
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
memset
_initterm_e
_initterm
_wcmdln
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__set_app_type
__crtTerminateProcess
memcpy
memmove
??3@YAXPEAX@Z
strlen
??2@YAPEAX_K@Z
_purecall
??_V@YAXPEAX@Z
wcsncpy
?terminate@@YAXXZ
wcschr
towlower
wcsstr
_vsnwprintf
towupper
_wcsicmp

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipRename.exe
.exe windows:5 windows x64 arch:x64

c408936f5d1ab4b066d7ce88d0b302f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

80:e1:b6:73:a5:44:b5:49:fa:d0:2d:29:f6:32:f1:5c:7b:53:a1:67:74:b9:d0:c1:c9:38:f7:34:84:a7:25:16
Signer

Actual PE Digest

80:e1:b6:73:a5:44:b5:49:fa:d0:2d:29:f6:32:f1:5c:7b:53:a1:67:74:b9:d0:c1:c9:38:f7:34:84:a7:25:16

Digest Algorithm

sha256

PE Digest Matches

true

0e:9a:32:04:43:e4:29:ce:d1:fb:e1:92:a9:b4:0f:90:09:cf:a1:eb
Signer

Actual PE Digest

0e:9a:32:04:43:e4:29:ce:d1:fb:e1:92:a9:b4:0f:90:09:cf:a1:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipRename.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetVersionExW
FreeLibrary
LoadLibraryW
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetFileAttributesW
CreateFileW
GetFileAttributesExW
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrcmpiW
CloseHandle
LoadLibraryA
GetFullPathNameW
CreateDirectoryW
lstrlenW
GetCurrentDirectoryW
DeleteFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
lstrcatW
lstrcpyW
GetFileSizeEx
CreateMutexW
ReleaseMutex
FormatMessageW
RtlVirtualUnwind
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
WaitForSingleObject

user32

LoadIconW
GetDesktopWindow

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcp120

?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z

msvcr120

__setusermatherr
_configthreadlocale
_cexit
_exit
__crtCaptureCurrentContext
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
_CxxThrowException
exit
__CxxFrameHandler3
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
memset
_initterm_e
_initterm
_wcmdln
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__set_app_type
__crtTerminateProcess
memcpy
memmove
??3@YAXPEAX@Z
strlen
??2@YAPEAX_K@Z
_purecall
??_V@YAXPEAX@Z
wcsncpy
?terminate@@YAXXZ
wcschr
towlower
wcsstr
_vsnwprintf
towupper
_wcsicmp

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipReplace.exe
.exe windows:5 windows x64 arch:x64

c408936f5d1ab4b066d7ce88d0b302f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

df:d9:1b:80:0e:02:85:84:73:99:51:52:38:85:6e:9f:ba:60:42:cf:29:f1:06:0b:7f:d9:d1:3b:ba:d4:3f:64
Signer

Actual PE Digest

df:d9:1b:80:0e:02:85:84:73:99:51:52:38:85:6e:9f:ba:60:42:cf:29:f1:06:0b:7f:d9:d1:3b:ba:d4:3f:64

Digest Algorithm

sha256

PE Digest Matches

true

3f:d2:e4:41:03:fe:3b:47:e3:30:32:e9:a4:6b:4a:dd:90:56:5b:ad
Signer

Actual PE Digest

3f:d2:e4:41:03:fe:3b:47:e3:30:32:e9:a4:6b:4a:dd:90:56:5b:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipReplace.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetVersionExW
FreeLibrary
LoadLibraryW
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetFileAttributesW
CreateFileW
GetFileAttributesExW
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrcmpiW
CloseHandle
LoadLibraryA
GetFullPathNameW
CreateDirectoryW
lstrlenW
GetCurrentDirectoryW
DeleteFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
lstrcatW
lstrcpyW
GetFileSizeEx
CreateMutexW
ReleaseMutex
FormatMessageW
RtlVirtualUnwind
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
WaitForSingleObject

user32

LoadIconW
GetDesktopWindow

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcp120

?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z

msvcr120

__setusermatherr
_configthreadlocale
_cexit
_exit
__crtCaptureCurrentContext
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
_CxxThrowException
exit
__CxxFrameHandler3
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
memset
_initterm_e
_initterm
_wcmdln
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__set_app_type
__crtTerminateProcess
memcpy
memmove
??3@YAXPEAX@Z
strlen
??2@YAPEAX_K@Z
_purecall
??_V@YAXPEAX@Z
wcsncpy
?terminate@@YAXXZ
wcschr
towlower
wcsstr
_vsnwprintf
towupper
_wcsicmp

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipTool.exe
.exe windows:5 windows x86 arch:x86

c401dd2255dd4a267eb275df5f35927f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2d:d4:8d:5c:b5:e2:4c:1d:e9:dd:07:18:a2:86:49:72:d0:34:5c:50:ec:61:4f:2f:70:61:d8:97:67:d1:03:2c
Signer

Actual PE Digest

2d:d4:8d:5c:b5:e2:4c:1d:e9:dd:07:18:a2:86:49:72:d0:34:5c:50:ec:61:4f:2f:70:61:d8:97:67:d1:03:2c

Digest Algorithm

sha256

PE Digest Matches

true

fc:73:aa:61:29:0d:ca:97:31:5d:99:52:6c:17:e7:33:42:12:60:70
Signer

Actual PE Digest

fc:73:aa:61:29:0d:ca:97:31:5d:99:52:6c:17:e7:33:42:12:60:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\rczip\bin\Win32\release\pdb\HaoZipTool.pdb

Imports

imm32

ImmDisableIME

kernel32

LoadLibraryW
lstrcpynW
GetProcAddress
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
GetLastError
CloseHandle
ExpandEnvironmentStringsW
GetFileAttributesW
GetCurrentProcess
GetModuleHandleW
GetVersionExW
HeapAlloc
HeapFree
GetProcessHeap
FileTimeToSystemTime
FindResourceW
CreateMutexW
ReleaseMutex
WideCharToMultiByte
GetACP
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetEnvironmentVariableW
LoadLibraryExW
GetModuleFileNameW
OpenProcess
GetCurrentThreadId
LocalFree
FindFirstFileW
CreateFileW
GetLongPathNameW
GetFileAttributesExW
LoadResource
LockResource
GetSystemInfo
FreeLibrary
FindClose
FindNextFileW
GetFileSize
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
ReadFile
GetFileTime
DeleteFileW
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetSystemDirectoryW
lstrlenW
GetTempPathW
GetCurrentDirectoryW
SetFileAttributesW
GetFileSizeEx
SetEvent
GetTickCount
WaitForMultipleObjects
ResumeThread
ResetEvent
CreateEventW
FormatMessageW
InterlockedExchange
SetLastError
InterlockedExchangeAdd
GlobalMemoryStatusEx
GetCurrentProcessId
DeviceIoControl
FlushFileBuffers
ReadConsoleW
WriteConsoleW
Sleep
lstrcmpiW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapReAlloc
EncodePointer
DecodePointer
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
ExitThread
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
SetEnvironmentVariableA

user32

GetActiveWindow

advapi32

GetUserNameW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

ole32

CoTaskMemFree

Sections

.text
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipUpdate.exe
.exe windows:5 windows x64 arch:x64

51fb900c3aadc478b80870bd354234fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8e:4d:1b:fb:65:25:73:e5:78:3e:9e:5c:c4:59:89:d4:b9:6d:a5:84:d3:ca:4b:15:b0:85:40:d8:f3:75:94:10
Signer

Actual PE Digest

8e:4d:1b:fb:65:25:73:e5:78:3e:9e:5c:c4:59:89:d4:b9:6d:a5:84:d3:ca:4b:15:b0:85:40:d8:f3:75:94:10

Digest Algorithm

sha256

PE Digest Matches

true

1a:be:0c:6a:26:d6:18:a3:92:a3:bc:c5:10:7c:db:67:98:30:49:46
Signer

Actual PE Digest

1a:be:0c:6a:26:d6:18:a3:92:a3:bc:c5:10:7c:db:67:98:30:49:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SVN\rczip\bin\x64\release\pdb\HaoZipUpdate.pdb

Imports

kernel32

FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetFileAttributesW
CreateFileW
GetLastError
GetFileAttributesExW
GetModuleHandleW
LoadLibraryA
ExpandEnvironmentStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFullPathNameW
CreateDirectoryW
lstrlenW
CloseHandle
DeleteFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
GetVersionExW
lstrcmpiW
lstrcatW
lstrcpyW
GetFileSizeEx
CreateMutexW
WaitForSingleObject
Sleep
ReleaseMutex
FormatMessageW
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
RtlVirtualUnwind
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineW
GetSystemTimeAsFileTime
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
LoadLibraryExW
HeapReAlloc
LCMapStringW
OutputDebugStringW
FlushFileBuffers

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipVirtualCDBus.cat
HaoZipVirtualCDBus.inf
HaoZipVirtualCDBus.sys
.sys windows:4 windows x64 arch:x64

11eb75588bada328b5e6a6c45b383dea

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

59:60:6a:c0:0a:2f:9f:36:80:8c:ab:db:6c:6e:7e:37
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/06/2016, 00:00

Not After

15/06/2017, 23:59

Subject

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/05/2016, 00:00

Not After

06/05/2019, 23:59

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cb:b9:39:28:57:b1:c3:37:9f:db:dd:cb:7d:72:35:f2:40:c7:5e:54:7e:cb:28:7a:22:5e:2a:2b:23:6d:27:79
Signer

Actual PE Digest

cb:b9:39:28:57:b1:c3:37:9f:db:dd:cb:7d:72:35:f2:40:c7:5e:54:7e:cb:28:7a:22:5e:2a:2b:23:6d:27:79

Digest Algorithm

sha256

PE Digest Matches

true

c6:41:16:24:2b:4b:bd:41:18:92:fd:fd:02:d7:25:88:08:ed:c7:e4
Signer

Actual PE Digest

c6:41:16:24:2b:4b:bd:41:18:92:fd:fd:02:d7:25:88:08:ed:c7:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\MyDoc\Visual Studio 2005\Projects\rczip\bin\x64\release\HaoZipVirtualCDBus.pdb

Imports

ntoskrnl.exe

ZwSetValueKey
KeUnstackDetachProcess
ZwQueryValueKey
_vsnwprintf
ZwClose
RtlCopySid
ZwSetInformationFile
ZwDeleteValueKey
ZwCreateFile
IoGetRequestorProcess
IoIs32bitProcess
ZwReadFile
PoStartNextPowerIrp
IofCompleteRequest
wcsrchr
ZwWriteFile
KeInitializeEvent
ZwEnumerateValueKey
ZwQueryInformationFile
KeSetEvent
KeWaitForSingleObject
PsTerminateSystemThread
_purecall
ExAcquireFastMutex
ExReleaseFastMutex
PsCreateSystemThread
KeInitializeMutex
PsGetCurrentThreadId
KeReleaseMutex
ZwWaitForSingleObject
swprintf
ZwEnumerateKey
ZwDeleteKey
ZwCreateEvent
ZwClearEvent
ZwSetEvent
ZwDuplicateObject
ExFreePoolWithTag
ExAllocatePoolWithTag
KeBugCheck
IoBuildSynchronousFsdRequest
IofCallDriver
RtlInitUnicodeString
IoInvalidateDeviceRelations
IoRequestDeviceEject
ObfReferenceObject
IoCreateDevice
IoAttachDeviceToDeviceStack
KeClearEvent
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoDetachDevice
ObReferenceObjectByHandle
PsThreadType
KeReleaseSemaphore
ObfDereferenceObject
IoDeleteSymbolicLink
RtlFreeUnicodeString
IoDeleteDevice
ZwQuerySecurityObject
ZwSetSecurityObject
PoCallDriver
MmMapLockedPagesSpecifyCache
ZwOpenKey
ZwCreateKey
RtlValidSid
RtlLengthSid
RtlCreateAcl
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSelfRelativeToAbsoluteSD
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
DbgPrint
_snprintf
KeInitializeSemaphore
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
strstr
atoi
ZwQueryDirectoryFile
KeStackAttachProcess
ExAllocatePool
KeDelayExecutionThread
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.STL
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaozipCD.dll
.dll windows:5 windows x64 arch:x64

cf83fe1977a5f2a24284519d307a0237

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:7c:d6:03:d7:13:f8:95:f6:80:cd:25:5d:93:9a:e3:cb:db:d5:09:df:d1:20:9d:c0:31:11:40:27:49:a8:81
Signer

