07a1b57ffb93647a92f680c996b8ce74_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07a1b57ffb93647a92f680c996b8ce74_JaffaCakes118
Size

5.9MB
MD5

07a1b57ffb93647a92f680c996b8ce74
SHA1

53c976bb0157b24048a0824cc05c050a65a5834c
SHA256

ef0e224111894deebeaa8297962225da9193a189ce22fa7229c337bba2076664
SHA512

d968c909e5553bdab11202e16c69c958534eaa409df2633f4ad57b71e31fd9a8a66ba1182d36746fc826f20eb182bb25dd6053feed2ea0f051d1316b8c91e000
SSDEEP

98304:i7SZq1gjwvVkRfys+0pwmZ3fDS6+9MOlkSBYuHc33M3LrKs4E53TVr8W7hay2iXT:frMeKgBZPO6+9M4bc3cSs4E531ha4XEy

Score

3^/10

Malware Config

Signatures

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ButtonEvent.dll
unpack001/$PLUGINSDIR/ExecCmd.dll
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/NSISArray.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/SelfDel.dll
unpack001/$PLUGINSDIR/ShellLink.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack001/$PLUGINSDIR/nsisXML.dll
unpack001/$PLUGINSDIR/time.dll
unpack001/$SYSDIR/$SYSDIR/Funshion.scr
unpack001/$TEMP/$SYSDIR/Funshion.scr
unpack001/CoreAAC.ax
unpack001/InnerWeb.exe
unpack001/atrc.dll
unpack001/cook.dll
unpack001/coreavc.ax
unpack001/drvc.dll
unpack001/pncrt.dll
unpack001/pndx5032.dll
unpack001/ttv.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

07a1b57ffb93647a92f680c996b8ce74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8b:05:b1:c2:02:13:57:83:86:b1:41:f8:be:52:ff:4b:a3:2b:73:8c
Signer

Actual PE Digest

8b:05:b1:c2:02:13:57:83:86:b1:41:f8:be:52:ff:4b:a3:2b:73:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecCmd.dll
.dll windows:4 windows x86 arch:x86

bf44c9fb48bb8c36b3e2527e7252350d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
OpenProcess
CloseHandle
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
Sleep
CreateProcessA
GlobalAlloc
GetExitCodeThread
lstrcpyA
lstrcpynA
CreateThread
lstrcatA
GetEnvironmentVariableA
lstrcmpiA

user32

SendMessageA
EnumWindows
WaitForInputIdle
wsprintfA
GetWindowThreadProcessId

Exports

Exports

exec
wait

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstPath.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISArray.dll
.dll windows:5 windows x86 arch:x86

812688d08c0d4a81ed86daeebcf15c55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GlobalFree
GlobalAlloc
lstrcmpW
lstrcatW
lstrcpyW
lstrcpynW

user32

wsprintfW
CharLowerW
MessageBoxW
SendMessageW
GetDlgItem
FindWindowExW
EnableWindow
SetWindowTextW
EndDialog
RedrawWindow
DialogBoxParamW

Exports

Exports

ArrayCount
ArrayExists
Clear
Concat
Copy
Cut
Debug
Delete
ErrorStyle
Exists
ExistsI
FreeUnusedMem
Join
New
Pop
Push
Put
ReDim
Read
ReadToStack
Reverse
Search
SearchI
SetAutoReDim
SetSize
Shift
SizeOf
Sort
Splice
Subtract
Swap
Unshift
Write
WriteList
WriteListC

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SelfDel.dll
.dll windows:4 windows x86 arch:x86

7b20d7ddf67d32ef46980776247198a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
SetThreadContext
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
GetThreadContext
GetModuleFileNameA
DuplicateHandle
GetCurrentProcess
GetLastError
RemoveDirectoryA
ExitProcess
Sleep
DeleteFileA
CloseHandle
WaitForSingleObject
CreateProcessA
GlobalFree
lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA

Exports

Exports

del

Sections

.text
Size: 1024B - Virtual size: 815B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellLink.dll
.dll windows:5 windows x86 arch:x86

50112fdd20200a51dbedeae8f1f33cdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
MultiByteToWideChar
LocalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

ole32

CoCreateInstance

Exports

Exports

GetShortCutArgs
GetShortCutDescription
GetShortCutHotkey
GetShortCutIconIndex
GetShortCutIconLocation
GetShortCutShowMode
GetShortCutTarget
GetShortCutWorkingDirectory
SetRunAsAdministrator
SetShortCutArgs
SetShortCutDescription
SetShortCutHotkey
SetShortCutIconIndex
SetShortCutIconLocation
SetShortCutShowMode
SetShortCutTarget
SetShortCutWorkingDirectory

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WelcomePage.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisXML.dll
.dll windows:4 windows x86 arch:x86

d9ee494a2a7b0d46616d9537ef3d8431

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
InterlockedIncrement
GlobalFree
WideCharToMultiByte
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetLastError
LocalFree

user32

wsprintfA

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantClear
GetErrorInfo
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

msvcrt

memcpy
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_CxxThrowException
__CxxFrameHandler
??2@YAPAXI@Z
atoi
??3@YAXPAX@Z
??1type_info@@UAE@XZ

Exports

Exports

appendChild
create
createElement
createProcessingInstruction
getAttribute
getText
insertBefore
load
loadAndValidate
parentNode
removeChild
save
select
setAttribute
setDocumentElement
setText

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/time.dll
.dll windows:4 windows x86 arch:x86

52d8e191fc300dee721dd8473cf053f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenW
lstrlenA
GetWindowsDirectoryW
GlobalAlloc
WideCharToMultiByte
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindClose
CloseHandle
SetFileTime

user32

SendMessageA
MessageBoxW

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROFILE/funshion.ini
$PROFILE/funshion/cache/Cacheflash/blankFs.swf
$PROFILE/funshion/cache/Cacheflash/donghuanew_18.swf
$SYSDIR/$SYSDIR/Funshion.scr
.exe windows:4 windows x86 arch:x86

6d45a1026db0fe837dfd3ed181e29c59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState
InternetOpenA
InternetOpenUrlW
InternetSetOptionA
InternetCloseHandle

kernel32

GlobalAlloc
DeleteFileW
GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
lstrcmpW
MulDiv
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
FreeResource
CloseHandle
WriteFile
CreateFileW
WaitForSingleObject
GetPrivateProfileStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcess
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetCPInfo
EnterCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
HeapCreate
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
FlushInstructionCache
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
LeaveCriticalSection
RaiseException
CreateFileA
FlushFileBuffers
InterlockedExchange
GetACP
GetLocaleInfoA
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetSystemTimeAsFileTime

user32

DefWindowProcW
UnregisterClassA
SetWindowTextW
GetWindowTextW
CharNextW
DestroyWindow
RegisterClassExW
SetWindowLongW
GetWindowLongW
ShowWindow
DispatchMessageW
TranslateMessage
PeekMessageW
GetWindowTextLengthW
ReleaseCapture
GetSystemMetrics
LoadImageW
GetCursorPos
CreateAcceleratorTableW
PostQuitMessage
GetWindowRect
SystemParametersInfoW
MapWindowPoints
IsDialogMessageW
SetWindowContextHelpId
PostMessageW
CreateWindowExW
MapDialogRect
IsWindow
SendMessageW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
LoadCursorW
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
CreateDialogIndirectParamW
RegisterWindowMessageW
GetClassInfoExW
GetMessageW

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetStockObject

advapi32

RegOpenKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize

oleaut32

GetErrorInfo
DispCallFunc
LoadTypeLi
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi

comctl32

InitCommonControlsEx

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/funshion.ini
$TEMP/$SYSDIR/Funshion.scr
.exe windows:4 windows x86 arch:x86

6d45a1026db0fe837dfd3ed181e29c59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState
InternetOpenA
InternetOpenUrlW
InternetSetOptionA
InternetCloseHandle

kernel32

GlobalAlloc
DeleteFileW
GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
lstrcmpW
MulDiv
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
FreeResource
CloseHandle
WriteFile
CreateFileW
WaitForSingleObject
GetPrivateProfileStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcess
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetCPInfo
EnterCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
HeapCreate
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
FlushInstructionCache
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
LeaveCriticalSection
RaiseException
CreateFileA
FlushFileBuffers
InterlockedExchange
GetACP
GetLocaleInfoA
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetSystemTimeAsFileTime

user32

DefWindowProcW
UnregisterClassA
SetWindowTextW
GetWindowTextW
CharNextW
DestroyWindow
RegisterClassExW
SetWindowLongW
GetWindowLongW
ShowWindow
DispatchMessageW
TranslateMessage
PeekMessageW
GetWindowTextLengthW
ReleaseCapture
GetSystemMetrics
LoadImageW
GetCursorPos
CreateAcceleratorTableW
PostQuitMessage
GetWindowRect
SystemParametersInfoW
MapWindowPoints
IsDialogMessageW
SetWindowContextHelpId
PostMessageW
CreateWindowExW
MapDialogRect
IsWindow
SendMessageW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
LoadCursorW
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
CreateDialogIndirectParamW
RegisterWindowMessageW
GetClassInfoExW
GetMessageW

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetStockObject

advapi32

RegOpenKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize

oleaut32

GetErrorInfo
DispCallFunc
LoadTypeLi
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi

comctl32

InitCommonControlsEx

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/dump.dll
.dll windows:5 windows x86 arch:x86

e4a6d9649d7242f22c20ed532443f3e4

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a5:17:94:ec:da:e6:bc:cb:21:95:44:d3:7e:00:e9:a1:61:11:78:5f
Signer

Actual PE Digest

a5:17:94:ec:da:e6:bc:cb:21:95:44:d3:7e:00:e9:a1:61:11:78:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\dump.pdb

Imports

kernel32

CloseHandle
GetTickCount
TerminateThread
Sleep
GetPrivateProfileIntW
GetLastError
ResetEvent
GetPrivateProfileSectionW
CreateEventW
OutputDebugStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpyW
GetModuleFileNameW
CreateFileW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
FindResourceExW
FindResourceW
LoadResource
WriteFile
SizeofResource
LockResource
DeleteFileW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetCommandLineA
GetFileAttributesW
GetLocalTime
GetCPInfo
RaiseException
RtlUnwind
GetCurrentThreadId
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapSize
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapReAlloc
LoadLibraryW
SetStdHandle
CreateFileA
WriteConsoleW
SetEndOfFile
GetProcessHeap
OpenEventA
SetEvent
WaitForSingleObject
HeapAlloc
CreateEventA

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

urlmon

UrlMkGetSessionOption

shlwapi

PathRemoveFileSpecW
PathFileExistsW

wininet

InternetCloseHandle
InternetOpenA
InternetGetConnectedState
HttpQueryInfoW
InternetSetOptionA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoA

Exports

Exports

?dump_info@dump@@YAHABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
?dump_info@dump@@YAHJABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
destroy_config_center
disable_output_log_to_file
dump
dump_initialize
dump_log
enable_output_log_to_file
erase_log_record
get_records_duration_by_ms
if_dump
init_config_center
log_output
lvalue
lvalue_of
output_overhead_duration
record_begin_time
record_log_interface
remove_log
svalue
svalue_of
ulvalue_of
upload_log

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/funshion.ini
$TEMP/gma.dll
.dll windows:5 windows x86 arch:x86

8596d45da9d4f8d0913c58f9221801ef

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

82:1b:ec:0f:b8:c5:d6:92:a5:cc:8e:f6:61:37:12:40:3f:10:9d:c2
Signer

Actual PE Digest

82:1b:ec:0f:b8:c5:d6:92:a5:cc:8e:f6:61:37:12:40:3f:10:9d:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\gma.pdb

Imports

iphlpapi

GetIpAddrTable
GetBestInterface
GetBestRoute
SendARP

ws2_32

gethostname
getservbyname
getservbyport
htons
WSAGetLastError
htonl
ntohs
inet_ntoa
WSASetLastError
gethostbyaddr
gethostbyname
inet_addr

advapi32

RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

wininet

HttpQueryInfoW
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoA
InternetGetConnectedState

kernel32

SystemTimeToFileTime
WaitForMultipleObjects
ResumeThread
ResetEvent
OpenEventA
GetSystemInfo
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
InterlockedDecrement
GetPrivateProfileStringW
WritePrivateProfileStringW
GetLastError
ExpandEnvironmentStringsW
CreateEventA
WaitForSingleObject
SetEvent
GetModuleFileNameW
CreateFileW
DeviceIoControl
GetCurrentThreadId
CloseHandle
GetSystemTime
GetTickCount
GetVersionExW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
lstrlenW
FreeLibrary
CreateProcessW
GetSystemDirectoryW
GetSystemDirectoryA
GetCurrentDirectoryW
GetProcAddress
LoadLibraryA
lstrcmpiW
SetWaitableTimer
FindResourceW
LoadResource
WriteFile
SizeofResource
LockResource
DeleteFileW
GetModuleFileNameA
GetConsoleCP
SetFilePointer
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
ExitProcess
HeapCreate
GetLocaleInfoW
GetStdHandle
GetCurrentThread
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
CreateWaitableTimerA
GetACP
IsProcessorFeaturePresent
LCMapStringW
GetCPInfo
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocalTime
GetFileAttributesW
CreateThread
FindResourceExW
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineA
RtlUnwind
ExitThread

shell32

SHGetSpecialFolderPathW
ord51
SHGetFolderPathW
SHGetSpecialFolderPathA
SHCreateDirectoryExW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance

oleaut32

VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SafeArrayUnaccessData
VariantInit
SafeArrayAccessData
SysAllocString
SysFreeString

urlmon

UrlMkGetSessionOption

shlwapi

PathFileExistsW
PathIsRelativeW
PathRemoveFileSpecA
PathAppendW
PathRemoveBackslashW
PathRemoveFileSpecW

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
get_and_update_mac
get_mac_info
get_nic_description
get_time_cost_mac
get_time_cost_mac_main

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/installfilescn.bmp
$TEMP/instpath.ini
$TEMP/nicdescr.dat
$TEMP/partner.ini
$TEMP/welcome.bmp
$TEMP/welcomepage.ini
CoreAAC.ax
.dll regsvr32 windows:4 windows x86 arch:x86

d52e386cb07e1e13a6b9de526bbe1d78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
_onexit
_adjust_fdiv
_initterm
malloc
__dllonexit
memcmp
__CxxFrameHandler
_purecall
memset
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_errno
fputs
_iob
qsort
pow
memmove
_except_handler3

winmm

timeGetTime
timeSetEvent

kernel32

SetEvent
GetSystemInfo
VirtualAlloc
CreateSemaphoreA
ReleaseSemaphore
SetErrorMode
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
FreeLibrary
InterlockedDecrement
LoadLibraryA
CloseHandle
CreateEventA
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
MultiByteToWideChar
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
lstrcmpiA
InterlockedExchange
CreateThread
VirtualFree
GetVersionExA
DisableThreadLibraryCalls
lstrlenA
GetModuleHandleA
GetLastError
WideCharToMultiByte
GetProcAddress
GetThreadPriority
SetThreadPriority
GetACP
GetCurrentThread

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueA
RegCreateKeyA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

user32

KillTimer
CheckDlgButton
GetWindowLongA
SetTimer
IsDlgButtonChecked
CreateDialogParamA
MoveWindow
SetWindowLongA
ShowWindow
DestroyWindow
DefWindowProcA
SetDlgItemTextA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
wsprintfA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow
PeekMessageA
InvalidateRect
RegisterWindowMessageA

ole32

StringFromGUID2
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashReport.exe
.exe windows:5 windows x86 arch:x86

e0773e8ad86951a01ab0e4c659e7c2a8

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ae:67:05:07:a3:30:48:d3:a1:22:0c:68:e4:5c:48:3a:f0:c3:a6:1c
Signer

Actual PE Digest

ae:67:05:07:a3:30:48:d3:a1:22:0c:68:e4:5c:48:3a:f0:c3:a6:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectA
FtpSetCurrentDirectoryA
InternetOpenA
InternetCloseHandle
FtpPutFileA

kernel32

GetPrivateProfileIntA
InitializeCriticalSectionAndSpinCount
SizeofResource
Sleep
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
WritePrivateProfileStringW
FlushInstructionCache
RaiseException
SetThreadLocale
GetLastError
SetLastError
GetThreadLocale
GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
DeleteFileA
CreateFileA
ReadFile
CloseHandle
LoadLibraryW
GetPrivateProfileStringA
GetSystemTime
GetModuleFileNameA
GetPrivateProfileStringW
LCMapStringW
WriteConsoleW
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetConsoleMode
InterlockedIncrement
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
GetStringTypeW
InterlockedCompareExchange
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
RtlUnwind
GetFileType
SetHandleCount
GetStdHandle
WriteFile
CreateFileW
GetProcessHeap
SetEndOfFile
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
InterlockedPopEntrySList
GetConsoleCP
HeapFree
HeapAlloc
ExitProcess
DecodePointer
EncodePointer

user32

DestroyWindow
GetWindowRect
GetMessageW
PostQuitMessage
UnregisterClassA
LoadImageW
GetParent
GetClientRect
TranslateMessage
IsDialogMessageW
LoadIconW
GetWindowLongW
PeekMessageW
MonitorFromWindow
GetDlgItem
SetWindowLongW
SetWindowPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
SendMessageW
MapWindowPoints
GetMonitorInfoW
DefWindowProcW
GetWindow
DispatchMessageW
CharNextW

gdi32

CreateFontW
GetStockObject
DeleteObject

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathFileExistsW

comctl32

InitCommonControlsEx

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Funshion-install.ico
Funshion.exe
.exe windows:5 windows x86 arch:x86

e5c0c8f4dd3de78248580880ff2e2b69

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d4:c5:b9:b2:cd:c8:d9:64:94:a0:df:83:3e:86:a9:9f:d8:f6:35:62
Signer

Actual PE Digest

d4:c5:b9:b2:cd:c8:d9:64:94:a0:df:83:3e:86:a9:9f:d8:f6:35:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\Funshion.pdb

Imports

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

shlwapi

PathRemoveArgsW
StrCatW
StrCpyW
PathRemoveExtensionW
PathAddExtensionW
PathRenameExtensionW
PathAppendW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathFileExistsA
PathFileExistsW
PathIsRelativeW
PathRemoveBackslashW

ws2_32

getservbyport
getservbyname
WSASetLastError
gethostbyaddr
htonl
gethostname
htons
WSAGetLastError
ntohl
gethostbyname
inet_addr
WSACleanup
WSAStartup
ntohs
inet_ntoa

wininet

InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoA
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheEntryA
DeleteUrlCacheEntryA
InternetGetCookieExW
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetQueryOptionW
InternetSetOptionW
InternetConnectA
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetGetConnectedState
InternetGetCookieW
HttpEndRequestW
HttpSendRequestExW
InternetSetCookieW
HttpOpenRequestA
InternetSetOptionA
InternetOpenUrlW

iphlpapi

GetAdaptersInfo
GetIfEntry
GetBestInterface

winmm

mixerOpen
mixerGetControlDetailsW
waveOutSetVolume
mixerGetLineControlsW
mixerClose
mixerGetLineInfoW
waveOutGetVolume