Actual PE Digest

7f:7c:d6:03:d7:13:f8:95:f6:80:cd:25:5d:93:9a:e3:cb:db:d5:09:df:d1:20:9d:c0:31:11:40:27:49:a8:81

Digest Algorithm

sha256

PE Digest Matches

true

d4:df:07:c3:bc:73:10:6b:1d:34:7f:01:0e:2e:63:eb:02:05:23:ae
Signer

Actual PE Digest

d4:df:07:c3:bc:73:10:6b:1d:34:7f:01:0e:2e:63:eb:02:05:23:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\HaoZip.v5.8\rczip.r10606\bin\x64\Release\pdb\HaoZipCD.dll.pdb

Imports

kernel32

CloseHandle
DeleteCriticalSection
GetFileTime
EnterCriticalSection
GetLastError
lstrlenW
CreateFileW
ReadFile
LeaveCriticalSection
GetVersionExW
CopyFileW
InitializeCriticalSection
WriteFile
SetFileTime
GetCurrentThread
GetLogicalDrives
GetCurrentProcess
SetEndOfFile
SetFilePointer
GetFileSize
SetFilePointerEx
SetStdHandle
GetSystemTimeAsFileTime
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
Sleep
DeviceIoControl
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
ExitProcess
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryExW
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode

advapi32

RegQueryValueExW
RegOpenKeyW
IsValidSid
GetLengthSid
InitializeAcl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegSetValueExW
RegCloseKey
OpenProcessToken
OpenThreadToken
GetTokenInformation
RegEnumKeyW
CopySid
RegCreateKeyExW
RegDeleteKeyW
PrivilegeCheck
LookupPrivilegeValueW
RegGetKeySecurity
RegSetKeySecurity
RegOpenKeyExW
AdjustTokenPrivileges

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

GetRunningObjectTable
CreateClassMoniker
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

setupapi

SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiGetDeviceInstanceIdW

newdev

UpdateDriverForPlugAndPlayDevicesW

Exports

Exports

CheckCDImage
CheckDiskConnected
CheckVirtualBus
GetImageFormatType
GetVirtualDiskList
InstallDriver
LoadCDImage
UnLoadCDImage
UninstallDriver

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Haozip_2345Upgrade.dll
.dll windows:5 windows x86 arch:x86

c2913bcfe50103fc12cc2d5930392d39

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b9:7b:d9:29:72:9f:d3:76:8a:0f:2f:97:f9:27:75:38:29:81:f2:3e:b3:b2:bf:d8:91:b1:c0:0e:38:dd:ba:a1
Signer

Actual PE Digest

b9:7b:d9:29:72:9f:d3:76:8a:0f:2f:97:f9:27:75:38:29:81:f2:3e:b3:b2:bf:d8:91:b1:c0:0e:38:dd:ba:a1

Digest Algorithm

sha256

PE Digest Matches

true

0d:3c:d5:24:be:02:7f:6e:c5:0c:3a:5d:aa:16:10:96:ea:42:84:25
Signer

Actual PE Digest

0d:3c:d5:24:be:02:7f:6e:c5:0c:3a:5d:aa:16:10:96:ea:42:84:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\trunk\dllplugin\UpgradeProgram\bin\Win32\Release\pdb\Haozip_2345Upgrade_Dll.pdb

Imports

kernel32

UpdateResourceW
CloseHandle
CreateProcessW
WaitForSingleObject
GetProcAddress
WaitForMultipleObjects
GetCurrentProcessId
LocalFree
WideCharToMultiByte
GetACP
MultiByteToWideChar
GetModuleHandleW
GetFileAttributesW
ExpandEnvironmentStringsW
CreateMutexW
Sleep
ReleaseMutex
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
GetCurrentProcess
OpenProcess
QueryDosDeviceW
HeapAlloc
HeapFree
GetProcessHeap
GetVersionExW
GetCurrentThreadId
FreeLibrary
LoadLibraryW
FindResourceW
LoadResource
LockResource
GetSystemInfo
lstrcmpiW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetFileSizeEx
BeginUpdateResourceW
SetEndOfFile
WriteFile
ReadFile
DeleteFileW
GetTickCount
FormatMessageW
GetFileSize
SetFileTime
GetFileTime
InterlockedExchange
SetLastError
InterlockedExchangeAdd
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetSystemDirectoryW
CopyFileW
GetCurrentDirectoryW
MoveFileW
GetWindowsDirectoryW
SetFileAttributesW
FindClose
FindNextFileW
FileTimeToSystemTime
GetLogicalDriveStringsW
SetEvent
ResetEvent
CreateEventW
ResumeThread
GlobalMemoryStatusEx
GetEnvironmentVariableW
LoadLibraryExW
DeviceIoControl
SystemTimeToTzSpecificLocalTime
GetPrivateProfileStringW
LocalAlloc
ReadConsoleW
WriteConsoleW
GetTempPathW
CreateFileW
MoveFileExW
EndUpdateResourceW
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetCommandLineW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetStringTypeW
GetCommandLineA
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
ExitThread
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
SetEnvironmentVariableA

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetUserNameW
SystemFunction036
QueryServiceConfigW

shell32

ord680
SHGetSpecialFolderPathW

imagehlp

ImageRemoveCertificate
ImageEnumerateCertificates

netapi32

NetLocalGroupGetMembers

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

StartUpgrade

Sections

.text
Size: 767KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Haozip_2345Upgrade.exe
.exe windows:5 windows x86 arch:x86

5b32795396d07af5723cd50317670808

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6f:1d:c2:70:cc:85:8b:60:dc:a0:4c:f9:84:98:96:eb:d0:99:43:e4:f6:14:53:c2:21:dc:ac:96:c6:06:e1:3c
Signer

Actual PE Digest

6f:1d:c2:70:cc:85:8b:60:dc:a0:4c:f9:84:98:96:eb:d0:99:43:e4:f6:14:53:c2:21:dc:ac:96:c6:06:e1:3c

Digest Algorithm

sha256

PE Digest Matches

true

92:6c:96:97:5a:07:70:2f:6b:42:c6:5d:c0:da:a9:de:04:71:20:a4
Signer

Actual PE Digest

92:6c:96:97:5a:07:70:2f:6b:42:c6:5d:c0:da:a9:de:04:71:20:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\trunk\dllplugin\UpgradeProgram\bin\Win32\Release\pdb\Haozip_2345Upgrade_Exe.pdb

Imports

kernel32

FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
GetFileAttributesW
CreateMutexW
WaitForSingleObject
Sleep
GetLastError
ReleaseMutex
CloseHandle
CreateFileW
GetFileAttributesExW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
lstrlenW
GetFileSizeEx
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
DeleteFileW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
LocalFree
GetFullPathNameW
CreateDirectoryW
GetFileSize
FormatMessageW
EncodePointer
DecodePointer
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
SetLastError
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
LoadLibraryExW
HeapReAlloc
LCMapStringW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Protect/HaozipMiniPage.exe
.exe windows:5 windows x86 arch:x86

631384911f7b05cabe04a1371d9f909d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8d:89:7b:24:0e:59:b9:7a:2b:60:a8:eb:68:71:23:66:77:8a:b4:bb:ff:2b:5e:7e:d4:67:84:e6:62:34:a0:f3
Signer

Actual PE Digest

8d:89:7b:24:0e:59:b9:7a:2b:60:a8:eb:68:71:23:66:77:8a:b4:bb:ff:2b:5e:7e:d4:67:84:e6:62:34:a0:f3

Digest Algorithm

sha256

PE Digest Matches

true

cd:1b:51:2d:6c:2c:78:f9:ea:20:9f:e3:95:bc:fc:34:d2:9c:2d:54
Signer

Actual PE Digest

cd:1b:51:2d:6c:2c:78:f9:ea:20:9f:e3:95:bc:fc:34:d2:9c:2d:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\trunk\dllplugin\RCMiniPage\bin\Win32\Release\pdb\2345MiniPage.pdb

Imports

kernel32

GetProcAddress
GetLocalTime
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
LoadLibraryExW
GetModuleHandleW
GetFileAttributesW
FreeLibrary
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
DecodePointer
lstrcatW
DeleteCriticalSection
lstrcmpiW
FindFirstFileW
FileTimeToSystemTime
FindClose
CreateMutexW
WaitForSingleObject
Sleep
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetLongPathNameW
GetFileAttributesExW
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetVersionExW
LocalFree
QueryDosDeviceW
GetFileSize
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
ReadFile
GetFileTime
GetTempPathW
FindResourceW
LoadResource
LockResource
GetSystemInfo
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
GetSystemDirectoryW
lstrlenW
GetCurrentDirectoryW
MoveFileW
GetWindowsDirectoryW
SetFileAttributesW
FindNextFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSizeEx
GetLogicalDriveStringsW
SetEvent
WaitForMultipleObjects
FormatMessageW
GetACP
GlobalMemoryStatusEx
ResumeThread
WideCharToMultiByte
MultiByteToWideChar
ResetEvent
CreateEventW
InterlockedExchangeAdd
InterlockedExchange
SetLastError
DeviceIoControl
ReadConsoleW
WriteConsoleW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
CreateFileW
GetModuleFileNameW
LoadLibraryW
GetCurrentProcess
DeleteFileW
GetTickCount
GetConsoleCP
OutputDebugStringW
HeapReAlloc
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStdHandle
HeapSize
EncodePointer
GetStringTypeW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineW
CreateThread
ExitThread
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
SetEnvironmentVariableA

user32

PostMessageW
IsWindow
MessageBoxW
wsprintfW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 804KB - Virtual size: 803KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Protect/HaozipSvc.dll
.dll windows:5 windows x86 arch:x86

4b7a145dabb8d15e3231c72da1622d29

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:d0:ee:a1:01:25:b4:d5:d3:21:c0:37:70:b0:bc:eb:41:88:9c:21:1a:db:bd:69:d6:32:d2:7a:ed:ef:91:91
Signer

Actual PE Digest

37:d0:ee:a1:01:25:b4:d5:d3:21:c0:37:70:b0:bc:eb:41:88:9c:21:1a:db:bd:69:d6:32:d2:7a:ed:ef:91:91

Digest Algorithm

sha256

PE Digest Matches

true

1b:13:da:bd:22:7b:95:da:02:80:13:81:58:52:f7:5b:99:16:98:d8
Signer

Actual PE Digest

1b:13:da:bd:22:7b:95:da:02:80:13:81:58:52:f7:5b:99:16:98:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\trunk\dllplugin\ServiceProgram\Release\HaozipSvc_dll.pdb

Imports

kernel32

DeleteTimerQueueTimer
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
EndUpdateResourceW
CreateFileW
BeginUpdateResourceW
UpdateResourceW
CreateTimerQueue
DeleteTimerQueueEx
GetLogicalDriveStringsW
lstrlenW
QueryDosDeviceW
lstrcmpiW
lstrcatW
GetLocalTime
WaitForSingleObject
ResetEvent
CreateEventW
SetFileAttributesW
MoveFileW
GetVersionExW
CreateProcessW
GetExitCodeProcess
GetCurrentProcessId
GetACP
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
CreateMutexW
ReleaseMutex
GetCurrentProcess
ResumeThread
TerminateThread
OpenThread
GetExitCodeThread
SuspendThread
GetSystemInfo
LoadResource
LockResource
GetLongPathNameW
GetFileAttributesExW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
FindNextFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
InterlockedExchangeAdd
LoadLibraryExW
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
CopyFileW
GetFileAttributesW
GetTempPathW
RemoveDirectoryW
GetWindowsDirectoryW
DeleteFileW
InterlockedExchange
GetFileSizeEx
FormatMessageW
InitializeCriticalSectionAndSpinCount
ReadConsoleW
FlushFileBuffers
CreateTimerQueueTimer
Sleep
GetTickCount
LocalFree
WTSGetActiveConsoleSessionId
GlobalMemoryStatusEx
LocalAlloc
FindClose
GetComputerNameExW
GetLastError
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleFileNameW
FileTimeToSystemTime
WideCharToMultiByte
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
FindFirstFileW
CloseHandle
OpenProcess
FindResourceW
MoveFileExW
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
HeapReAlloc
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetConsoleMode
GetConsoleCP
GetStdHandle
GetOEMCP
IsValidCodePage
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
EncodePointer
DecodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
CreateThread
ExitThread
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetEnvironmentVariableA

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
SystemFunction036
RegCloseKey
QueryServiceConfigW
ConvertSidToStringSidW
RegOpenKeyExW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountNameW
RegQueryValueExW
OpenServiceW
GetUserNameW
OpenSCManagerW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW

netapi32

NetLocalGroupGetMembers

wininet

InternetReadFile
InternetConnectA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetCrackUrlA

wtsapi32

WTSQueryUserToken

imagehlp

ImageRemoveCertificate
ImageEnumerateCertificates

shlwapi

PathRemoveFileSpecW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

UpdateMain

Sections

.text
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Protect/HaozipSvc.exe
.exe windows:5 windows x86 arch:x86

52da86a3fc191a012b3e8d728d678f5e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d8:8a:42:cd:db:de:a4:1f:20:d9:cf:85:87:7c:1a:42:b0:aa:48:58:df:43:67:f5:70:91:73:62:32:a9:86:a5
Signer

Actual PE Digest

d8:8a:42:cd:db:de:a4:1f:20:d9:cf:85:87:7c:1a:42:b0:aa:48:58:df:43:67:f5:70:91:73:62:32:a9:86:a5

Digest Algorithm

sha256

PE Digest Matches

true

fe:f1:4f:15:12:61:1e:dc:e6:d6:6d:bf:70:8e:87:fc:78:fe:3d:cc
Signer

Actual PE Digest

fe:f1:4f:15:12:61:1e:dc:e6:d6:6d:bf:70:8e:87:fc:78:fe:3d:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetPrivateProfileStringW
LoadLibraryW
GetModuleFileNameW
GetLastError
GetProcAddress
GetModuleHandleW
GetFileAttributesW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
GetFileSizeEx
CloseHandle
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
DeleteFileW
CreateFileW
GetFileAttributesExW
CreateMutexW
WaitForSingleObject
Sleep
ReleaseMutex
CreateDirectoryW
GetFileSize
FormatMessageW
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
WriteConsoleW
SetStdHandle
EncodePointer
DecodePointer
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
RaiseException
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
LCMapStringW
RtlUnwind
LoadLibraryExW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
FlushFileBuffers

Exports

Exports

CheckFile

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Protect/Helper_Haozip.exe
.exe windows:5 windows x86 arch:x86

1e9ad8d13c49512ae7a1ef7eccda85a8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f5:44:59:35:ea:71:af:ce:45:f4:5b:50:f0:5d:48:45:94:c2:1f:b1:2c:55:86:3a:1d:54:7e:53:06:c7:91:75
Signer

Actual PE Digest

f5:44:59:35:ea:71:af:ce:45:f4:5b:50:f0:5d:48:45:94:c2:1f:b1:2c:55:86:3a:1d:54:7e:53:06:c7:91:75

Digest Algorithm

sha256

PE Digest Matches

true

65:ea:55:2f:e6:bc:a4:42:5b:da:98:04:4a:09:da:2c:1a:37:c7:da
Signer

Actual PE Digest

65:ea:55:2f:e6:bc:a4:42:5b:da:98:04:4a:09:da:2c:1a:37:c7:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\trunk\dllplugin\Helper2345\bin\Win32\Release\pdb\Helper_2345.pdb

Imports

kernel32

lstrcmpiW
CloseHandle
GetCurrentProcessId
FindFirstFileW
FindClose
GetModuleHandleW
GetFileAttributesW
ExpandEnvironmentStringsW
CreateMutexW
WaitForSingleObject
Sleep
GetLastError
ReleaseMutex
CreateFileW
GetLongPathNameW
GetFileAttributesExW
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetVersionExW
GetCurrentThreadId
GetCurrentProcess
QueryDosDeviceW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalFree
lstrlenW
GetFileSizeEx
DeleteFileW
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
GetTempPathW
MoveFileW
RemoveDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
FindNextFileW
FindResourceW
LoadResource
LockResource
GetLogicalDriveStringsW
GetTickCount
FormatMessageW
GetACP
GlobalMemoryStatusEx
SetEvent
ResetEvent
CreateEventW
InterlockedExchangeAdd
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
LoadLibraryW
FreeLibrary
DeleteCriticalSection
GetCommandLineW
WriteConsoleW
SetStdHandle
FlushFileBuffers
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EncodePointer
DecodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
HeapReAlloc
SetEnvironmentVariableA

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

Sections

.text
Size: 494KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Protect/ServiceManager.exe
.exe windows:5 windows x86 arch:x86

f90594adaaf63b4c071ea8caf1b8882a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f1:5d:59:19:37:17:d2:a1:30:c6:b1:73:1d:1c:11:2e:ff:46:24:c5:04:1f:eb:fb:20:21:b4:28:2a:ac:44:31
Signer

Actual PE Digest

f1:5d:59:19:37:17:d2:a1:30:c6:b1:73:1d:1c:11:2e:ff:46:24:c5:04:1f:eb:fb:20:21:b4:28:2a:ac:44:31

Digest Algorithm

sha256

PE Digest Matches

true

42:22:fa:ef:31:41:eb:6c:27:09:f0:83:01:b8:93:b5:71:2e:1d:43
Signer

Actual PE Digest

42:22:fa:ef:31:41:eb:6c:27:09:f0:83:01:b8:93:b5:71:2e:1d:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
GetFileSizeEx
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
DeleteFileW
CreateFileW
GetFileAttributesExW
LoadLibraryW
GetModuleHandleW
WaitForSingleObject
ReleaseMutex
CreateDirectoryW
GetFileSize
FormatMessageW
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetLastError
TerminateProcess
OpenProcess
GetCurrentProcess
Sleep
CreateMutexW
GetTickCount
SetStdHandle
FlushFileBuffers
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStdHandle
LoadLibraryExW
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
HeapReAlloc
LCMapStringW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

advapi32

LookupPrivilegeValueW
OpenProcessToken
ControlService
QueryServiceStatusEx
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
AdjustTokenPrivileges

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Protect/Tool_Uninstall.exe
.exe windows:5 windows x86 arch:x86

760375f373a4df66c477f955987ebb9c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e1:92:90:eb:d8:ea:33:54:84:cc:15:c5:86:4d:c8:3b:91:b1:2f:c9:ad:e5:9f:62:e8:a1:5d:7a:82:d3:90:77
Signer

Actual PE Digest

e1:92:90:eb:d8:ea:33:54:84:cc:15:c5:86:4d:c8:3b:91:b1:2f:c9:ad:e5:9f:62:e8:a1:5d:7a:82:d3:90:77

Digest Algorithm

sha256

PE Digest Matches

true

50:9a:0c:a6:11:54:93:f2:0f:e1:de:f2:1b:9b:8b:39:f4:24:d9:8c
Signer

Actual PE Digest

50:9a:0c:a6:11:54:93:f2:0f:e1:de:f2:1b:9b:8b:39:f4:24:d9:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\trunk\dllplugin\UninstallTool\bin\Win32\Release\Tool_Uninstall.pdb

Imports

kernel32

GetCommandLineW
LocalFree
CreateMutexW
WaitForSingleObject
Sleep
GetLastError
CloseHandle
GetProcAddress
GetCurrentProcessId
FindResourceW
LoadResource
GetModuleHandleW
GetVersionExW
LockResource
lstrcmpiW
GetCurrentProcess
OpenProcess
GetModuleFileNameW
QueryDosDeviceW
TerminateProcess
GetEnvironmentVariableW
FindFirstFileW
CreateFileW
GetLongPathNameW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
LoadLibraryW
FindClose
FindNextFileW
GetLogicalDriveStringsW
LoadLibraryExW
GetFullPathNameW
GetFileAttributesW
lstrlenW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
WriteFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FlushFileBuffers
WriteConsoleW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
SetLastError
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
HeapReAlloc
LCMapStringW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle

shell32

CommandLineToArgvW

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Protect/coral_extract.dll
.dll windows:4 windows x86 arch:x86

27078d36f37371b0a00fb89ab0cc3581

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8a:07:2f:50:9a:6f:2b:ab:3a:8d:65:3b:b2:e2:39:74:43:d4:73:79:36:2e:73:32:e6:16:9b:c4:c1:eb:96:1c
Signer

Actual PE Digest

8a:07:2f:50:9a:6f:2b:ab:3a:8d:65:3b:b2:e2:39:74:43:d4:73:79:36:2e:73:32:e6:16:9b:c4:c1:eb:96:1c

Digest Algorithm

sha256

PE Digest Matches

true

28:bc:8f:b8:11:20:20:7d:d8:e0:70:2c:00:5f:c0:a1:7b:61:eb:e8
Signer

Actual PE Digest

28:bc:8f:b8:11:20:20:7d:d8:e0:70:2c:00:5f:c0:a1:7b:61:eb:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\rczip.dev\trunk\bin\Win32\release\pdb\Extract7z.pdb

Imports

kernel32

GetProcAddress
VirtualAlloc
GetModuleHandleW
VirtualFree
InterlockedExchangeAdd
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
GetLastError
ReadFile
CreateFileW
SetFilePointer
CloseHandle
LoadLibraryW
FreeLibrary
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetFileAttributesW
FormatMessageW
LocalFree
FindFirstFileW
FindClose
FindNextFileW
DeleteFileW
CreateDirectoryW
GetFileSize
GetFullPathNameW
SetFileTime
GetTempFileNameW
SetFileAttributesW
MoveFileW
lstrlenW
SetEndOfFile
FindResourceW
WaitForMultipleObjects
CreateEventW
ResetEvent
WaitForSingleObject
SetEvent
CreateThread
ExitThread
ResumeThread

user32

LoadStringW

Exports

Exports

ExtractArchive

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RarNew.data
.rar
TarNew.data
UNACEV2.DLL
.dll windows:1 windows x86 arch:x86

8390514c40641509cd0941c1fb7588ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
ShellExecuteExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
GetCommandLineA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetStdHandle
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteFile

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
DeleteObject

user32

CharToOemBuffA
CreateDialogParamA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
GetKeyState
GetWindowTextA
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxA
OemToCharBuffA
PeekMessageA
SendDlgItemMessageA
SetCursor
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage

Exports

Exports

ACEExtract
ACEInitDll
ACEList
ACEReadArchiveData
ACETest
___DllMainCRTStartup@12

Sections

AUTO
Size: 59KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 210KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZipNew.data
icon/logo.ico
lang/HaoZipLang_chs.dll
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

83:2a:a0:79:49:73:50:66:36:95:c7:86:09:84:9d:a9:a9:92:89:a6:89:48:71:b9:4d:9d:70:9e:82:c0:01:e3
Signer