kernel32

MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
InitializeCriticalSection
GetTickCount
LocalFree
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileStringA
CreateFileA
DeviceIoControl
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
InterlockedExchange
lstrcpyW
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
Sleep
WaitForSingleObject
TerminateThread
lstrcpynW
GetVersionExW
CompareStringW
GetSystemDirectoryW
GetDriveTypeW
CreateDirectoryW
GetFileAttributesExW
GetDiskFreeSpaceExW
GetProcAddress
GetModuleHandleW
LoadLibraryW
FreeLibrary
GetLocalTime
CopyFileW
GetExitCodeThread
CreateFileW
GetFileSize
ReadFile
GetModuleFileNameA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetWindowsDirectoryW
SetFilePointer
WriteFile
lstrcmpiW
LoadLibraryExW
MoveFileExW
FindFirstFileA
CreateDirectoryA
FindNextFileA
CopyFileA
MoveFileA
CreateEventW
lstrcpynA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
SetThreadPriority
DeleteFileA
ExitProcess
GetSystemInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetTempPathA
GetTempFileNameA
IsWow64Process
lstrlenA
GlobalMemoryStatus
FreeResource
LockFile
UnlockFile
SetThreadExecutionState
GetLogicalDriveStringsW
CompareFileTime
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
CreatePipe
CreateProcessW
GetThreadLocale
SetThreadLocale
SetEvent
CreateThread
GetSystemDirectoryA
LoadLibraryA
ExpandEnvironmentStringsW
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetCurrentProcessId
HeapValidate
DebugBreak
CreateEventA
HeapDestroy
HeapCreate
ResetEvent
GetSystemTimeAsFileTime
OpenEventA
TlsSetValue
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
ExitThread
GetFullPathNameW
VirtualProtect
VirtualQuery
GlobalMemoryStatusEx
HeapReAlloc
HeapSize
InterlockedPushEntrySList
GlobalFree
GlobalHandle
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetStringTypeW
EncodePointer
DecodePointer
TlsAlloc
TlsFree
TlsGetValue
TryEnterCriticalSection
GetComputerNameW
GetVersionExA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetTempPathW
GetTimeFormatW
GetDateFormatW
GetFileAttributesA
RtlUnwind
GetCommandLineW
HeapSetInformation
GetStartupInfoW
FindFirstFileExW
UnhandledExceptionFilter
IsDebuggerPresent
LCMapStringW
GetCPInfo
GetStdHandle
GetLocaleInfoW
GetCurrentThread
GetACP
GetOEMCP
IsValidCodePage
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
lstrlenW
GetModuleFileNameW
GetLastError
InterlockedIncrement
InterlockedDecrement
GetLongPathNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetHandleCount
GetFileType
FatalAppExitA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileInformationByHandle
PeekNamedPipe
SetCurrentDirectoryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
GetFullPathNameA
WriteConsoleW
SetStdHandle
SetEndOfFile
SetEnvironmentVariableA
CreateMutexW
ReleaseMutex
CreateFileMappingW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFileTime

user32

DestroyIcon
GetWindowDC
GetScrollPos
GetScrollRange
PostThreadMessageW
DeleteMenu
InsertMenuW
GetSubMenu
EnableMenuItem
IntersectRect
DrawIcon
LoadIconW
GetMenuItemInfoW
PostQuitMessage
LoadStringA
LoadStringW
EndMenu
GetWindowPlacement
GetDoubleClickTime
CreateDialogParamW
FrameRect
SetDlgItemTextW
LoadImageW
MessageBoxA
ShowCursor
wsprintfW
IsZoomed
SetRectEmpty
GetSysColorBrush
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DdeNameService
DdeConnect
DdeCreateStringHandleW
DdeInitializeW
DdeDisconnect
DdeGetData
SetScrollPos
EnableWindow
DestroyMenu
RemoveMenu
ModifyMenuW
GetMenuItemCount
AppendMenuW
SetMenuInfo
TrackPopupMenuEx
CreatePopupMenu
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SystemParametersInfoW
SetWindowRgn
SetForegroundWindow
IsIconic
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
IsDialogMessageW
GetActiveWindow
FindWindowW
GetSystemMetrics
BringWindowToTop
ScrollWindow
CopyRect
GetCapture
InflateRect
DialogBoxParamW
DrawTextW
OffsetRect
LoadBitmapW
ExitWindowsEx
GetMenuItemID
DestroyCursor
DrawFocusRect
GetWindowThreadProcessId
WindowFromPoint
SetDlgItemInt
GetDlgItemInt
MonitorFromRect
EnumDisplayMonitors
MessageBeep
SetLayeredWindowAttributes
IsWindowEnabled
SetRect
EnumChildWindows
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetScrollInfo
GetScrollInfo
EndDialog
SendDlgItemMessageW
MapDialogRect
CreateDialogIndirectParamW
SetWindowContextHelpId
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsChild
GetFocus
GetWindow
GetDlgItem
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
LoadCursorW
RegisterClassExW
ReleaseDC
GetDC
GetWindowRect
InvalidateRect
GetDlgCtrlID
IsWindowVisible
PostMessageW
KillTimer
EndPaint
BeginPaint
SetTimer
DefWindowProcW
GetClientRect
MoveWindow
ScreenToClient
IsWindow
ShowWindow
GetParent
SendMessageW
SetFocus
PtInRect
UnregisterClassA
SendMessageA
UpdateWindow
SetCursor
SetParent
EqualRect
MessageBoxW
IsRectEmpty
CheckMenuRadioItem
GetMenuStringW
GetMenuState
CheckMenuItem
LoadMenuW
GetCursorPos
TrackPopupMenu
GetKeyState

gdi32

SetBrushOrgEx
SetTextAlign
Arc
SetPixel
GetCurrentObject
OffsetRgn
SaveDC
GetDIBColorTable
GetPixel
SetStretchBltMode
GetTextMetricsW
CreateBitmap
CreateDIBSection
SetDIBColorTable
CreateFontIndirectW
StretchBlt
PtInRegion
RestoreDC
CreatePatternBrush
CombineRgn
CreateRoundRectRgn
CreateRectRgn
RoundRect
LineTo
MoveToEx
GetTextExtentPoint32W
ExtTextOutW
SetBkColor
TextOutW
SetTextColor
SetBkMode
Rectangle
ExcludeClipRect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetStockObject
GetObjectW
GetDeviceCaps
SelectObject
CreatePen
CreateSolidBrush
DeleteObject
DPtoLP
DeleteDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyExW
RegQueryValueExA
RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

shell32

ord51
ShellExecuteW
ord165
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
Shell_NotifyIconW
DragQueryFileW
SHAppBarMessage
ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

OleUninitialize
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleRun
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid
StgOpenStorageEx

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
GetErrorInfo
VariantChangeType
VariantInit
OleCreateFontIndirect
DispCallFunc
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
OleLoadPicture
SysAllocString
SysFreeString
SysAllocStringLen
SetErrorInfo
CreateErrorInfo

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_Draw
ImageList_Add
_TrackMouseEvent
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend
GradientFill

urlmon

URLDownloadToFileA
UrlMkGetSessionOption

gdiplus

GdiplusShutdown
GdipLoadImageFromStreamICM
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdipCreateFromHDC
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectRect
GdipLoadImageFromStream
GdipDrawImagePointRectI
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipSetSolidFillColor
GdipCreateSolidFill
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateTextureIAI
GdipDrawImageRectRectI
GdipBitmapGetPixel
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipAlloc

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 569KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunshionDoctor.exe
.exe windows:5 windows x86 arch:x86

8fe55451fa2afe2f6e46fbf5c87dab10

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

de:d1:1a:1f:23:91:21:e8:03:7c:99:d8:b1:b6:58:b8:a3:75:d5:2c
Signer

Actual PE Digest

de:d1:1a:1f:23:91:21:e8:03:7c:99:d8:b1:b6:58:b8:a3:75:d5:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\FunshionDoctor.pdb

Imports

kernel32

WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FatalAppExitA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
GetFileType
SetHandleCount
ReadFile
GetStdHandle
ExitProcess
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CompareStringW
GetDateFormatA
InterlockedDecrement
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
IsDebuggerPresent
CreateFileA
UnhandledExceptionFilter
GetCPInfo
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
CreateThread
ExitThread
RtlUnwind
GetLocaleInfoW
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
SetEndOfFile
SetEnvironmentVariableA
GetTickCount
lstrlenA
TerminateThread
GetPrivateProfileIntA
WideCharToMultiByte
GetPrivateProfileStringW
Sleep
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameA
GetVersionExW
SetEvent
ResetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CloseHandle
CreateEventW
CreateFileW
InterlockedIncrement
FindResourceExW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
GetCurrentProcess
FlushInstructionCache
SetLastError
lstrlenW
WaitForSingleObject
WriteFile
DeleteFileW
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
SetUnhandledExceptionFilter
GetModuleHandleW
lstrcpynW
RaiseException
DeleteCriticalSection
GetCurrentThreadId
CreateMutexW
GetLastError
LoadLibraryW
GetProcAddress
GetTimeFormatA

user32

MoveWindow
ShowWindow
DestroyWindow
GetDlgCtrlID
DrawTextW
CreateDialogParamW
BeginPaint
EndPaint
DialogBoxParamW
SetWindowLongW
GetWindowLongW
CallWindowProcW
CharNextW
SetRect
FindWindowA
SendMessageW
DefWindowProcW
GetClassInfoW
RegisterClassW
GetActiveWindow
GetClientRect
ReleaseDC
GetDC
FillRect
GetSysColor
CopyRect
SetWindowPos
GetUpdateRect
InvalidateRect
LoadImageW
MessageBoxW
SetRectEmpty
ScreenToClient
GetCursorPos
GetKeyState
PtInRect
PostMessageW
SetFocus
GetParent
GetWindowTextW
GetWindowTextLengthW
SendDlgItemMessageW
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreateWindowExW
EndDialog
SetScrollInfo
IsWindowVisible
RedrawWindow
SetWindowTextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
EnableWindow
GetSystemMetrics
GetScrollInfo
GetScrollPos
FindWindowW
SetCapture
SetTimer
KillTimer
GetCapture
ReleaseCapture
LoadBitmapW
SetWindowRgn
GetWindowRect
UnregisterClassA

gdi32

SelectObject
SetBkMode
CreateCompatibleDC
GetCurrentObject
GetObjectW
SetStretchBltMode
LineTo
MoveToEx
CreateRoundRectRgn
CreatePatternBrush
SetBkColor
ExtTextOutW
GetPixel
StretchBlt
RoundRect
BitBlt
SetBrushOrgEx
GetStockObject
GetDeviceCaps
DeleteDC
DeleteObject
CreatePen
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleBitmap
TextOutW
Rectangle
SetTextColor

advapi32

RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
VarUI4FromStr
SysFreeString

shlwapi

PathRemoveArgsW
PathFileExistsW
PathFileExistsA

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw
ImageList_AddMasked
ImageList_Create
ImageList_GetImageInfo
InitCommonControlsEx

msimg32

TransparentBlt

urlmon

UrlMkGetSessionOption

wininet

InternetGetConnectedState
InternetSetOptionA
HttpQueryInfoA
InternetOpenW
InternetAttemptConnect
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenA

iphlpapi

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
GetNetworkParams
GetPerAdapterInfo
GetAdaptersInfo

psapi

GetProcessMemoryInfo

dnsapi

DnsQuery_A
DnsFree

ws2_32

connect
closesocket
WSAStartup
gethostname
htons
inet_ntoa
WSACleanup
inet_addr
socket
ntohs
htonl
ntohl
__WSAFDIsSet
select
send
recv
WSAGetLastError
ioctlsocket
gethostbyname