Actual PE Digest

83:2a:a0:79:49:73:50:66:36:95:c7:86:09:84:9d:a9:a9:92:89:a6:89:48:71:b9:4d:9d:70:9e:82:c0:01:e3

Digest Algorithm

sha256

PE Digest Matches

true

6b:82:14:0f:6c:de:b9:77:b3:83:99:af:b9:5e:c1:48:b1:6e:a5:3e
Signer

Actual PE Digest

6b:82:14:0f:6c:de:b9:77:b3:83:99:af:b9:5e:c1:48:b1:6e:a5:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msvcp120.dll
.dll windows:6 windows x64 arch:x64

d0a59246eab41d54812cd63c2326e1f1

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:d2:5e:13:d8:f6:da:52:bc:55:c5:11:d6:b5:3f:74:3a:98:10:43:b0:e8:b1:47:01:ff:4f:db:e9:8a:61:9b
Signer

Actual PE Digest

2c:d2:5e:13:d8:f6:da:52:bc:55:c5:11:d6:b5:3f:74:3a:98:10:43:b0:e8:b1:47:01:ff:4f:db:e9:8a:61:9b

Digest Algorithm

sha256

PE Digest Matches

true

7d:d0:9c:b4:f1:4b:8e:60:64:b3:b2:c8:cb:56:08:06:80:d6:f4:83
Signer

Actual PE Digest

7d:d0:9c:b4:f1:4b:8e:60:64:b3:b2:c8:cb:56:08:06:80:d6:f4:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcp120.amd64.pdb

Imports

msvcr120

??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
fclose
fflush
fgetc
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
memcpy_s
_fsopen
fseek
_wfsopen
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?Alloc@Concurrency@@YAPEAX_K@Z
?Free@Concurrency@@YAXPEAX@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
??0invalid_operation@Concurrency@@QEAA@PEBD@Z
??0critical_section@Concurrency@@QEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
?wait@event@Concurrency@@QEAA_KI@Z
?set@event@Concurrency@@QEAAXXZ
ldexp
sprintf_s
strcspn
wcslen
_Strftime
_Wcsftime
strcmp
setlocale
_malloc_crt
_realloc_crt
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
fgetwc
fputwc
ungetwc
__uncaught_exception
_errno
memcmp
_wcsdup
___lc_locale_name_func
___lc_collate_cp_func
__crtCompareStringA
__crtLCMapStringA
___lc_codepage_func
_ismbblead
remove
rename
_wremove
strcpy_s
wcscpy_s
_wgetcwd
_wchdir
_wmkdir
_wrmdir
_W_Gettnames
_getcwd
_chdir
_mkdir
_rmdir
__crtIsPackagedApp
__crtCreateSymbolicLinkW
__crtGetFileInformationByHandleEx
__crtSetFileInformationByHandle
_calloc_crt
??0_Condition_variable@details@Concurrency@@QEAA@XZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
__crtSleep
_beginthreadex
_endthreadex
?lock@critical_section@Concurrency@@QEAAXXZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?unlock@critical_section@Concurrency@@QEAAXXZ
?terminate@@YAXXZ
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
calloc
??0operation_timed_out@Concurrency@@QEAA@XZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
??0bad_target@Concurrency@@QEAA@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
?Log2@details@Concurrency@@YAK_K@Z
_lock
_unlock
__pctype_func
isupper
__crtGetLocaleInfoEx
islower
__crtLCMapStringW
isspace
tolower
memchr
sqrt
isdigit
isxdigit
isalnum
__crtCompareStringW
__C_specific_handler
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_Getdays
localeconv
??0bad_cast@std@@QEAA@PEBD@Z
??_V@YAXPEAX@Z
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@XZ
memmove
strlen
memcpy
malloc
free
___mb_cur_max_func
_purecall
rand_s
fputs
fputc
__iob_func
abort
logf
log
__crtInitializeCriticalSectionEx
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
_wrename

kernel32

GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStringTypeW
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
DuplicateHandle
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDH@std@@QEAA@_K@Z
??0?$codecvt@GDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
??0?$codecvt@_WDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z
??0_Container_base12@std@@QEAA@AEBU01@@Z
??0_Container_base12@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Pad@std@@QEAA@AEBV01@@Z
??0_Pad@std@@QEAA@XZ
??0_Runtime_object@details@Concurrency@@QEAA@H@Z
??0_Runtime_object@details@Concurrency@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z
??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z
??0agent@Concurrency@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDH@std@@MEAA@XZ
??1?$codecvt@GDH@std@@MEAA@XZ
??1?$codecvt@_WDH@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ
??1_Container_base12@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Pad@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1agent@Concurrency@@UEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Container_base0@std@@QEAAAEAU01@AEBU01@@Z
??4_Container_base12@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Pad@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDH@std@@6B@
??_7?$codecvt@GDH@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7_Pad@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDH@std@@QEAAXXZ
??_F?$codecvt@GDH@std@@QEAAXXZ
??_F?$codecvt@_WDH@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z
?NFS_Free@details@Concurrency@@YAXPEAX@Z
?NFS_GetLineSize@details@Concurrency@@YA_KXZ
?_10@placeholders@std@@3V?$_Ph@$09@2@A
?_11@placeholders@std@@3V?$_Ph@$0L@@2@A
?_12@placeholders@std@@3V?$_Ph@$0M@@2@A
?_13@placeholders@std@@3V?$_Ph@$0N@@2@A
?_14@placeholders@std@@3V?$_Ph@$0O@@2@A
?_15@placeholders@std@@3V?$_Ph@$0P@@2@A
?_16@placeholders@std@@3V?$_Ph@$0BA@@2@A
?_17@placeholders@std@@3V?$_Ph@$0BB@@2@A
?_18@placeholders@std@@3V?$_Ph@$0BC@@2@A
?_19@placeholders@std@@3V?$_Ph@$0BD@@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_20@placeholders@std@@3V?$_Ph@$0BE@@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_5@placeholders@std@@3V?$_Ph@$04@2@A
?_6@placeholders@std@@3V?$_Ph@$05@2@A
?_7@placeholders@std@@3V?$_Ph@$06@2@A
?_8@placeholders@std@@3V?$_Ph@$07@2@A
?_9@placeholders@std@@3V?$_Ph@$08@2@A
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Close_dir@sys@tr2@std@@YAXPEAX@Z
?_Copy_file@sys@tr2@std@@YAHPEBD0_N@Z
?_Copy_file@sys@tr2@std@@YAHPEB_W0_N@Z
?_Current_get@sys@tr2@std@@YAPEADAEAY0BAE@D@Z
?_Current_get@sys@tr2@std@@YAPEA_WAEAY0BAE@_W@Z
?_Current_set@sys@tr2@std@@YA_NPEBD@Z
?_Current_set@sys@tr2@std@@YA_NPEB_W@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Equivalent@sys@tr2@std@@YAHPEBD0@Z
?_Equivalent@sys@tr2@std@@YAHPEB_W0@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_File_size@sys@tr2@std@@YA_KPEBD@Z
?_File_size@sys@tr2@std@@YA_KPEB_W@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K333@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K333@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K444@Z
?_Future_error_map@std@@YAPEBDH@Z
?_GetCombinableSize@details@Concurrency@@YA_KXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr120.dll
.dll windows:6 windows x64 arch:x64

8f18e22935ef8b336e246ee763fbec97

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e0:66:18:5e:b7:4b:fa:b1:34:44:37:97:5b:34:90:6d:28:cd:b9:a6:50:cb:46:b6:fd:f2:79:01:22:e1:86
Signer

Actual PE Digest

15:e0:66:18:5e:b7:4b:fa:b1:34:44:37:97:5b:34:90:6d:28:cd:b9:a6:50:cb:46:b6:fd:f2:79:01:22:e1:86

Digest Algorithm

sha256

PE Digest Matches

true

81:46:2b:e1:eb:25:cd:19:c0:fc:7e:ef:fc:aa:78:2b:f7:34:ff:86
Signer

Actual PE Digest

81:46:2b:e1:eb:25:cd:19:c0:fc:7e:ef:fc:aa:78:2b:f7:34:ff:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcr120.amd64.pdb

Imports

kernel32

EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
GetLastError
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameA
SetLastError
GetCurrentThread
GetModuleFileNameW
GetStdHandle
WriteFile
FindClose
FindFirstFileExA
FindNextFileA
FindFirstFileExW
FindNextFileW
CloseHandle
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
Beep
Sleep
GetFullPathNameA
GetCurrentProcessId
GetFileAttributesExW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
FreeLibrary
LoadLibraryExA
CreateProcessW
ReadFile
GetTempPathA
GetTempPathW
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
UnregisterWait
TlsGetValue
SignalObjectAndWait
TlsSetValue
SetThreadPriority
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
GetLogicalProcessorInformation
RtlCaptureStackBackTrace
GetThreadPriority
GetProcessAffinityMask
SetThreadAffinityMask
TlsAlloc
DeleteTimerQueueTimer
TlsFree
SwitchToThread
TryEnterCriticalSection
SetProcessAffinityMask
VirtualFree
GetVersionExW
VirtualAlloc
VirtualProtect
InitializeSListHead
ReleaseSemaphore
UnregisterWaitEx
IsProcessorFeaturePresent
LoadLibraryW
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
CreateEventW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSize
HeapQueryInformation
HeapValidate
HeapCompact
HeapWalk
GetSystemInfo
VirtualQuery
GetFileType
GetStartupInfoW
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
CreateFileW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
FlushFileBuffers
CreatePipe
SetStdHandle
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
ReadConsoleInputW
WriteConsoleW
SetEndOfFile
LockFileEx
UnlockFileEx
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetTickCount
CreateSemaphoreW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringA

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QEAA@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QEAA@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QEAA@AEBV01@@Z
??0SchedulerPolicy@Concurrency@@QEAA@XZ
??0SchedulerPolicy@Concurrency@@QEAA@_KZZ
??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??0_Condition_variable@details@Concurrency@@QEAA@XZ
??0_Context@details@Concurrency@@QEAA@PEAVContext@2@@Z
??0_Interruption_exception@details@Concurrency@@QEAA@PEBD@Z
??0_Interruption_exception@details@Concurrency@@QEAA@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_ReaderWriterLock@details@Concurrency@@QEAA@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_ReentrantLock@details@Concurrency@@QEAA@XZ
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scheduler@details@Concurrency@@QEAA@PEAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@XZ
??0_Timer@details@Concurrency@@IEAA@I_N@Z
??0__non_rtti_object@std@@QEAA@AEBV01@@Z
??0__non_rtti_object@std@@QEAA@PEBD@Z
??0bad_cast@std@@AEAA@PEBQEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_target@Concurrency@@QEAA@PEBD@Z
??0bad_target@Concurrency@@QEAA@XZ
??0bad_typeid@std@@QEAA@AEBV01@@Z
??0bad_typeid@std@@QEAA@PEBD@Z
??0context_self_unblock@Concurrency@@QEAA@PEBD@Z
??0context_self_unblock@Concurrency@@QEAA@XZ
??0context_unblock_unbalanced@Concurrency@@QEAA@PEBD@Z
??0context_unblock_unbalanced@Concurrency@@QEAA@XZ
??0critical_section@Concurrency@@QEAA@XZ
??0default_scheduler_exists@Concurrency@@QEAA@PEBD@Z
??0default_scheduler_exists@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@XZ
??0improper_lock@Concurrency@@QEAA@PEBD@Z
??0improper_lock@Concurrency@@QEAA@XZ
??0improper_scheduler_attach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_attach@Concurrency@@QEAA@XZ
??0improper_scheduler_detach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_detach@Concurrency@@QEAA@XZ
??0improper_scheduler_reference@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_reference@Concurrency@@QEAA@XZ
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0invalid_link_target@Concurrency@@QEAA@XZ
??0invalid_multiple_scheduling@Concurrency@@QEAA@PEBD@Z
??0invalid_multiple_scheduling@Concurrency@@QEAA@XZ
??0invalid_operation@Concurrency@@QEAA@PEBD@Z
??0invalid_operation@Concurrency@@QEAA@XZ
??0invalid_oversubscribe_operation@Concurrency@@QEAA@PEBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_key@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_value@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QEAA@XZ
??0message_not_found@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
??0missing_wait@Concurrency@@QEAA@PEBD@Z
??0missing_wait@Concurrency@@QEAA@XZ
??0nested_scheduler_missing_detach@Concurrency@@QEAA@PEBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QEAA@XZ
??0operation_timed_out@Concurrency@@QEAA@PEBD@Z
??0operation_timed_out@Concurrency@@QEAA@XZ
??0reader_writer_lock@Concurrency@@QEAA@XZ
??0scheduler_not_attached@Concurrency@@QEAA@PEBD@Z
??0scheduler_not_attached@Concurrency@@QEAA@XZ
??0scheduler_resource_allocation_error@Concurrency@@QEAA@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QEAA@PEBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@J@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@PEBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0task_canceled@Concurrency@@QEAA@PEBD@Z
??0task_canceled@Concurrency@@QEAA@XZ
??0unsupported_os@Concurrency@@QEAA@PEBD@Z
??0unsupported_os@Concurrency@@QEAA@XZ
??1SchedulerPolicy@Concurrency@@QEAA@XZ
??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??1_StructuredTaskCollection@details@Concurrency@@QEAA@XZ
??1_TaskCollection@details@Concurrency@@QEAA@XZ
??1_Timer@details@Concurrency@@MEAA@XZ
??1__non_rtti_object@std@@UEAA@XZ
??1bad_cast@std@@UEAA@XZ
??1bad_typeid@std@@UEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
??1exception@std@@UEAA@XZ
??1reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock@critical_section@Concurrency@@QEAA@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@XZ
??1type_info@@UEAA@XZ
??2@YAPEAX_K@Z
??2@YAPEAX_KHPEBDH@Z
??3@YAXPEAX@Z
??3@YAXPEAXHPEBDH@Z
??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4SchedulerPolicy@Concurrency@@QEAAAEAV01@AEBV01@@Z
??4__non_rtti_object@std@@QEAAAEAV01@AEBV01@@Z
??4bad_cast@std@@QEAAAEAV01@AEBV01@@Z
??4bad_typeid@std@@QEAAAEAV01@AEBV01@@Z
??4exception@std@@QEAAAEAV01@AEBV01@@Z
??8type_info@@QEBA_NAEBV0@@Z
??9type_info@@QEBA_NAEBV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QEAAXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QEAAXXZ
??_F_Context@details@Concurrency@@QEAAXXZ
??_F_Scheduler@details@Concurrency@@QEAAXXZ
??_Fbad_cast@std@@QEAAXXZ
??_Fbad_typeid@std@@QEAAXXZ
??_U@YAPEAX_K@Z
??_U@YAPEAX_KHPEBDH@Z
??_V@YAXPEAX@Z
??_V@YAXPEAXHPEBDH@Z
?Alloc@Concurrency@@YAPEAX_K@Z
?Block@Context@Concurrency@@SAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?Create@CurrentScheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPEAV12@AEBVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPEAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@AEAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPEAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPEAX@Z
?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QEBAIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPEAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NAEBVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAK_K@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPEAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0AEAVlocation@2@@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QEAAXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QEAAIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QEAAXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QEAAXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPEBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPEB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ
?_Copy_str@exception@std@@AEAAXPEBD@Z
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EEAAXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetConcRTTraceInfo@Concurrency@@YAPEBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAEA_KXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QEAAPEAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QEAA_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QEAA_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ
?_Name_base@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPEAV123@PEAV_CancellationTokenState@23@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IEAAKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IEAAKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QEAAIXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_Scheduler@details@Concurrency@@QEAAIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QEAAXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QEAAXI@Z
?_SetUnobservedExceptionHandler@details@Concurrency@@YAXP6AXXZ@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IEAA_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IEAA_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QEAA_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IEAAXXZ
?_Stop@_Timer@details@Concurrency@@IEAAXXZ
?_Tidy@exception@std@@AEAAXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QEAA_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAA_NXZ
?_Type_info_dtor@type_info@@CAXPEAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPEAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6A_JXZ@Z
?_ValidateRead@@YAHPEBXI@Z
?_ValidateWrite@@YAHPEAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrSwap@@YAXPEAX0@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPEBG00I_K@Z
?_is_exception_typeof@@YAHAEBVtype_info@@PEAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?_open@@YAHPEBDHH@Z
?_query_new_handler@@YAP6AH_K@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AH_K@ZH@Z
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPEBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?_wopen@@YAHPEB_WHH@Z
?_wsopen@@YAHPEB_WHHH@Z
?before@type_info@@QEBA_NAEBV1@@Z
?current@location@Concurrency@@SA?AV12@XZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QEBAJXZ
?lock@critical_section@Concurrency@@QEAAXXZ
?lock@reader_writer_lock@Concurrency@@QEAAXXZ
?lock_read@reader_writer_lock@Concurrency@@QEAAXXZ
?name@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QEAAAEAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?raw_name@type_info@@QEBAPEBDXZ
?reset@event@Concurrency@@QEAAXXZ
?set@event@Concurrency@@QEAAXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_task_execution_resources@Concurrency@@YAXGPEAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAX_K@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock@reader_writer_lock@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QEAA_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QEAAXXZ
?unlock@reader_writer_lock@Concurrency@@QEAAXXZ
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait@event@Concurrency@@QEAA_KI@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?wait_for_multiple@event@Concurrency@@SA_KPEAPEAV12@_K_NI@Z
?what@exception@std@@UEBAPEBDXZ
_CRT_RTC_INIT
_CRT_RTC_INITW
_Cbuild
_CreateFrameInfo
_CxxThrowException
_FCbuild
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_LCbuild
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__CppXcptFilter
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__create_locale
__crtCaptureCurrentContext
__crtCapturePreviousContext
__crtCompareStringA
__crtCompareStringEx
__crtCompareStringW
__crtCreateEventExW
__crtCreateSemaphoreExW
__crtCreateSymbolicLinkW
__crtEnumSystemLocalesEx
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
__crtGetDateFormatEx
__crtGetFileInformationByHandleEx
__crtGetLocaleInfoEx
__crtGetShowWindowMode
__crtGetTickCount64
__crtGetTimeFormatEx
__crtGetUserDefaultLocaleName
__crtInitializeCriticalSectionEx
__crtIsPackagedApp
__crtIsValidLocaleName
__crtLCMapStringA
__crtLCMapStringEx
__crtLCMapStringW
__crtSetFileInformationByHandle
__crtSetThreadStackGuarantee
__crtSetUnhandledExceptionFilter
__crtSleep
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert

Sections

.text
Size: 666KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sfx/HaoZip7zCon.sfx
.exe windows:5 windows x86 arch:x86

3907eb53a7f1c7b83377fa2170b93f64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\rczip\bin\Win32\release\pdb\HaoZip7zCon.pdb

Imports

kernel32

GetCommandLineW
SetFileApisToOEM
WideCharToMultiByte
GetACP
MultiByteToWideChar
InterlockedExchangeAdd
FindFirstFileW
FindClose
CreateFileW
GetLastError
GetVersionExW
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
SetFileTime
GetFileAttributesW
lstrlenW
MoveFileW
CloseHandle
DeleteFileW
SetFileAttributesW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryW
FindResourceW
GetModuleHandleW
GetProcAddress
GetStringTypeW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
HeapFree
GetCommandLineA
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCPInfo
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
ReadConsoleW
FormatMessageW
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualFree
VirtualAlloc
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ResetEvent
CreateThread
ExitThread
ResumeThread

user32

LoadStringW

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sfx/HaoZip7zSetup.sfx
.exe windows:5 windows x86 arch:x86

b2293534a79ff9857a217a7bedd5f50e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\rczip\bin\Win32\release\pdb\HaoZip7zSetup.pdb

Imports

comctl32

InitCommonControlsEx

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteExW
SHGetMalloc
ShellExecuteW
CommandLineToArgvW

kernel32

FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryW
GetLastError
GetProcAddress
GetFileAttributesW
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetVersionExW
CreateProcessW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
GetModuleFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
SetFileApisToOEM
GetEnvironmentVariableW
SetPriorityClass
GetCurrentThread
SetThreadPriority
GetCommandLineW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindFirstFileW
FindClose
FindNextFileW
CreateFileW
GetLongPathNameW
GetCurrentThreadId
FindResourceW
LoadLibraryExW
SetEndOfFile
SetFileTime
WriteFile
VirtualAlloc
ResumeThread
WideCharToMultiByte
GetACP
MultiByteToWideChar
GetFileSize
SetFilePointer
ReadFile
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
lstrlenW
GetTempPathW
MoveFileW
RemoveDirectoryW
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
SetEvent
Sleep
ResetEvent
CreateEventW
FileTimeToSystemTime
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LCMapStringW
HeapReAlloc
GetStringTypeW
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetLastError
InterlockedExchangeAdd
VirtualFree
WaitForMultipleObjects
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetModuleHandleExW
ExitProcess
RtlUnwind
RaiseException
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
ExitThread

user32

KillTimer
TranslateMessage
IsDialogMessageW
LoadIconW
CreateDialogParamW
IsWindowVisible
EnableWindow
DispatchMessageW
DestroyIcon
IsWindow
ShowWindow
PostQuitMessage
GetWindowRect
PostMessageW
DialogBoxParamW
SetWindowPos
GetSystemMetrics
SetFocus
GetWindowTextW
GetDlgItem
EndDialog
SendMessageW
SetWindowTextW
GetMessageW
ScreenToClient
SetTimer
GetDesktopWindow
LoadStringW
MessageBoxW