Sections

.text
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunshionGame3.ico
FunshionService.exe
.exe windows:5 windows x86 arch:x86

d13d77fece2235f96981c9244a6a9686

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8a:f8:09:09:48:66:1b:35:a0:d4:f0:80:ee:77:d9:9e:57:b0:f0:6f
Signer

Actual PE Digest

8a:f8:09:09:48:66:1b:35:a0:d4:f0:80:ee:77:d9:9e:57:b0:f0:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\FunshionService.pdb

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

DefWindowProcW
DispatchMessageW
UpdateWindow
CreateWindowExW
wsprintfW
ShowWindow
PeekMessageW
LoadIconW
RegisterClassExW
TranslateMessage
LoadCursorW
PostMessageW
DestroyWindow
FindWindowW

ws2_32

WSAGetOverlappedResult
bind
WSASend
WSARecv
WSASendTo
WSARecvFrom
WSASocketW
accept
send
WSAIoctl
getsockname
setsockopt
socket
closesocket
getsockopt
listen
inet_ntoa
WSAGetLastError
WSASetLastError
inet_addr
htonl
htons
recv
ioctlsocket
__WSAFDIsSet
select
connect
gethostbyname
ntohs
ntohl
WSAStartup
WSACleanup

quality

report_uninitialize
set_run_mode
report_udpt
report_tcp
report_initialize
report_task_state
report_playing_pausing
report_something
report_mem_info
report_task_detail
report_ms_flow

iphlpapi

GetNetworkParams

dnsapi

DnsFree
DnsQuery_A

gma

get_time_cost_mac_main
get_and_update_mac
get_time_cost_mac
get_mac_info
get_nic_description
GetCurrUsedIPUL
GetMACAddress

dump

upload_log
disable_output_log_to_file
enable_output_log_to_file
dump_initialize
init_config_center
dump_log
remove_log
lvalue
destroy_config_center
?dump_info@dump@@YAHABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
if_dump
dump
ulvalue_of
record_log_interface
lvalue_of
svalue
svalue_of

agentd

ord1
ord2
ord3

lsv

ord1
ord2

ptv

?get_ptvisitor@nsptv@@YAPAVi_ptvisitor@1@XZ
?release_ptvisitor@nsptv@@YAXXZ

ttv

ord1
ord2

kernel32

CreateFileA
SetStdHandle
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
LoadLibraryW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
HeapSize
CompareStringW
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
SetLastError
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
GetModuleHandleW
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
GetStdHandle
GetFileType
WriteConsoleW
GetLocaleInfoW
HeapValidate
DebugBreak
SetEnvironmentVariableA
GetACP
CreateDirectoryA
GetLocalTime
CreateThread
ExitThread
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
TlsSetValue
OpenEventA
TlsGetValue
TlsFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
GetModuleHandleA
SetEndOfFile
GetFileAttributesExW
RemoveDirectoryW
MoveFileW
FlushFileBuffers
GetFileAttributesW
SetFilePointerEx
GlobalMemoryStatus
lstrcpyA
lstrcpyW
ReleaseMutex
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateMutexW
ReadFile
SetFilePointer
GetFileSize
CopyFileW
GetDiskFreeSpaceExW
FindNextFileW
FindClose
FindFirstFileW
ResetEvent
ResumeThread
GetTickCount
GetProcessHeap
GetCurrentThreadId
HeapAlloc
CreateEventA
CloseHandle
HeapFree
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
Sleep
GetCurrentProcess
GetLastError
GetPrivateProfileIntW
InterlockedExchange
InterlockedExchangeAdd
ExpandEnvironmentStringsW
QueueUserWorkItem
GetPrivateProfileStringW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
CreateProcessW
GetVersionExW
GetModuleFileNameW
CreateFileW
GetProcAddress
lstrcmpiW
SetUnhandledExceptionFilter
GetCurrentProcessId
FindResourceExW
FindResourceW
LoadResource
WriteFile
SizeofResource
LockResource
DeleteFileW
GlobalAlloc
GlobalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort

urlmon

UrlMkGetSessionOption

dbghelp

MiniDumpWriteDump

shell32

ord51
SHGetSpecialFolderPathW
ord165
SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathAppendW
PathIsRelativeW
PathRemoveFileSpecW
PathFileExistsW

wininet

HttpQueryInfoA
InternetOpenUrlW
InternetReadFile
InternetSetOptionA
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunshionUpgrade.exe
.exe windows:5 windows x86 arch:x86

2d601431499f7090272f692f07d1c762

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

73:1e:c7:19:df:36:ea:10:bf:03:e7:07:0a:57:25:f9:08:aa:e3:01
Signer

Actual PE Digest

73:1e:c7:19:df:36:ea:10:bf:03:e7:07:0a:57:25:f9:08:aa:e3:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build2.8.3\Funshion\Rel\bin\Release\FunshionUpgrade.pdb

Imports

wldap32

ord200
ord33
ord301
ord27
ord41
ord46
ord79
ord35
ord32
ord26
ord50
ord60
ord143
ord211
ord22
ord30

ws2_32

sendto
getaddrinfo
freeaddrinfo
socket
connect
setsockopt
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup
recvfrom
listen
WSASetLastError
__WSAFDIsSet
select
ioctlsocket
accept

dbghelp

MakeSureDirectoryPathExists

wininet

HttpSendRequestA
InternetReadFileExA
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetSetStatusCallbackW
InternetConnectA
InternetSetOptionA
InternetCloseHandle
HttpOpenRequestA

kernel32

IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
InitializeCriticalSection
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetLastError
WaitForSingleObject
WriteFile
DeleteFileW
CreateEventW
SetEvent
RaiseException
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetModuleFileNameW
GetThreadLocale
lstrcpynW
lstrlenW
SetLastError
lstrcmpiW
GetProcAddress
GetModuleHandleW
lstrcpyW
CompareStringW
LoadLibraryW
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
CreateFileW
GetSystemInfo
GetVersionExW
GetPrivateProfileIntW
SetThreadLocale
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleFileNameA
CreateFileA
SetFilePointer
GetPrivateProfileStringW
GetPrivateProfileIntA
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
HeapFree
GetProcessHeap
GetTickCount
VirtualFree
HeapAlloc
CreateEventA
Sleep
ReleaseMutex
TlsAlloc
TlsFree
TlsGetValue
CreateMutexA
GetCurrentProcessId
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
LocalFree
FormatMessageA
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindClose
GetFileTime
SetFileTime
GetDiskFreeSpaceExW
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
CreateHardLinkW
GetDiskFreeSpaceExA
GetFullPathNameA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
CreateHardLinkA
MoveFileW
CopyFileW
MoveFileA
CopyFileA
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
GetShortPathNameW
SleepEx
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
LoadLibraryA
ExpandEnvironmentStringsA
VirtualAlloc
InterlockedPopEntrySList
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
ExitThread
HeapDestroy
HeapReAlloc
HeapSize
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
ExitProcess
GetDriveTypeA
FindFirstFileExA
GetCPInfo
LCMapStringW
HeapCreate
GetCurrentThread
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FatalAppExitA
GetTimeZoneInformation
SetConsoleCtrlHandler
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
GetSystemTimeAsFileTime

user32

SetLayeredWindowAttributes
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxA
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
CharNextW
SetWindowTextW
GetClassNameW
ScreenToClient
GetCursorPos
SetFocus
UpdateWindow
OffsetRect
GetSysColor
SetCursor
ReleaseDC
GetDC
SendMessageW
CreateWindowExW
LoadCursorW
FindWindowW
RegisterClassExW
LoadBitmapW
IsWindowEnabled
SetWindowPos
GetWindowTextLengthW
GetWindowTextW
EnableWindow
IsWindow
GetDlgCtrlID
PtInRect
ReleaseCapture
GetCapture
GetParent
SetCapture
KillTimer
UnregisterClassA
GetSysColorBrush
LoadImageW
CopyRect
SetRectEmpty
FillRect
GetClientRect
EndPaint
BeginPaint
SetTimer
InflateRect
wsprintfW
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
ShowWindow
DialogBoxParamW
DrawIcon
SetWindowLongW
GetActiveWindow
GetSystemMetrics
LoadIconW
GetDlgItem
BringWindowToTop
GetClassInfoExW
SetRect
GetWindowRect
MoveWindow
SetWindowRgn
DrawTextW
EndDialog
PostMessageW
InvalidateRect

gdi32

CreateBitmap
GetTextExtentPoint32W
GetObjectW
TextOutW
CreateDIBSection
CreatePen
GetDeviceCaps
DPtoLP
Arc
GetPixel
StretchBlt
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePatternBrush
SetBrushOrgEx
DeleteDC
CreateRoundRectRgn
ExtTextOutW
SetBkColor
RoundRect
LineTo
MoveToEx
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectW
DeleteObject
CreateSolidBrush
GetStockObject

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
IsTextUnicode
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA

comctl32

ImageList_GetImageInfo
ImageList_Draw
ImageList_Create
ImageList_AddMasked
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetImageCount

msimg32

TransparentBlt
GradientFill

Sections

.text
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Funshop4.ico
InnerWeb.exe
.exe windows:5 windows x86 arch:x86

8fbd83c2608d90f0e3b14fb54b2b847d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\Fun Player\Rel2.8.2\symbols\InnerWeb.pdb

Imports

kernel32

GetCurrentProcess
lstrlenW
GetModuleFileNameW
lstrcmpW
MulDiv
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GlobalFree
GlobalHandle
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
FreeLibrary
SizeofResource
LoadLibraryExW
lstrcmpiW
GetProcAddress
FindResourceExW
FlushFileBuffers
CreateFileW
ReadFile
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
LoadLibraryW
InterlockedExchange
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetStringTypeW
WideCharToMultiByte
FlushInstructionCache
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
HeapCreate
GetLocaleInfoW
GetStdHandle
WriteFile
ExitProcess
Sleep
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
DeleteCriticalSection
GetCurrentThreadId
lstrlenA
MultiByteToWideChar
GetLastError
FindResourceW
LoadResource
LockResource
GlobalAlloc
GetCurrentProcessId
GlobalLock
GlobalUnlock
SetLastError
OpenProcess
GetExitCodeProcess
CloseHandle
RaiseException
GetPrivateProfileIntW
GetPrivateProfileStringW
GetSystemTimeAsFileTime
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