gdi32

CreateSolidBrush
DeleteObject

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skins/HaoZip.dui
.zip
objects.xml
.xml
shareres.xml
.xml
skins/HaoZip.skn
.zip
2345_haoya_bg.png
.png
2345_haoya_compression.png
.png
2345_haoya_compression_shadow.png
.png
2345_haoya_decompression.png
.png
2345_haoya_immediately_compression.png
.png
2345_haoya_immediately_decompression.png
.png
2345_haoya_input_box.png
.png
2345_haoya_main_touying.png
.png
2345_haoya_replace_the_directory.png
.png
2345_haoya_setting_system_dot.png
.png
Button.png
.png
Choose2.png
.png
Download_Bg.png
.png
HaoZip.skn
HorzLine.png
.png
MsgBox_Background.png
.png
MsgBox_Information_Icon.png
.png
OkayIcon.png
.png
PageBtn.png
.png
ProgressBar.png
.png
RCHaoClients.png
.png
RCHaoClients2.png
.png
Repair_Btn.png
.png
SettingBG_Close.png
.png
SettingBG_Inside.png
.png
SettingBG_Projection.png
.png
Setting_Btn.png
.png
WarnIcon.png
.png
WrongIcon.png
.png
about_bg.png
.png
about_btn_close.png
.png
about_logo.png
.png
addressbar.png
.png
btn_qq.png
.png
checkBox1.png
.png
checkBox2.png
.png
checkBox3.png
.png
checkbox.png
.png
decimal_point.png
.png
decompressionPop_pulldown.png
.png
dotted_frame.png
.png
download_process_bg.png
.png
download_process_fore.png
.png
feedback_bubble.png
.png
file_tree_bubble.png
.png
footer_bg.png
.png
haozip_skin_config.txt
haozip_skin_description.txt
haozip_skin_preview_bg.png
.png
header_bg_footer.png
.png
header_bg_header.png
.png
help.png
.png
hide.png
.png
hide2.png
.png
info.png
.png
inputBox.png
.png
installed.png
.png
light_frame.png
.png
loading.gif
.gif
main_logo.png
.png
main_splitter.png
.png
malware_bg.png
.png
menu_arrow.png
.png
menu_background.png
.png
menu_btn_compress.png
.png
menu_btn_delete.png
.png
menu_btn_password.png
.png
menu_btn_selfExtracting.png
.png
menu_btn_toolbox.png
.png
menu_btn_uncompress.png
.png
msgIcon.png
.png
msgbox_logo.png
.png
objects.xml
.xml
popupBox_body.png
.png
popupBox_btn.png
.png
popupBox_footer.png
.png
popupBox_header.png
.png
popup_Box_btn_confirm.png
.png
progressBar_Movebar_light.png
.png
progressBar_Movebar_transparentlayer.png
.png
progressBar_button_continue.png
.png
progressBar_button_stop.png
.png
progressBar_digital_0.png
.png
progressBar_digital_1.png
.png
progressBar_digital_2.png
.png
progressBar_digital_3.png
.png
progressBar_digital_4.png
.png
progressBar_digital_5.png
.png
progressBar_digital_6.png
.png
progressBar_digital_7.png
.png
progressBar_digital_8.png
.png
progressBar_digital_9.png
.png
progressBar_digital_symbol.png
.png
progressBar_logo.png
.png
progressBar_systemBtn_close.png
.png
progressBar_systemBtn_min.png
.png
prop.xml
.xml
public_btn_close.png
.png
public_btn_min.png
.png
pwd_lock.png
.png
pwd_unlock.png
.png
repair_icon.png
.png
safe_bg.png
.png
shareres.xml
.xml
show.png
.png
show2.png
.png
size-contrl.png
.png
splitter1.png
.png
splitter2.png
.png
systemBtn.png
.png
system_tool_close.png
.png
system_tool_feedback.png
.png
system_tool_max-10.png
.png
system_tool_max.png
.png
system_tool_menu.png
.png
system_tool_min.png
.png
toolbox_2345haozip.png
.png
toolbox_anquan.png
.png
toolbox_batch_rename.png
.png
toolbox_bg.png
.png
toolbox_calcMD5.png
.png
toolbox_cd.png
.png
toolbox_convert_archive.png
.png
toolbox_divide_line.png
.png
toolbox_feedback.png
.png
toolbox_help.png
.png
toolbox_kanshipin.png
.png
toolbox_kanxiaoshuo.png
.png
toolbox_pic.png
.png
toolbox_qutuangou.png
.png
toolbox_red_dot.png
.png
toolbox_repair_archive.png
.png
toolbox_setting.png
.png
toolbox_sfx.png
.png
toolbox_text_replace.png
.png
toolbox_view_log.png
.png
toolbox_wangpai.png
.png
toolbox_web.png
.png
toolsBar_address.png
.png
toolsBar_bg.png
.png
toolsBar_close.png
.png
toolsBar_forward.png
.png
toolsBar_pulldown.png
.png
toolsBar_pullup.png
.png
toolsBar_return.png
.png
toolsBar_search.png
.png
toolsBar_search_senior.png
.png
toolsBar_up.png
.png
toolsBar_view.png
.png
trojan_check.png
.png
trojan_checking.png
.png
trojan_gif.png
.png
trojan_info_logo.png
.png
trojan_malware.png
.png
trojan_safe.png
.png
trojan_scanwarningdlg_bg.png
.png
trojan_scanwarningdlg_btn_cancel.png
.png
trojan_scanwarningdlg_btn_open.png
.png
trojan_scanwarningdlg_close.png
.png
trojan_unknown.png
.png
unknown_bg.png
.png
upgrade_bg.png
.png
upgrade_btn_ installnow.png
.png
upgrade_btn_installnext.png
.png
upgrade_btn_ok.png
.png
upgrade_btn_upgradenow.png
.png
widget_progressBar_bg.png
.png
windowTitle_bg.png
.png
skins/HaoZip.xml
.xml
tool/2345DLAgent.dll
.dll windows:5 windows x86 arch:x86

14933133c7afe8cc859a7dba194d46b7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:90:f6:2c:0c:99:f7:d3:d4:e6:68:fe:51:92:46:ab:41:69:2d:f9:8f:26:8b:13:d9:ba:ee:a0:ba:01:f0:4d
Signer

Actual PE Digest

e4:90:f6:2c:0c:99:f7:d3:d4:e6:68:fe:51:92:46:ab:41:69:2d:f9:8f:26:8b:13:d9:ba:ee:a0:ba:01:f0:4d

Digest Algorithm

sha256

PE Digest Matches

true

4b:28:4a:db:c2:12:94:77:53:eb:56:a7:47:c2:eb:18:45:1e:a9:eb
Signer

Actual PE Digest

4b:28:4a:db:c2:12:94:77:53:eb:56:a7:47:c2:eb:18:45:1e:a9:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\dev\CommonPlatform\2345DLAgent\bin\release_static\pdb\2345DLAgent.pdb

Imports

kernel32

WriteFile
GetStdHandle
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsGetValue
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
GetFileSizeEx
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
CloseHandle
GetOverlappedResult
DeviceIoControl
WaitForSingleObject
CreateEventW
GetCurrentProcess
GetProcAddress
WaitForMultipleObjects
LoadLibraryA
CopyFileW
CreateHardLinkW
VerSetConditionMask
TlsFree
CreateIoCompletionPort
GetQueuedCompletionStatus
SetEvent
SleepEx
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsSetValue
VerifyVersionInfoW
GetDriveTypeW
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreW
CreateWaitableTimerW
CancelIo
ReleaseMutex
CreateMutexW
GetCurrentProcessId
GetModuleHandleA
GetSystemTimeAsFileTime
FreeLibrary
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTime
SystemTimeToFileTime
GetFileType
QueryPerformanceCounter
GetTickCount
GlobalMemoryStatus
FlushConsoleInputBuffer
OpenEventA
CreateEventA
PeekNamedPipe
WriteConsoleW
SetEnvironmentVariableA
TlsAlloc
InterlockedExchangeAdd
GetLastError
InterlockedExchange
Sleep
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
SetLastError
InterlockedIncrement
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetStdHandle
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
ReadConsoleW
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
EncodePointer
DecodePointer
GetStringTypeW
LocalFree
FormatMessageA
ResumeThread
InitializeCriticalSection
GetModuleHandleW
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetLongPathNameW
GetFileAttributesExW
ResetEvent
GetFileSize
SetFilePointer
LoadLibraryW
GetVersionExW
lstrlenW
lstrcmpiW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindResourceW
LoadResource
LockResource
OpenProcess
GetFullPathNameW
MoveFileExW
SetFileTime
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
GetFileTime
HeapAlloc
HeapFree
GetProcessHeap
GetACP
GetEnvironmentVariableW
LoadLibraryExW
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
HeapReAlloc
ExitProcess
GetModuleHandleExW
AreFileApisANSI

user32

GetUserObjectInformationW
MessageBoxA
GetProcessWindowStation

advapi32

RegisterEventSourceA
DeregisterEventSource
ReportEventA

ws2_32

WSARecvFrom
WSAIoctl
select
connect
accept
__WSAFDIsSet
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
setsockopt
getpeername
getsockopt
getsockname
ioctlsocket
closesocket
bind
htons
ntohs
WSAAddressToStringW
WSAStartup
ntohl
htonl
WSAGetLastError
WSACleanup
WSASetLastError
WSAStringToAddressW
socket
recv
send
shutdown
listen
WSASendTo

mswsock

GetAcceptExSockaddrs
AcceptEx

Exports

Exports

PerformDownload

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tool/2345InstDLL.dll
.dll windows:5 windows x86 arch:x86

6fff1f67d6e5b212d2286b14de104d86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9e:b9:45:9e:db:65:9c:8c:e6:ea:ff:a3:f9:2e:6d:00:73:f9:53:12:d0:93:bb:ae:5a:ce:62:61:50:89:68:65
Signer

Actual PE Digest

9e:b9:45:9e:db:65:9c:8c:e6:ea:ff:a3:f9:2e:6d:00:73:f9:53:12:d0:93:bb:ae:5a:ce:62:61:50:89:68:65

Digest Algorithm

sha256

PE Digest Matches

true

6a:3f:27:41:da:4d:9b:16:7d:2e:85:c9:5c:7d:83:52:e4:41:74:19
Signer

Actual PE Digest

6a:3f:27:41:da:4d:9b:16:7d:2e:85:c9:5c:7d:83:52:e4:41:74:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

FreeLibrary
LoadLibraryW
GetProcAddress
LocalAlloc
GetCurrentProcessId
LocalFree
GetTickCount
lstrcpynW
WaitForSingleObject
GetExitCodeProcess
GetLastError
CloseHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FlushInstructionCache
RaiseException
SetLastError
EnterCriticalSection
DecodePointer
DeleteCriticalSection
GetCurrentThreadId
VirtualFree
VirtualAlloc
LoadLibraryA
GetModuleHandleA
Sleep
GetModuleHandleW
GetFileAttributesW
ExpandEnvironmentStringsW
CreateProcessW
WaitForMultipleObjects
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetVersionExW
QueryDosDeviceW
FindResourceW
LoadResource
LockResource
GetSystemInfo
lstrcmpiW
InitializeCriticalSection
SetEvent
ResetEvent
CreateEventW
FindFirstFileW
CreateFileW
GetLongPathNameW
GetFileAttributesExW
ResumeThread
GetEnvironmentVariableW
LoadLibraryExW
GetFileSize
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
ReadFile
GetFileTime
WideCharToMultiByte
GetACP
MultiByteToWideChar
lstrlenW
GetFileSizeEx
GetModuleFileNameW
FindClose
FindNextFileW
GetLogicalDriveStringsW
FileTimeToSystemTime
GetFullPathNameW
MoveFileExW
CreateDirectoryW
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
InterlockedExchangeAdd
FormatMessageW
InterlockedExchange
CreateMutexW
ReleaseMutex
InterlockedPushEntrySList
GlobalMemoryStatusEx
ReadConsoleW
WriteConsoleW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
HeapReAlloc
GetOEMCP
IsValidCodePage
GetStdHandle
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
TerminateProcess
GetCurrentProcess
SetEnvironmentVariableA
InitializeSListHead
InterlockedPopEntrySList
DeleteFileW
DeviceIoControl
ExitThread
CreateThread
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleExW
ExitProcess
EncodePointer
GetStringTypeW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfW
DestroyIcon
CallWindowProcW
DefWindowProcW
IsMenu
TrackPopupMenu
RegisterWindowMessageW
KillTimer
GetSubMenu
SetForegroundWindow
GetMenuDefaultItem
LoadMenuW
GetCursorPos
SetMenuDefaultItem
CreateWindowExW
SendMessageW
DestroyMenu
DestroyWindow
GetMessageW
PostQuitMessage
LoadImageW
UnregisterClassW
PostMessageW
LoadCursorW
GetClassInfoExW
TranslateMessage
RegisterClassExW
GetWindowLongW
EnableMenuItem
SetWindowLongW
IsWindow
DispatchMessageW
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

shell32

Shell_NotifyIconW

wtsapi32

WTSSendMessageW

Exports

Exports

CanInstallBrowser
CanInstallCustomProduct
CanInstallHaoZip
CanInstallIME
CanInstallPic
CanInstallSafe
FixSoftware
GetActionType
Initialize
InstallBrowser
InstallCustomProduct
InstallHaoZip
InstallIme
InstallPic
InstallSafe
ProtectInstallBrowser
ProtectInstallCustomProduct
ProtectInstallHaoZip
ProtectInstallIME
ProtectInstallPic
ProtectInstallSafe
SetDllInternalData
SetProductVersion
UnInitialize
��A�Z�f�[�z�<��J�&��EpK��j��}ѵ��V/q�\kb�+L8P�}�U��5��G��,Z͏��Tbޟ�b!��,��K�n<��I<�;oex�ƕ@��L�i�wj�M5N+��R��묿��zi^�`��p��<g�8ț��1$�`��ܧ��!��l\Ƌh��a�5��?wqG:�b��k�\��6;&�UP��B=��]��`��A��͜�м5�k��%>�}&JZ��Qd!r�O��a�1��K�� 8_]�X��_n�O�f1��%S�sw��A�gP��N&k��ʿ}�1�i�oIş��^ �r�zt��B��R�拾o�L�*ו�=t�͇S��]:3��V팠�Y�-YĜS��fi��O�!s1��C`$��ܐN��qՕ�Vȱh��և<kC��R��ͮ��?>Z�Ƞ��e&�b�,�y�+�v940 D<y'!S�4�6@��v�#]*�g�ع��& ��bw1��$�'�>��z� 1��nU��"��i"��to�U) �P� +C��,� ��Oi�K9�Z��|6?��Z�;Ug�V�EF?RSsi�׾� oHb!��V��'.��60��<�xܧҎU�2� D��T�K�{��_�Ibl�87�ŧn�x'��L�:�j8*��I �l B��U��WW�Q�y@�W*��!��{6��P��.Ԅ�a��a��H��8l��~ׅL�D*�@��oen��_��{��|u �iy\ � p'h 3�qM5�a�Z�^��b�BNb�C�/��OiW�N��I�� i�*>p�g�H;E�c3lΫ:��pym&-36|ʔ�-,�E�6R��'�g�Y�K�x�g(_헃��~~m��X^��d:t:� ��6I�`��D��U <��_��E(�pl�xXJ.�m��`)F�|�lR��M^X��я��n?��)0 �qv��o{}�z��;k/�d>��c��0�1Ou��΂��N�F�]M/�T��c/}V��J�%��:�\V��*��Y��F�bU�Ub@.Ų��^^+\��J�DX�qGMI�"/�L*{�cڠ��e�k�6�:��'��/��Y��ϼ��בH�厹�gCya1xK1�0-��熥|�&��3�Ә,�7�%��:O�[�j��H�z\��EPͰ2�մ�eeW�:N��7�wP0�R}�� ;�-]�H��Z��t��k-j��.�f��d��p�#'p@��m�hU��u�8,Y��8y��^�\��I��g��8y$�&*��S�u� ��!9©L��&Ѻ:��+�T�H��x~^V&R��#F}G��:ң��/�7��%�E��1�Y��űϚ��48�T��'��g8�É��M�)�=�� EMKh��?��ߧBq�T�*��a�J��=(P��3p��ĩeǗ��M��h|S��h!s~��X][ޫ�=k2��%�Z�+�`��#��:ߏ�8�U�o�^AS� Iш��چ�&��~��M�l_�Z2�ki�Y�a�%��2�Wd�Q��3�^I��JW�5�!�o��#>�5K��,��L��fں"��,��k;G�;?��/-m��k��}�_LX��l��o�ԝ�kų��y��zz�R԰}��kl�d7�]�~C��xv2��#� ŐB .`w�l��Nc"��MF-i�Md=kE �y��)S��7)kX>�0��ߡcQ_�D�r��0דuLU��e�aN�� #��\.ޔ��0|(��TlW��؛�Y4A~&��H@��Z#�gWp��xZze6�^}`z�-Qv��!��fίt��γYW��ƴ7�֕C�+�a0g7oq�Pz0�*Ki��u�\�&��F�[��;�2ο��Fy��L#��* d�f��Z!ڪ�eɆ��T_J�3�xZ�� R~��ľ��Y��ÉT�-�+DMU�u��>�DW-i,�s~}K�'r�*��b3��స4Kg1��@y��8��fY��v@�k�h�t��C�<�Nksl>��X�bN#�5�~�0;}��+.'�N!��]�.��\pRA��O��L�0�8d��x��QQ��w u��Kgw��(�� qc��,!��6:��+�� a�ș��S]��u��8w kHe<�{n m��.��]�Wk�(�tL��ؙ��+"�@�;Y��Pt�܏19"�Q��&��r6�4�c�ݥs��\��8��Q�}2|�l�� =3#z�Z)��#�܂u��9��zA��s�`��4a��-A(��%��+%˛��oퟦ�o��$��R��G�I��E��a.��'�ѯ�_��'K*6��{/��袀�T\��n�f߶�qva]��)KȞ�\��>��X2N��19�3�9˾:�1�|�i(��瓭\"6�u!uc�I/�p��a�LmFq��'��^��F�c&�_|4Co'�]�zȪ�P��9��*4!��$��\@m��RӯVcb@��\#> ƌBj��MEJ��[׶�~�YG�� c*�]��Z�Y'�X��"��:�P��6�"��G]-�(� ��,��@�1� f�1b�w��|;o�t�'A>v"��YH�?:U��f�B|�3Ҿ$��Bn��픁%��H�:&�� 'ٛn�$�QwL�1�<q)<�@Uݼ��c��.��2�#r�p"W�<��f��ZSsz�>BF��,n{��[ ��!��kg䯏��i�Z��5r-q�d��E7 �75��C�,�JS:�>~;��}X�-��'m��0>�ei]��6�p��f��PVטE��kz�O%�

Sections

.text
Size: 941KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bin0
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bin1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tool/2345InstUI.dll
.dll windows:5 windows x86 arch:x86

115def9016b7af6cd91a2b8196095042

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a9:a6:27:ab:87:3b:8f:d2:d4:f6:a5:6e:e0:95:f1:65:17:d2:3c:8e:25:e9:ca:e9:1d:43:0d:a9:cd:c7:d0:2d
Signer

Actual PE Digest

a9:a6:27:ab:87:3b:8f:d2:d4:f6:a5:6e:e0:95:f1:65:17:d2:3c:8e:25:e9:ca:e9:1d:43:0d:a9:cd:c7:d0:2d

Digest Algorithm

sha256

PE Digest Matches

true

18:19:a2:68:e5:07:aa:ea:90:78:ce:91:0a:ab:1e:02:eb:c3:2d:ce
Signer

Actual PE Digest

18:19:a2:68:e5:07:aa:ea:90:78:ce:91:0a:ab:1e:02:eb:c3:2d:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\trunk\CommonPlatform\2345InstAgent\bin\Release\2345InstUI.pdb

Imports

sensapi

IsNetworkAlive

kernel32

ReleaseMutex
FindResourceW
LoadResource
GetVersionExW
LockResource
GetSystemInfo
lstrlenW
lstrcatW
lstrcpyW
OpenProcess
QueryDosDeviceW
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
FindClose
FindNextFileW
SetEvent
ResetEvent
CreateEventW
InterlockedExchangeAdd
GetFileSizeEx
DeleteFileW
HeapAlloc
HeapFree
GetProcessHeap
GlobalFree
LocalFree
GetLogicalDriveStringsW
GetFullPathNameW
CreateDirectoryW
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
GetTickCount
WaitForMultipleObjects
FormatMessageW
InterlockedExchange
GlobalMemoryStatusEx
GetEnvironmentVariableW
GetCurrentProcessId
LoadLibraryExW
FileTimeToSystemTime
DeviceIoControl
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
DuplicateHandle
CreateMutexW
ExpandEnvironmentStringsW
GetFileAttributesW
GetModuleHandleW
ResumeThread
WaitForSingleObject
CloseHandle
GetFileTime
CreateFileW
ReadFile
WriteFile
SetFileTime
SetEndOfFile
SetFilePointer
GetFileSize
InitializeCriticalSection
MultiByteToWideChar
GetACP
WideCharToMultiByte
GetCurrentThreadId
EnterCriticalSection
SetLastError
FlushInstructionCache
GlobalUnlock
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
MapViewOfFileEx
GetModuleFileNameW
MulDiv
LeaveCriticalSection
Sleep
GlobalAlloc
GlobalLock
GetCurrentProcess
SetErrorMode
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryW
FreeLibrary
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
lstrcmpW
EncodePointer
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
CreateFileMappingW
UnmapViewOfFile
QueryPerformanceFrequency
FreeResource
SetWaitableTimer
CreateWaitableTimerW
SizeofResource
SetEnvironmentVariableA
ReadConsoleW
WriteConsoleW
SetStdHandle
FlushFileBuffers
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
ExitThread
RtlUnwind
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
HeapReAlloc
GetCurrentThread
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
lstrcpynW
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
SetUnhandledExceptionFilter
TerminateProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeZoneInformation
GetStringTypeW
GetCPInfo
GetOEMCP
IsValidCodePage
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc

user32

GetKeyState
CreateWindowExW
IsWindow
EnumChildWindows
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
GetDlgItem
MonitorFromWindow
ReleaseDC
GetSystemMetrics
GetClassNameW
GetWindowTextW
GetAncestor
GetWindowLongW
InvalidateRect
RegisterClassExW
GetForegroundWindow
GetDC
SetPropW
GetClassInfoExW
PtInRect
BeginPaint
SetFocus
CreateAcceleratorTableW
GetClientRect
LoadCursorW
InvalidateRgn
GetParent
GetFocus
IsZoomed
PostMessageW
SetCapture
IsChild
FillRect
RegisterWindowMessageW
CharNextW
GetWindowRect
ScreenToClient
RemovePropW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
GetIconInfo
DrawIconEx
SetForegroundWindow
GetCaretBlinkTime
ToAscii
GetKeyboardState
LoadImageW
LoadBitmapW
MsgWaitForMultipleObjects
SetCaretPos
SetRect
UpdateLayeredWindow
SetRectEmpty
UnionRect
IntersectRect
SystemParametersInfoW
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MapWindowPoints
ValidateRect
SetWindowRgn
EnableWindow
OpenClipboard
MessageBoxW
UnregisterClassW
GetActiveWindow
EndDialog
SetWindowLongW
LoadIconW
MoveWindow
GetShellWindow
GetWindow
GetWindowThreadProcessId
DefWindowProcW
CallWindowProcW
GetMonitorInfoW
GetPropW
SetWindowTextW
SendMessageW
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
GetWindowDC
SetCursor
GetCursorPos
CopyRect
OffsetRect
IsRectEmpty
EqualRect
SetTimer
KillTimer
GetClassLongW
DialogBoxParamW
TrackMouseEvent
ShowWindow
ShowWindowAsync
IsWindowVisible
IsIconic
ReleaseCapture

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
DeleteDC
CreateRectRgn
SelectObject
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
CreatePolygonRgn
CreateFontIndirectW
SetBkColor
SetTextColor
EnumFontsW
GetClipBox
CreateDIBSection
CreateRoundRectRgn
PtInRegion
CreateDCW
GetDIBits
ExtTextOutW
DeleteObject
GetDeviceCaps
BitBlt
SelectClipRgn