TranslateMessage
DispatchMessageW
EndDialog
DestroyWindow
MapDialogRect
GetWindow
IsWindow
GetWindowThreadProcessId
DefWindowProcW
SetTimer
PostMessageW
GetMessageW
PeekMessageW
CreateWindowExW
MoveWindow
PostQuitMessage
GetDesktopWindow
IsDialogMessageW
CreateDialogIndirectParamW
CallWindowProcW
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
GetDC
ReleaseDC
UnregisterClassA
CharNextW
GetParent
GetClassNameW
RedrawWindow
GetClientRect
BeginPaint
FillRect
EndPaint
IsChild
SetFocus
GetFocus
GetSysColor
DestroyAcceleratorTable
SendMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
SetWindowLongW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SetWindowContextHelpId
GetDlgItem
SetParent
SendDlgItemMessageW
ShowWindow
SetWindowPos

gdi32

GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal

oleaut32

VariantClear
SysFreeString
VarBstrCat
SysStringByteLen
VarUI4FromStr
OleCreateFontIndirect
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
DispCallFunc
VariantInit

urlmon

CoInternetSetFeatureEnabled

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LangResEnAmerican.dll
.dll windows:5 windows x86 arch:x86

2e168f9fee36c65804acc85d4752ed9f

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ff:10:b0:a9:21:4e:70:2b:3d:bc:15:c4:22:87:2e:8a:33:4c:b2:b2
Signer

Actual PE Digest

ff:10:b0:a9:21:4e:70:2b:3d:bc:15:c4:22:87:2e:8a:33:4c:b2:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\LangResEnAmerican.pdb

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
agentd.dll
.dll windows:5 windows x86 arch:x86

d3373049f7ad2325b0dd8079ca329127

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

59:e0:e5:b8:4a:9a:e8:91:c8:e8:d0:fa:34:0e:03:26:35:26:f0:40
Signer

Actual PE Digest

59:e0:e5:b8:4a:9a:e8:91:c8:e8:d0:fa:34:0e:03:26:35:26:f0:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\agentd.pdb

Imports

ws2_32

__WSAFDIsSet
ntohl
ioctlsocket
connect
select
WSAGetLastError
sendto
recv
bind
ntohs
closesocket
socket
inet_addr
gethostbyname
htonl
htons

dump

dump
if_dump

quality

report_something

kernel32

SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
SetFilePointer
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
FlushFileBuffers
SystemTimeToFileTime
GetACP
GetTickCount
GetCurrentThreadId
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
GetProcessHeap
HeapAlloc
HeapFree
Sleep
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcessId
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
CreateFileW
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
GetLastError
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
ExitThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
SetLastError
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapSize

Exports

Exports

Dll_Get_Agentd_Object
Dll_Labin_Report_Agentd
Dll_Release_Agentd_Object

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atrc.dll
.dll windows:4 windows x86 arch:x86

2f5ab2eb4b4ccc26411c35c942298cd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\datatype_rn\rm\audio\codec\ra8hbr\atrc.pdb

Imports

msvcr71

floor
_initterm
_adjust_fdiv
__CppXcptFilter
_CIpow
__security_error_handler
__dllonexit
_onexit
malloc
free
calloc
memmove
??3@YAXPAX@Z
_except_handler3
??2@YAPAXI@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cook.dll
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coreavc.ax
.dll regsvr32 windows:5 windows x86 arch:x86

a51dab6f4a70c7f5108331c3fee35df0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shell32

ShellExecuteA

advapi32

RegEnumKeyExA

ole32

CLSIDFromString

oleaut32

SafeArrayAccessData

user32

GetSystemMenu

version

GetFileVersionInfoA

comctl32

InitCommonControlsEx

gdi32

SetTextColor

Exports

Exports

Configure
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 255KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
drvc.dll
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dump.dll
.dll windows:5 windows x86 arch:x86

e4a6d9649d7242f22c20ed532443f3e4

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a5:17:94:ec:da:e6:bc:cb:21:95:44:d3:7e:00:e9:a1:61:11:78:5f
Signer

Actual PE Digest

a5:17:94:ec:da:e6:bc:cb:21:95:44:d3:7e:00:e9:a1:61:11:78:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\dump.pdb

Imports

kernel32

CloseHandle
GetTickCount
TerminateThread
Sleep
GetPrivateProfileIntW
GetLastError
ResetEvent
GetPrivateProfileSectionW
CreateEventW
OutputDebugStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpyW
GetModuleFileNameW
CreateFileW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
FindResourceExW
FindResourceW
LoadResource
WriteFile
SizeofResource
LockResource
DeleteFileW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetCommandLineA
GetFileAttributesW
GetLocalTime
GetCPInfo
RaiseException
RtlUnwind
GetCurrentThreadId
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapSize
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapReAlloc
LoadLibraryW
SetStdHandle
CreateFileA
WriteConsoleW
SetEndOfFile
GetProcessHeap
OpenEventA
SetEvent
WaitForSingleObject
HeapAlloc
CreateEventA

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

urlmon

UrlMkGetSessionOption

shlwapi

PathRemoveFileSpecW
PathFileExistsW

wininet

InternetCloseHandle
InternetOpenA
InternetGetConnectedState
HttpQueryInfoW
InternetSetOptionA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoA

Exports

Exports

?dump_info@dump@@YAHABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
?dump_info@dump@@YAHJABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
destroy_config_center
disable_output_log_to_file
dump
dump_initialize
dump_log
enable_output_log_to_file
erase_log_record
get_records_duration_by_ms
if_dump
init_config_center
log_output
lvalue
lvalue_of
output_overhead_duration
record_begin_time
record_log_interface
remove_log
svalue
svalue_of
ulvalue_of
upload_log

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fptassrv.dll
.dll windows:5 windows x86 arch:x86

14c2e37d1ddc895ef788dad646cd0ea0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14/07/2010, 00:00

Not After

02/08/2012, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

ef:82:10:1a:d3:91:d7:04:83:cd:37:59:b2:dc:64:12:18:19:1f:46
Signer

Actual PE Digest

ef:82:10:1a:d3:91:d7:04:83:cd:37:59:b2:dc:64:12:18:19:1f:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.6.3\Funshion\Rel\symbols\fp_tas_visitor.pdb

Imports

ws2_32

gethostbyname
ntohl
ntohs
htonl
htons
select
__WSAFDIsSet
ioctlsocket
connect
WSAGetLastError
recv
socket
closesocket
send

kernel32

GetProcAddress
ExitThread
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
ResumeThread
ResetEvent
OpenEventA
SetEnvironmentVariableA
CompareStringW
CreateFileW
WideCharToMultiByte
GetTickCount
GetProcessHeap
GetCurrentThreadId
HeapAlloc
CreateEventA
CloseHandle
HeapFree
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetLastError
WriteFile
GetStdHandle
GetModuleFileNameW
RaiseException
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
CreateThread
Sleep
HeapSize
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryW
RtlUnwind
HeapReAlloc
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
LCMapStringW
GetStringTypeW

Exports

Exports

dllget_visitor
dllrelease_object

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funoictl.dll
.dll regsvr32 windows:5 windows x86 arch:x86

7ab75f0433b0d1d0b93fa0448ce3a082

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7b:10:30:e2:0c:5b:c6:b8:1c:86:3a:0e:73:e8:55:61:03:30:6c:8d
Signer

Actual PE Digest

7b:10:30:e2:0c:5b:c6:b8:1c:86:3a:0e:73:e8:55:61:03:30:6c:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\src\plugin\FunOICtrl_ActiveX\bin\release\funoictl.pdb

Imports

wininet

InternetCloseHandle
HttpQueryInfoW
InternetSetOptionA
HttpQueryInfoA
InternetOpenA
InternetGetConnectedState
InternetOpenUrlW
InternetReadFile

kernel32

GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
VirtualQuery
GetStartupInfoW
VirtualProtect
MoveFileW
RtlUnwind
CreateThread
ExitThread
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetSystemInfo
InterlockedDecrement
FlushFileBuffers
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetStringTypeW
LCMapStringW
GetConsoleMode
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetTempPathW
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
SetThreadLocale
LoadLibraryExW
lstrcmpiW
SetEvent
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
Process32NextW
LoadLibraryW
FreeLibrary
WideCharToMultiByte
CreateEventW
GetModuleHandleW
GetProcAddress
Sleep
GetTickCount
InterlockedIncrement
GetModuleFileNameW
SetLastError
GetThreadLocale
GetCurrentThreadId
lstrcpynW
GetCurrentProcess
FlushInstructionCache
lstrlenW
LeaveCriticalSection
EnterCriticalSection
WriteFile
DeleteFileW
CreateFileW
WaitForSingleObject
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameA

user32

CharNextW
DestroyWindow
GetSystemMetrics
GetActiveWindow
SetTimer
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
CreateDialogParamW
UnionRect
EqualRect
GetDlgItem
ShowWindow
IntersectRect
SetFocus
PostQuitMessage
BringWindowToTop
GetWindow
DialogBoxParamW
IsChild
GetFocus
GetKeyState
DefWindowProcW
GetClientRect
FillRect
UnregisterClassA
SetWindowTextW
InflateRect
EndDialog
RegisterClassExW
CreateWindowExW
GetDC
ReleaseDC
GetCapture
ReleaseCapture
DrawTextW
OffsetRect
SetRectEmpty
PtInRect
CopyRect
LoadCursorW
GetClassInfoExW
SetWindowPos
IsWindow
SetWindowRgn
GetDlgCtrlID
GetParent
SetCapture
IsWindowEnabled
KillTimer
InvalidateRect
GetWindowRect
MoveWindow
PostMessageW
SendMessageW
LoadBitmapW
CallWindowProcW
GetWindowLongW
SetWindowLongW
EndPaint
BeginPaint

gdi32

GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
LPtoDP
SetMapMode
SetViewportOrgEx
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
ExtTextOutW
GetDeviceCaps
DPtoLP
CreateCompatibleBitmap
BitBlt
SetBkColor
CreateCompatibleDC
CreateFontIndirectW
SetTextColor
CreatePen
CreateRoundRectRgn
TextOutW
GetObjectW
GetTextExtentPoint32W
StretchBlt
Arc
LineTo
MoveToEx
SetBkMode
SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
SetBrushOrgEx

advapi32

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder

oleaut32

LoadRegTypeLi
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
OleCreatePropertyFrame
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
UnRegisterTypeLi
LPSAFEARRAY_UserMarshal
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
LPSAFEARRAY_UserUnmarshal

shlwapi

PathIsDirectoryW
PathFileExistsW

comctl32

ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Create
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent

msimg32

GradientFill

iphlpapi

GetAdaptersInfo

rpcrt4

NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funshionplugin2.dll
.dll windows:5 windows x86 arch:x86

ce99d6d124f21164b9e9ebb6a4267064

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:8b:5f:73:70:86:f7:f2:de:64:9a:75:e4:ce:fa:b3:3d:4f:9d:79
Signer

Actual PE Digest

39:8b:5f:73:70:86:f7:f2:de:64:9a:75:e4:ce:fa:b3:3d:4f:9d:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\funshionplugin2.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutSetVolume
waveOutGetVolume
PlaySoundW

dsound

ord3

kernel32

GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
lstrcmpW
CreateSemaphoreW
CreateThread
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
GetTempPathW
GetTempFileNameW
DeleteFileW
SetThreadPriority
InterlockedExchange
CreateEventW
ResetEvent
GetTickCount
DisableThreadLibraryCalls
GetCurrentThreadId
TerminateThread
SetEvent
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
VirtualAlloc
WaitForSingleObject
ReleaseMutex
CreateFileMappingW
GetLastError
CreateMutexW
UnmapViewOfFile
MapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileStringW
Sleep
MulDiv
OutputDebugStringW
CreateFileW
CloseHandle
GetFileSize
SetFilePointer
ReadFile
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
RaiseException
lstrlenA
CreateSemaphoreA
GetVersionExW
SizeofResource
SetLastError
DeactivateActCtx
ActivateActCtx
InitializeCriticalSectionAndSpinCount
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GlobalUnlock
GlobalLock
lstrcmpA
LocalFree
FormatMessageW
GlobalAlloc
GlobalSize
CopyFileW
GlobalFree
CreateActCtxW
ReleaseActCtx
ResumeThread
SuspendThread
GlobalGetAtomNameW
LoadLibraryExW
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetPrivateProfileIntW
GetThreadLocale
lstrcmpiW
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesExW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetSystemDirectoryW
lstrcpyW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetNumberFormatW
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
RtlUnwind
DecodePointer
EncodePointer
HeapFree
HeapAlloc
GetCommandLineA
HeapReAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
ExitThread
ExitProcess
VirtualQuery
SetStdHandle
GetFileType
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent
SetHandleCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
LoadLibraryA
CreateFileA

user32

EndPaint
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckDlgButton
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
IsWindowEnabled
RemoveMenu
InsertMenuW
AppendMenuW
GetMenuStringW
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageW
TranslateAcceleratorW
GetDesktopWindow
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
IsIconic
InvalidateRect
LoadAcceleratorsW
ReleaseCapture
SetCursor
DestroyIcon
LoadImageW
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
CharNextW
GetSystemMetrics
CharUpperW
WaitMessage
KillTimer
SetTimer
UnregisterClassW
GetMenuItemInfoW
SystemParametersInfoW
RealChildWindowFromPoint
CopyImage
GetSysColorBrush
EnumDisplayMonitors
SetLayeredWindowAttributes
GetKeyNameTextW
MapVirtualKeyW
DeleteMenu
GetSystemMenu
CopyAcceleratorTableW
InvalidateRgn
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
IsZoomed
SetWindowRgn
DestroyAcceleratorTable
WindowFromPoint
NotifyWinEvent
GetAsyncKeyState
SetClassLongW
DrawStateW
BeginPaint
DrawEdge
GetWindowTextLengthW
DrawFocusRect
ToUnicodeEx
IntersectRect
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
RegisterClipboardFormatW
EndDialog
CreateDialogIndirectParamW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UpdateLayeredWindow
IsMenu
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DrawIcon
DestroyCursor
GetWindowRgn
SetWindowPos
PtInRect
LoadIconW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
GetMonitorInfoW
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetDC
DrawIconEx
ReleaseDC
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
ValidateRect
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetKeyboardLayout
SetFocus
EnumWindows
GetWindowThreadProcessId
GetClassNameW
MonitorFromWindow
MessageBoxW
InflateRect
DispatchMessageW
RegisterWindowMessageW
PeekMessageW
SetRect
IsRectEmpty
PostQuitMessage
PostThreadMessageW
SetMenu
SetParent
GetWindowRect
UnionRect
OffsetRect
EqualRect
CopyRect
SetRectEmpty
SendMessageW
EnableWindow
GetParent
PostMessageW
IsWindowVisible
MapWindowPoints
GetClientRect
GetWindow
IsWindow
LoadCursorW
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
DrawFrameControl
SetWindowLongW

advapi32

RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
DragQueryFileW
DragFinish

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CoInitializeEx
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleInitialize
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
ReleaseStgMedium
StringFromGUID2
CoFreeUnusedLibraries
CoTaskMemAlloc
CoUninitialize
CoInitialize
StringFromCLSID
GetRunningObjectTable
CreateItemMoniker
CLSIDFromString
CoCreateInstance
CoTaskMemFree

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SysStringLen
OleCreateFontIndirect
VariantChangeType
VariantClear
VarBstrFromDate

comctl32

ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathRemoveFileSpecA
PathAddBackslashA
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

gdi32

GetTextFaceW
SetPixelV
TranslateCharsetInfo
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
GetObjectW
ExtTextOutW
CreateFontIndirectW
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetDeviceCaps
GetMapMode
PatBlt
DeleteObject
CreatePatternBrush
CreateBitmap
DPtoLP
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
ExcludeClipRect
IntersectClipRect
PtInRegion
MoveToEx
Ellipse
Polyline
CreateEllipticRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateDIBitmap
GetTextExtentPoint32W
GetTextColor
GetBkColor
CreateCompatibleBitmap
CreateDCW
CopyMetaFileW
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
DeleteDC
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExW
Rectangle
SetPixel
StretchBlt
GetClipBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetBkColor
LineTo
SetDIBColorTable
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
SetTextColor

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetFileTitleW

Exports

Exports

FunPlayerPluginExports

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 658KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_a
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_i
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_f
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_p
Size: 512B - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_r
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gma.dll
.dll windows:5 windows x86 arch:x86

8596d45da9d4f8d0913c58f9221801ef

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

82:1b:ec:0f:b8:c5:d6:92:a5:cc:8e:f6:61:37:12:40:3f:10:9d:c2
Signer

Actual PE Digest

82:1b:ec:0f:b8:c5:d6:92:a5:cc:8e:f6:61:37:12:40:3f:10:9d:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\gma.pdb

Imports

iphlpapi

GetIpAddrTable
GetBestInterface
GetBestRoute
SendARP

ws2_32

gethostname
getservbyname
getservbyport
htons
WSAGetLastError
htonl
ntohs
inet_ntoa
WSASetLastError
gethostbyaddr
gethostbyname
inet_addr

advapi32

RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

wininet

HttpQueryInfoW
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoA
InternetGetConnectedState

kernel32

SystemTimeToFileTime
WaitForMultipleObjects
ResumeThread
ResetEvent
OpenEventA
GetSystemInfo
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
InterlockedDecrement
GetPrivateProfileStringW
WritePrivateProfileStringW
GetLastError
ExpandEnvironmentStringsW
CreateEventA
WaitForSingleObject
SetEvent
GetModuleFileNameW
CreateFileW
DeviceIoControl
GetCurrentThreadId
CloseHandle
GetSystemTime
GetTickCount
GetVersionExW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
lstrlenW
FreeLibrary
CreateProcessW
GetSystemDirectoryW
GetSystemDirectoryA
GetCurrentDirectoryW
GetProcAddress
LoadLibraryA
lstrcmpiW
SetWaitableTimer
FindResourceW
LoadResource
WriteFile
SizeofResource
LockResource
DeleteFileW
GetModuleFileNameA
GetConsoleCP
SetFilePointer
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
ExitProcess
HeapCreate
GetLocaleInfoW
GetStdHandle
GetCurrentThread
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
CreateWaitableTimerA
GetACP
IsProcessorFeaturePresent
LCMapStringW
GetCPInfo
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocalTime
GetFileAttributesW
CreateThread
FindResourceExW
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineA
RtlUnwind
ExitThread

shell32

SHGetSpecialFolderPathW
ord51
SHGetFolderPathW
SHGetSpecialFolderPathA
SHCreateDirectoryExW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance

oleaut32

VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SafeArrayUnaccessData
VariantInit
SafeArrayAccessData
SysAllocString
SysFreeString

urlmon

UrlMkGetSessionOption

shlwapi

PathFileExistsW
PathIsRelativeW
PathRemoveFileSpecA
PathAppendW
PathRemoveBackslashW
PathRemoveFileSpecW

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
get_and_update_mac
get_mac_info
get_nic_description
get_time_cost_mac
get_time_cost_mac_main

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icon/MP4.ico
icon/RMVB.ico
lsv.dll
.dll windows:5 windows x86 arch:x86

1d183571eb130dad375e602618d02f9d

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d4:aa:79:a8:e2:f8:c7:7d:73:35:a3:c3:ee:9b:d2:0f:e4:e3:de:84
Signer

Actual PE Digest

d4:aa:79:a8:e2:f8:c7:7d:73:35:a3:c3:ee:9b:d2:0f:e4:e3:de:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\lsv.pdb

Imports

ws2_32

bind
ntohl
ioctlsocket
connect
select
WSAGetLastError
sendto
recv
ntohs
__WSAFDIsSet
closesocket
socket
inet_addr
gethostbyname
htonl
htons

dump

dump
if_dump

quality

report_something

kernel32

SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
SetFilePointer
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
FlushFileBuffers
SystemTimeToFileTime
GetACP
GetTickCount
GetCurrentThreadId
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
GetProcessHeap
HeapAlloc
HeapFree
Sleep
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcessId
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
CreateFileW
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
GetLastError
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
ExitThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
SetLastError
GetProcAddress
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

Exports

Exports

Dll_Get_LoginServer_Object
Dll_Release_LoginServer_Object

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nicdescr.dat
pncrt.dll
.dll windows:4 windows x86 arch:x86