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey

shell32

DragQueryFileW
SHGetSpecialFolderPathW
DragFinish
ord680

ole32

CoCreateInstance
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
DispCallFunc
SysStringLen
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear

shlwapi

ord12
StrToIntA

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipFree
GdipAddPathString
GdipGetPathWorldBounds
GdipCreateMatrix
GdipCreateMatrix2
GdipDeleteMatrix
GdipGetMatrixElements
GdipCloneRegion
GdipDeleteRegion
GdipTransformRegion
GdipCloneBrush
GdipDeleteBrush
GdipCreateTexture
GdipGetTextureTransform
GdipCreateSolidFill
GdipCreateLineBrushI
GdipCloneBitmapAreaI
GdipCloneImage
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipGetLineTransform
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipGetImageGraphicsContext
GdipAlloc
GdiplusStartup
GdiplusShutdown
ord1
GdipSetLineTransform
GdipSetTextureTransform
GdipGetBrushType
GdipCombineRegionRegion
GdipCombineRegionPath
GdipCreateRegionPath
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathBezierI
GdipAddPathArcI
GdipAddPathLineI
GdipSetStringFormatTrimming
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipGetEmHeight
GdipGetFamilyName
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipEndContainer
GdipBeginContainer2
GdipRestoreGraphics
GdipSaveGraphics
GdipGetClipBoundsI
GdipSetClipRegion
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipFillPath
GdipFillEllipse
GdipFillRectangleI
GdipGraphicsClear
GdipDrawPath
GdipDrawRectangle
GdipDrawArcI
GdipDrawLine
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipCloneBitmapArea
GdipMultiplyWorldTransform
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipSetCompositingMode
GdipCreateHBITMAPFromBitmap
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipTranslateWorldTransform

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContextEx
ImmGetContext

winmm

timeGetTime

Exports

Exports

CanInstall
FixSoftware
GetHistoryData
GetUserOperation
Initialize
InstallProduct
InstallSoftware
ProtectInstall
Uninitialize

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tool/HaoZipMgr.dll
.dll windows:5 windows x86 arch:x86

6922d1b00a7d7f9ce41eea5b28d97911

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

43:07:f7:f0:50:c3:0e:7b:58:3f:c9:b6:3b:51:c2:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/05/2017, 00:00

Not After

23/07/2018, 23:59

Subject

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/05/2016, 00:00

Not After

06/05/2019, 23:59

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:a4:39:51:3e:5f:d1:11:0f:26:4c:83:90:03:fc:0d:f3:52:30:d6:c2:f5:f5:15:3a:26:c2:3d:46:c8:10:1f
Signer

Actual PE Digest

f4:a4:39:51:3e:5f:d1:11:0f:26:4c:83:90:03:fc:0d:f3:52:30:d6:c2:f5:f5:15:3a:26:c2:3d:46:c8:10:1f

Digest Algorithm

sha256

PE Digest Matches

true

cc:d2:8e:cc:2f:59:a4:c9:76:7b:0a:72:cf:95:c2:48:bb:fc:3a:b2
Signer

Actual PE Digest

cc:d2:8e:cc:2f:59:a4:c9:76:7b:0a:72:cf:95:c2:48:bb:fc:3a:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\SafeSupport4\SafeMonitor\bin\Win32\release_static\pdb\RCMangeMonitor.pdb

Imports

shlwapi

StrStrIW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathFindFileNameW
PathIsNetworkPathW

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptDecodeObject
CryptMsgGetParam

kernel32

GetTickCount
TerminateThread
Sleep
CopyFileW
GetTempPathW
MoveFileW
DeleteFileW
GetCurrentProcessId
CreateThread
GetFileSize
lstrlenA
WaitForSingleObject
ReadFile
CreateFileW
CloseHandle
MoveFileExW
FreeLibrary
WriteFile
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
SetFilePointer
GetLocalTime
GetCurrentThreadId
GetUserDefaultLangID
GetEnvironmentVariableW
GetLogicalDriveStringsW
lstrlenW
QueryDosDeviceW
DeviceIoControl
LocalAlloc
QueryPerformanceFrequency
GetTempFileNameW
GetLastError
CreateDirectoryW
DisableThreadLibraryCalls
GetModuleFileNameW
IsBadReadPtr
FileTimeToLocalFileTime
CreateProcessW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FileTimeToSystemTime
lstrcmpiW
InterlockedIncrement
GetExitCodeProcess
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadConsoleW
OutputDebugStringW
SearchPathW
WideCharToMultiByte
GetACP
MultiByteToWideChar
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GlobalAlloc
GetVersionExW
GlobalFree
LocalFree
CreateMutexW
OpenMutexW
ReleaseMutex
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
GetShortPathNameW
FindResourceW
LoadResource
GetModuleHandleW
LockResource
GetSystemInfo
OpenFileMappingW
ExpandEnvironmentStringsW
FindClose
FindNextFileW
GetDriveTypeW
LoadLibraryExW
GetCurrentProcess
InterlockedExchangeAdd
FormatMessageW
SetEndOfFile
SetFileTime
GetFileTime
GetFullPathNameW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
GetDiskFreeSpaceW
GetVolumeInformationW
ResumeThread
SetEvent
ResetEvent
CreateEventW
OpenEventW
GlobalMemoryStatusEx
InterlockedExchange
WaitForMultipleObjects
SetLastError
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
GetStringTypeW
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetSystemTimeAsFileTime
ExitThread
RaiseException
RtlUnwind
FatalAppExitA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCurrentThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler

user32

wsprintfW

advapi32

ControlService
RegOpenKeyExW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegCloseKey
RegOpenCurrentUser
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ole32

CoCreateInstance

Exports

Exports

ExportFunc1
ExportFunc10
ExportFunc2
ExportFunc3
ExportFunc4
ExportFunc5
ExportFunc6
ExportFunc7
ExportFunc8
ExportFunc9

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tool/Haozip_2345DLAgent.exe
.exe windows:5 windows x86 arch:x86

930e6069de43fcdb02dd34bc0bf525d6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

31:8a:f2:6b:62:3c:ae:54:60:9a:4a:cd:98:c6:b8:8b:81:b0:ef:40:b4:27:61:2f:5d:40:7a:4e:cf:61:30:3e
Signer

Actual PE Digest

31:8a:f2:6b:62:3c:ae:54:60:9a:4a:cd:98:c6:b8:8b:81:b0:ef:40:b4:27:61:2f:5d:40:7a:4e:cf:61:30:3e

Digest Algorithm

sha256

PE Digest Matches

true

cd:d4:d7:95:75:56:fa:5e:c5:7e:bc:9c:9e:0c:cb:a7:0d:de:9e:22
Signer

Actual PE Digest

cd:d4:d7:95:75:56:fa:5e:c5:7e:bc:9c:9e:0c:cb:a7:0d:de:9e:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\dev\CommonPlatform\2345DLAgent\bin\release_static\pdb\2345DLAgentEntry.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetCommandLineA
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetLastError
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
CloseHandle

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tool/Update_Haozip.exe
.exe windows:5 windows x86 arch:x86

0f167ff18ef7b5a218914fc1355a93b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b0:af:fa:d1:80:ac:76:e9:f6:b0:01:8f:44:de:ad:ed:a3:54:e6:3d:0e:12:54:0b:7d:f5:14:04:a8:4e:85:66
Signer

Actual PE Digest

b0:af:fa:d1:80:ac:76:e9:f6:b0:01:8f:44:de:ad:ed:a3:54:e6:3d:0e:12:54:0b:7d:f5:14:04:a8:4e:85:66

Digest Algorithm

sha256

PE Digest Matches

true

9b:20:47:64:19:0f:bf:46:3a:72:d9:0e:4e:f1:41:3c:33:ef:c5:52
Signer

Actual PE Digest

9b:20:47:64:19:0f:bf:46:3a:72:d9:0e:4e:f1:41:3c:33:ef:c5:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\trunk\dllplugin\UpdateProgram\bin\Win32\Release\pdb\Update_Haozip.pdb

Imports

kernel32

WritePrivateProfileStringA
DecodePointer
DeleteCriticalSection
EndUpdateResourceW
CreateFileW
GetTempPathW
BeginUpdateResourceW
UpdateResourceW
GetProcAddress
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
GetCurrentProcessId
LocalFree
ResumeThread
GetCurrentProcess
GetModuleHandleW
TerminateThread
Sleep
OpenThread
GetExitCodeThread
GetCurrentThreadId
SuspendThread
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
OpenProcess
QueryDosDeviceW
WideCharToMultiByte
GetACP
MultiByteToWideChar
GetFileSize
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
ReadFile
GetFileTime
CreateMutexW
ReleaseMutex
FindResourceW
LoadResource
GetVersionExW
LockResource
GetSystemInfo
lstrcmpiW
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
GetPrivateProfileStringA
LoadLibraryW
HeapAlloc
HeapFree
GetProcessHeap
ResetEvent
InterlockedExchangeAdd
lstrlenW
GetFileSizeEx
DeleteFileW
FindClose
FindNextFileW
GetLogicalDriveStringsW
GetTickCount
InterlockedExchange
SetLastError
FileTimeToSystemTime
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetSystemDirectoryW
CopyFileW
GetCurrentDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
FormatMessageW
GlobalMemoryStatusEx
GetEnvironmentVariableW
LoadLibraryExW
DeviceIoControl
SystemTimeToTzSpecificLocalTime
LocalAlloc
ReadConsoleW
WriteConsoleW
SetStdHandle
FlushFileBuffers
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
GetCommandLineW
DeleteTimerQueueTimer
CloseHandle
OpenEventW
CreateEventW
CreateTimerQueueTimer
GetPrivateProfileStringW
SetEvent
WaitForSingleObject
FreeLibrary
MoveFileExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStdHandle
GetOEMCP
IsValidCodePage
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
EncodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
SetEnvironmentVariableA

user32

DefWindowProcW
CreateWindowExW
LoadIconW
RegisterClassW
LoadCursorW
DispatchMessageW
PostQuitMessage
TranslateMessage
GetMessageW

gdi32

GetStockObject

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetUserNameW
AdjustTokenPrivileges
DuplicateTokenEx
SystemFunction036
QueryServiceConfigW

shell32

SHGetSpecialFolderPathW
ord680

imagehlp

ImageEnumerateCertificates
ImageRemoveCertificate

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetLocalGroupGetMembers

Sections

.text
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9679f250d91a527cbbb99da9f96997e8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:dfCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

04:f9:59:fa:77:63:25:4a:d7:f9:d9:f6:5c:5b:29:d1:e5:4c:69:7d:73:aa:26:7a:2c:f0:08:24:1e:b0:94:a1Signer

38:9f:75:8b:5b:a5:35:55:1a:2f:98:08:32:75:85:2a:10:be:7f:e3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 173KB

.CRT Size: 512B - Virtual size: 4B

.ndata Size: - Virtual size: 296KB

.rsrc Size: 17KB - Virtual size: 17KB

4524a6d7d0c33c1a41cabdb7a47456e9

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

43:07:f7:f0:50:c3:0e:7b:58:3f:c9:b6:3b:51:c2:34Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40Certificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

04:f9:59:fa:77:63:25:4a:d7:f9:d9:f6:5c:5b:29:d1:e5:4c:69:7d:73:aa:26:7a:2c:f0:08:24:1e:b0:94:a1
Signer

38:9f:75:8b:5b:a5:35:55:1a:2f:98:08:32:75:85:2a:10:be:7f:e3
Signer

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 173KB

.CRT
Size: 512B - Virtual size: 4B

.ndata
Size: - Virtual size: 296KB

.rsrc
Size: 17KB - Virtual size: 17KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

43:07:f7:f0:50:c3:0e:7b:58:3f:c9:b6:3b:51:c2:34
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

ea:b0:ed:b0:49:78:5d:98:ad:c0:3f:8d:4a:38:52:7b:bd:57:ea:c9:68:10:70:97:d8:fa:37:6d:25:d6:bf:e1
Signer

57:11:5c:e2:5d:93:f9:b0:61:6b:65:3e:02:4d:bd:fc:be:ee:23:8c
Signer

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

c1:6e:06:6d:ab:0e:ed:c1:ce:d1:3d:5e:4c:ce:61:e6:ef:c8:12:27:9a:56:14:80:33:3b:10:7f:c8:23:63:98
Signer

91:e9:3e:ff:85:88:73:dd:02:b7:23:76:e0:ca:04:be:40:22:85:1a
Signer