828907b7a8ec04c9c4031e40ef2f76ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
HeapReAlloc
HeapValidate
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
GetSystemTime
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
SetUserHeapAlloc
SetUserHeapCalloc
SetUserHeapFree
SetUserHeapReAlloc
SetUserHeapSize
SetUserHeapValidate
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtHeapAlloc
_CrtHeapCalloc
_CrtHeapFree
_CrtHeapReAlloc
_CrtHeapSize
_CrtHeapValidate
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pndx5016.dll
pndx5032.dll
.dll windows:4 windows x86 arch:x86

3dff24d172f5031d837d000fcf3a81f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GlobalFree
GetVersion
GlobalAlloc
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GlobalFree
GetVersion
GlobalAlloc

pncrt

free
_adjust_fdiv
malloc
_initterm

Exports

Exports

GetDevNodeStatus32Call
thk_ThunkData32

Sections

.text
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pos.ini
ptv.dll
.dll windows:5 windows x86 arch:x86

a43af8599199c87c3c792739e18fbbf6

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:f9:b8:85:b2:97:b1:86:be:17:47:71:4e:4b:4d:0d:18:96:30:42
Signer

Actual PE Digest

09:f9:b8:85:b2:97:b1:86:be:17:47:71:4e:4b:4d:0d:18:96:30:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\ptv.pdb

Imports

ws2_32

WSASend
WSARecv
send
ioctlsocket
WSAGetLastError
WSAConnect
sendto
socket
closesocket
WSASocketA
gethostbyname
inet_ntoa
ntohl
htonl
htons
ntohs
select
__WSAFDIsSet

kernel32

GetCPInfo
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
WaitForSingleObject
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetTickCount
GetCurrentThreadId
GetQueuedCompletionStatus
CreateIoCompletionPort
GetACP
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
ExitThread
GetLastError
CreateThread
GetSystemTimeAsFileTime
HeapFree
HeapReAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
ExitProcess
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId

Exports

Exports

?get_ptvisitor@nsptv@@YAPAVi_ptvisitor@1@XZ
?release_ptvisitor@nsptv@@YAXXZ

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quality.dll
.dll windows:5 windows x86 arch:x86

eaf891f6239016d8780c70c9a643a1d0

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d8:ff:6b:6e:4d:56:cd:e6:c1:df:61:d4:ee:b6:ef:eb:d1:ad:74:04
Signer

Actual PE Digest

d8:ff:6b:6e:4d:56:cd:e6:c1:df:61:d4:ee:b6:ef:eb:d1:ad:74:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\reporter.pdb

Imports

ws2_32

inet_ntoa
gethostname
gethostbyname
ioctlsocket
connect
select
recv
socket
closesocket
send
inet_addr
ntohl
htonl
htons

psapi

GetProcessMemoryInfo

dump

ulvalue_of
svalue_of
svalue
lvalue_of

kernel32

LoadLibraryW
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ResetEvent
GlobalMemoryStatus
CreateEventA
GetCurrentProcess
SetEvent
InterlockedExchange
InterlockedExchangeAdd
CloseHandle
GetTickCount
WaitForSingleObject
InitializeCriticalSection
Sleep
SetStdHandle
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
GetModuleFileNameW
CreateFileW
GetProcAddress
lstrcmpiW
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
WriteFile
SizeofResource
GetLastError
LockResource
DeleteFileW
GetModuleFileNameA
WriteConsoleW
FlushFileBuffers
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
OpenEventA
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetLocaleInfoW
GetStdHandle
ExitProcess
GetProcessHeap
HeapSize
HeapDestroy
HeapCreate
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
LCMapStringW
HeapAlloc
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
RaiseException

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHCreateDirectoryExW

urlmon

UrlMkGetSessionOption

wininet

InternetCloseHandle
InternetOpenA
InternetGetConnectedState
HttpQueryInfoW
InternetSetOptionA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoA

shlwapi

PathFileExistsW

Exports

Exports

DllGetInterface
DllReleaseReporter
report_agent
report_hs
report_initialize
report_mem_info
report_ms_flow
report_nat_traversal
report_open_inline_page
report_play_buffering
report_playing_pausing
report_something
report_system_info
report_task_detail
report_task_state
report_tcp
report_torrent_download
report_track
report_udpt
report_uninitialize
set_run_mode

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rmoc3260.dll
.dll regsvr32 windows:4 windows x86 arch:x86

856609e709a6cabc2acd456e10aed0e4

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:ee:97:f7:6b:56:99:e3:2b:08:af:5d:f8:3a:20:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30/08/2006, 20:44

Not After

15/09/2007, 17:25

Subject

CN=RealNetworks\, Inc.,OU=Software Product Development,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:21:3e:b1:a9:b6:37:1f:ff:1c:dd:ce:74:f4:d0:f5:35:ad:7d:9b
Signer

Actual PE Digest

f0:21:3e:b1:a9:b6:37:1f:ff:1c:dd:ce:74:f4:d0:f5:35:ad:7d:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_initterm
_adjust_fdiv
_ismbcspace
_open
_chsize
_fstat
_onexit
_read
_unlink
_putenv
_write
_sopen
_tell
_lseek
__dllonexit
malloc
_errno
_telli64
_lseeki64
memmove
_vsnprintf
strchr
isdigit
_stricmp
strncmp
printf
getenv
realloc
strstr
_snprintf
atol
atoi
sprintf
strncat
_purecall
??2@YAPAXI@Z
wcslen
wcsncpy
strncpy
strrchr
??3@YAXPAX@Z
free
_strnicmp
_strcmpi
_close
_creat

ole32

CoTaskMemAlloc
CreateBindCtx
CreateOleAdviseHolder
CoTaskMemFree
CoCreateInstance
CoGetMalloc

kernel32

CreateThread
InitializeCriticalSection
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
CloseHandle
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVersionExA
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
lstrcpyA
lstrlenA
lstrcmpA
MultiByteToWideChar
DeleteFileA
WinExec
GetProcAddress
LoadLibraryA
FreeLibrary
SetErrorMode
DeleteCriticalSection
GetLocaleInfoA
GetVersion
GetLastError

user32

CreateDialogParamA
wsprintfA
CharNextA
CharPrevA
IsDialogMessageA
ReleaseDC
GetDC
PtInRect
SendMessageA
SetFocus
BeginPaint
EndPaint
SetParent
IsWindowVisible
GetParent
DefWindowProcA
UnregisterClassA
WinHelpA
GetWindowLongA
ShowWindow
EqualRect
OffsetRect
SetWindowRgn
SetWindowLongA
DestroyWindow
GetWindowRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
GetActiveWindow
LoadStringA
GetDlgItemTextA
SetDlgItemTextA
GetSysColor
FillRect
IntersectRect
CopyRect
GetClientRect
EnumChildWindows
UpdateWindow
LoadCursorA
RegisterClassA
CreateWindowExA
GetKeyState
InvalidateRect
GetClipboardFormatNameA

advapi32

RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyA
RegEnumKeyExA
RegQueryValueA
RegSetValueA
RegEnumKeyA
RegCloseKey

gdi32

LPtoDP
CreateSolidBrush
CreateRectRgnIndirect
DeleteDC
SetMapMode
SetWindowOrgEx
DeleteObject
SetViewportOrgEx
GetDeviceCaps
CreateDCA

oleaut32

VariantClear
VariantInit
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysFreeString
OleCreatePropertyFrame
SetErrorInfo
SysAllocStringLen
RegisterTypeLi
VariantChangeType

urlmon

URLDownloadToCacheFileA
HlinkSimpleNavigateToString
CreateURLMoniker
RegisterBindStatusCallback

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin1/AbnormalPopWndCloseBtn.bmp
skin1/AdPackUpBtn.bmp
skin1/AdTimer.png
.png
skin1/AddListFile.bmp
skin1/AddMore.bmp
skin1/Buffering.gif
.gif
skin1/CaptionText.bmp
skin1/CaptionTextEn.bmp
skin1/CheckBox_Box.bmp
skin1/CheckBox_Check.bmp
skin1/ClearFile.bmp
skin1/Default.fskin
.zip
IeToolBarBack.png
.png
IeToolBarCollect.png
.png
IeToolBarForward.png
.png
IeToolBarFunshionPage.png
.png
IeToolBarGamePage.png
.png
IeToolBarHomePage.png
.png
IeToolBarRefresh.png
.png
IeToolBarShopPage.png
.png
VoiceBtn.bmp
WebToolBarBk.png
.png
bk.png
.png
btn_close.bmp
btn_library.bmp
btn_libraryEn.bmp
btn_max.bmp
btn_menu.bmp
btn_min.bmp
btn_normal.bmp
btn_player.bmp
btn_playerEn.bmp
btn_skin.bmp
icon.png
.png
navigate.png
.png
separator.png
.png
skin1/DelListFile.bmp
skin1/DiskWarnning.bmp
skin1/DownloadJsonClose.bmp
skin1/Family.fskin
.zip
IeToolBarBack.png
.png
IeToolBarCollect.png
.png
IeToolBarForward.png
.png
IeToolBarFunshionPage.png
.png
IeToolBarGamePage.png
.png
IeToolBarHomePage.png
.png
IeToolBarRefresh.png
.png
IeToolBarShopPage.png
.png
VoiceBtn.bmp
WebToolBarBk.png
.png
bk.png
.png
btn_close.bmp
btn_library.bmp
btn_libraryEn.bmp
btn_max.bmp
btn_menu.bmp
btn_min.bmp
btn_normal.bmp
btn_player.bmp
btn_playerEn.bmp
btn_skin.bmp
icon.png
.png
navigate.png
.png
separator.png
.png
skin1/IErrorReshBtn.bmp
skin1/IErrorWndBk.bmp
skin1/LogoMini.bmp
skin1/LogoMiniEn.bmp
skin1/OptionBtnArrow.bmp
skin1/OptionBtnBk.bmp
skin1/OptionBtnDownArrow.bmp
skin1/OptionBtnUpArrow.bmp
skin1/OptionSplidBarHead.bmp
skin1/OptionSplidBarTrail.bmp
skin1/OptionSplideBarBkgnd.bmp
skin1/OptionSplideBarThumb.bmp
skin1/OptionText.bmp
skin1/OptionTextEn.bmp
skin1/PauseAdCloseBtn.bmp
skin1/PauseFlickerBtn.bmp
skin1/PlayInfoCurPlay.bmp
skin1/PlayList.bmp
skin1/PlayListEn.bmp
skin1/PlayTrackBarThumb.bmp
skin1/PlayTrackBarThumbSel.bmp
skin1/PlayerBarBtnFullView.bmp
skin1/PlayerBarBtnNext.bmp
skin1/PlayerBarBtnNextMini.bmp
skin1/PlayerBarBtnNonTop.bmp
skin1/PlayerBarBtnNormal.bmp
skin1/PlayerBarBtnPause.bmp
skin1/PlayerBarBtnPauseMini.bmp
skin1/PlayerBarBtnPlay.bmp
skin1/PlayerBarBtnPlayList.bmp
skin1/PlayerBarBtnPlayMini.bmp
skin1/PlayerBarBtnPre.bmp
skin1/PlayerBarBtnPreMini.bmp
skin1/PlayerBarBtnSimple.bmp
skin1/PlayerBarBtnSimpleEn.bmp
skin1/PlayerBarBtnStop.bmp
skin1/PlayerBarBtnStopMini.bmp
skin1/PlayerBarBtnTop.bmp
skin1/PlayerBarBtnVolMute.bmp
skin1/PlayerBarBtnVolume.bmp
skin1/PlayerBarBtnVolumeMini.bmp
skin1/PlayerBarOpenFile.bmp
skin1/PlayerTipCloseBtn.bmp
skin1/PopUrlCheckBtn.bmp
skin1/PopUrlCheckBtnCheck.bmp
skin1/PopUrlCloseBtn.bmp
skin1/PopUrlCloseBtnAbnormal.bmp
skin1/PopUrlIcon.bmp
skin1/PopUrlMiniBtn.bmp
skin1/Popular.fskin
.zip
IeToolBarBack.png
.png
IeToolBarCollect.png
.png
IeToolBarForward.png
.png
IeToolBarFunshionPage.png
.png
IeToolBarGamePage.png
.png
IeToolBarHomePage.png
.png
IeToolBarRefresh.png
.png
IeToolBarShopPage.png
.png
VoiceBtn.bmp
WebToolBarBk.png
.png
bk.png
.png
btn_close.bmp
btn_library.bmp
btn_libraryEn.bmp
btn_max.bmp
btn_menu.bmp
btn_min.bmp
btn_normal.bmp
btn_player.bmp
btn_playerEn.bmp
btn_skin.bmp
icon.png
.png
navigate.png
.png
separator.png
.png
skin1/RadioBtnBox.bmp
skin1/RadioBtnPt.bmp
skin1/RpcLoading.gif
.gif
skin1/RpcStartDlgBk.bmp
skin1/Scroll.gif
.gif
skin1/ScrollBarDownArrow.bmp
skin1/ScrollBarDownArrowOption.bmp
skin1/ScrollBarUpArrow.bmp
skin1/ScrollBarUpArrowOption.bmp
skin1/ScrollBarVerBkgnd.bmp
skin1/ScrollBarVerBkgndOption.bmp
skin1/ScrollBarVerWidgetBkgnd.bmp
skin1/ScrollBarVerWidgetBkgndOption.bmp
skin1/ScrollBarVerWidgetHead.bmp
skin1/ScrollBarVerWidgetHeadOption.bmp
skin1/ScrollBarVerWidgetMid.bmp
skin1/ScrollBarVerWidgetMidOption.bmp
skin1/ScrollBarVerWidgetTrail.bmp
skin1/ScrollBarVerWidgetTrailOption.bmp
skin1/ScrollLinkBkgnd.bmp
skin1/ShowPlayInfoBtn.bmp
skin1/TaskDelete.bmp
skin1/TaskDownLoad.bmp
skin1/TaskList.bmp
skin1/TaskListEn.bmp
skin1/TaskListStatIcons.png
.png
skin1/TaskListStatSelIcon.png
.png
skin1/TaskManagerCloseBtn.bmp
skin1/TaskManagerCloseTxtBtn.bmp
skin1/TaskPaused.bmp
skin1/TextBtnBk.bmp
skin1/TipTopArrow.bmp
skin1/Tools_skin/BmpDetect.bmp
skin1/Tools_skin/CaptionCloseBtn.bmp
skin1/Tools_skin/CaptionMinBtn.bmp
skin1/Tools_skin/ProblemHelpBtnBk.bmp
skin1/Tools_skin/ProgressBarBK.bmp
skin1/Tools_skin/ProgressBarFG.bmp
skin1/Tools_skin/PromptDlgbtnBk.bmp
skin1/Tools_skin/ReRepairBtnBk.bmp
skin1/Tools_skin/ScrollBarDownArrowOption.bmp
skin1/Tools_skin/ScrollBarUpArrowOption.bmp
skin1/Tools_skin/ScrollBarVerBkgndOption.bmp
skin1/Tools_skin/ScrollBarVerWidgetBkgndOption.bmp
skin1/Tools_skin/ScrollBarVerWidgetHeadOption.bmp
skin1/Tools_skin/ScrollBarVerWidgetMidOption.bmp
skin1/Tools_skin/ScrollBarVerWidgetTrailOption.bmp
skin1/Tools_skin/bmpNormal.bmp
skin1/Tools_skin/bmpOK.bmp
skin1/Tools_skin/bmpRepairFailed.bmp
skin1/Tools_skin/bmpRepairedSuccess.bmp
skin1/Tools_skin/bmpRepairing.bmp
skin1/Tools_skin/bmpdetection.bmp
skin1/Tools_skin/bmpexception.bmp
skin1/Tools_skin/feedbackbtnbk.bmp
skin1/Tools_skin/forumhelpbtnbk.bmp
skin1/Tools_skin/funshionmark.bmp
skin1/Tools_skin/gifChecking.gif
.gif
skin1/Tools_skin/gifRepairing.gif
.gif
skin1/Tools_skin/gifScanning.gif
.gif
skin1/Tools_skin/ignorebtnbk.bmp
skin1/Tools_skin/maindlgbk.bmp
skin1/Tools_skin/problemtabbk.bmp
skin1/Tools_skin/promptdlgBk.bmp
skin1/Tools_skin/question.bmp
skin1/Tools_skin/recheck.bmp
skin1/Tools_skin/repairBtnBk.bmp
skin1/Tools_skin/test.bmp
skin1/TopLeftCornor.bmp
skin1/TopRightCornor.bmp
skin1/UpdateBtmBkgnd.bmp
skin1/UpdateBtmCloseBtn.bmp
skin1/UpdateBtmIgoreBtn.bmp
skin1/UpdateBtmUpdateBtn.bmp
skin1/UpdateCapBkgnd.bmp
skin1/UpdateCaption.bmp
skin1/UpdateIconFail.bmp
skin1/UpdateIconInit.bmp
skin1/UpdateIconSuc.bmp
skin1/VolumeMute.bmp
skin1/VolumeNoMute.bmp
skin1/WebCloseBtn.bmp
skin1/WebCloseBtnRgn.bmp
skin1/WndCloseBtn.bmp
skin1/bmpCleanFile.bmp
skin1/bmpClearDisk.bmp
skin1/bmpError.bmp
skin1/bmpError_IE.bmp
skin1/bmpPlayBarTip.bmp
skin1/bmpPrompt.bmp
skin1/bmpQuestion.bmp
skin1/bmpTimerClose.bmp
skin1/bmpYellowQuestion.bmp
skin1/checkSkin.bmp
skin1/cycle.png
.png
skin1/imgCleanFileBtn.bmp
skin1/imgCloseMini.bmp
skin1/imgFullViewMini.bmp
skin1/imgMinViewMini.bmp
skin1/imgNonTopViewMini.bmp
skin1/imgNormalViewMini.bmp
skin1/imgStandardMini.bmp
skin1/imgStandardMiniEn.bmp
skin1/imgTopViewMini.bmp
skin1/imgVolCtrlBarThumb.bmp
skin1/imgVolCtrlBarThumbSel.bmp
skin1/imgVolCtrlBarThumbSel.png
.png
skin1/list_expend.bmp
skin1/selected.png
.png
skin1/small.zip
.zip
Black.jpg
.jpg
Blue.jpg
.jpg
Default.jpg
.jpg
Default2.jpg
.jpg
Family.jpg
.jpg
Green.jpg
.jpg
KuWo.jpg
.jpg
Universe.jpg
.jpg
Water.jpg
.jpg
pink.jpg
.jpg
skin1/smallerror.bmp
skin1/smallerror.png
.png
skin1/switchToLibrary.bmp
skin1/switchToPlayer.bmp
ttv.dll
.dll windows:5 windows x86 arch:x86

8ec2fcf98a5536afa27dcaa967255093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build2.8.3\Funshion\Rel\symbols\ttv_1.3.1.pdb

Imports

ws2_32

ioctlsocket
gethostbyname
ntohl
ntohs
select
__WSAFDIsSet
connect
htonl
WSAGetLastError
htons
recv
socket
closesocket
send

kernel32

GetProcAddress
ExitThread
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
ResumeThread
ResetEvent
OpenEventA
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetTickCount
GetProcessHeap
GetCurrentThreadId
HeapAlloc
CreateEventA
CloseHandle
HeapFree
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
RaiseException
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
CreateThread
Sleep
HeapSize
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryW
RtlUnwind
HeapReAlloc
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
LCMapStringW
GetStringTypeW

Exports

Exports

get_task_visitor
release_task_visitor

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8dCertificate

Extended Key Usages

02:3a:64Certificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

8b:05:b1:c2:02:13:57:83:86:b1:41:f8:be:52:ff:4b:a3:2b:73:8cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 320KB

.rsrc Size: 32KB - Virtual size: 31KB

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 220B

bf44c9fb48bb8c36b3e2527e7252350d

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 802B

.data Size: 512B - Virtual size: 142B

.reloc Size: 512B - Virtual size: 200B

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

02:3a:64
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

8b:05:b1:c2:02:13:57:83:86:b1:41:f8:be:52:ff:4b:a3:2b:73:8c
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 320KB

.rsrc
Size: 32KB - Virtual size: 31KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 802B

.data
Size: 512B - Virtual size: 142B

.reloc
Size: 512B - Virtual size: 200B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 744B

.rsrc
Size: 512B - Virtual size: 432B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 1024B - Virtual size: 815B

.rdata
Size: 1024B - Virtual size: 690B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 152B