04669ba045ebf699671b06e7b51591bb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

04669ba045ebf699671b06e7b51591bb_JaffaCakes118
Size

2.4MB
MD5

04669ba045ebf699671b06e7b51591bb
SHA1

c148c1b51790da0a5bcb6c1eb28011bc9d341e56
SHA256

b407deee55de1973e16d7a18ea0bab3d29242ec8b3b569be6d123ff147a241a4
SHA512

bbe83ccc72db74816a1235297b08a700b4c843e5e21ff1fd4f134fd184a9c7bf3562ad1a2aae3ca9d8a678dca76921fb9f1f172f6447ce858ba992f4f2e70337
SSDEEP

49152:MhjVmKn66OkhdcldG9jCVlsBW41Uu9xjhwUHduVXQZj9ZVoj:wJzn66OQcldaU6xh7nQj

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
04669ba045ebf699671b06e7b51591bb_JaffaCakes118
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

04669ba045ebf699671b06e7b51591bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
CoCode.dll
.dll windows:5 windows x86 arch:x86

fd41c89ab9f125174e3a5d62ed38c115

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:3f:f6:bb:81:e8:a3:ec:3f:a2:82:32:4a:b2:3d:55:3f:0d:90:4a
Signer

Actual PE Digest

57:3f:f6:bb:81:e8:a3:ec:3f:a2:82:32:4a:b2:3d:55:3f:0d:90:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\myprog\CoCode\CoCode\Release\CoCode.pdb

Imports

kernel32

GetTickCount
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
GetLastError
CreateSemaphoreW
CloseHandle
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleHandleA

Exports

Exports

eric
ericex
ericexex
ericexexex
erichahaha
ericzhao
ericzsq
zhaoeric
zsq
zsqeric

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MediaCenter.ini
SDL.dll
.dll windows:4 windows x86 arch:x86

b80fce02658a1df9c72b537332e94b62

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:35:9b:1d:50:bc:f6:de:fb:b5:21:43:ae:bd:a7:36:98:c8:4a:09
Signer

Actual PE Digest

3f:35:9b:1d:50:bc:f6:de:fb:b5:21:43:ae:bd:a7:36:98:c8:4a:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod
timeGetTime
mciSendCommandA
mciGetErrorStringA
joyGetNumDevs
joyGetPosEx
joyGetDevCapsA
waveOutGetErrorTextA
waveOutOpen
waveOutPrepareHeader
waveOutClose
waveOutUnprepareHeader
waveOutWrite

kernel32

LoadLibraryA
CreateEventA
FormatMessageA
GetLastError
GetDriveTypeA
GetModuleHandleA
CreateMutexA
ReleaseMutex
CreateThread
GetCurrentThreadId
TerminateThread
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
ReleaseSemaphore
CreateSemaphoreA
CloseHandle
WaitForSingleObject
GetCurrentThread
SetThreadPriority
GetVersionExA

user32

ClipCursor
ClientToScreen
GetClientRect
AdjustWindowRect
GetMenu
GetWindowRect
RegisterClassA
LoadImageA
SetTimer
PostMessageA
KillTimer
WindowFromPoint
PtInRect
MapWindowPoints
DestroyCursor
GetCursor
CreateCursor
SetClassLongA
CreateIconFromResourceEx
SetWindowTextA
SetCursor
BeginPaint
EndPaint
PostQuitMessage
SetCursorPos
SetFocus
MapVirtualKeyA
MsgWaitForMultipleObjects
GetAncestor
GetCursorPos
ScreenToClient
SetCapture
ReleaseCapture
GetDesktopWindow
InvalidateRect
TranslateMessage
DestroyIcon
ChangeDisplaySettingsA
IsZoomed
AdjustWindowRectEx
GetSystemMetrics
SetWindowPos
SetForegroundWindow
GetDC
ReleaseDC
EnumDisplaySettingsA
DestroyWindow
GetWindowLongA
SetWindowLongA
CreateWindowExA
ShowWindow
GetKeyboardState
ToAscii
PeekMessageA
DispatchMessageA
GetMessageA
GetKeyState
DefWindowProcA
CallWindowProcA
GetForegroundWindow

gdi32

CreateCompatibleBitmap
CreateDIBSection
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetDIBits
SetDIBColorTable
RealizePalette
SetPaletteEntries
GetDeviceGammaRamp
SetDeviceGammaRamp
GetDeviceCaps
DeleteObject
GetSystemPaletteEntries
SelectPalette
SwapBuffers
ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
CreatePalette

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

strncpy
strncmp
getenv
_ftol
malloc
free
memmove
sprintf
strtol
qsort
realloc
sscanf
signal
exit
_CIpow
fopen
ftell
fseek
fread
fwrite
_iob
fclose
strstr
atoi
_initterm
_adjust_fdiv
fprintf

Exports

Exports

SDL_AddTimer
SDL_AllocRW
SDL_AudioDriverName
SDL_AudioInit
SDL_AudioQuit
SDL_BuildAudioCVT
SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDPlayTracks
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_ClearError
SDL_CloseAudio
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertSurface
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateSemaphore
SDL_CreateThread
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_DisplayFormat
SDL_DisplayFormatAlpha
SDL_DisplayYUVOverlay
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_Error
SDL_EventState
SDL_FillRect
SDL_Flip
SDL_FreeCursor
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_FreeYUVOverlay
SDL_GL_GetAttribute
SDL_GL_GetProcAddress
SDL_GL_LoadLibrary
SDL_GL_Lock
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GL_Unlock
SDL_GL_UpdateRects
SDL_GetAppState
SDL_GetAudioStatus
SDL_GetClipRect
SDL_GetCursor
SDL_GetError
SDL_GetEventFilter
SDL_GetGammaRamp
SDL_GetKeyName
SDL_GetKeyState
SDL_GetModState
SDL_GetMouseState
SDL_GetRGB
SDL_GetRGBA
SDL_GetRelativeMouseState
SDL_GetThreadID
SDL_GetTicks
SDL_GetVideoInfo
SDL_GetVideoSurface
SDL_GetWMInfo
SDL_Has3DNow
SDL_Has3DNowExt
SDL_HasAltiVec
SDL_HasMMX
SDL_HasMMXExt
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickIndex
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickOpened
SDL_JoystickUpdate
SDL_KillThread
SDL_Linked_Version
SDL_ListModes
SDL_LoadBMP_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_LowerBlit
SDL_MapRGB
SDL_MapRGBA
SDL_MixAudio
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PeepEvents
SDL_PollEvent
SDL_PumpEvents
SDL_PushEvent
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_ReadBE16
SDL_ReadBE32
SDL_ReadBE64
SDL_ReadLE16
SDL_ReadLE32
SDL_ReadLE64
SDL_RegisterApp
SDL_RemoveTimer
SDL_SaveBMP_RW
SDL_SemPost
SDL_SemTryWait
SDL_SemValue
SDL_SemWait
SDL_SemWaitTimeout
SDL_SetAlpha
SDL_SetClipRect
SDL_SetColorKey
SDL_SetColors
SDL_SetCursor
SDL_SetError
SDL_SetEventFilter
SDL_SetGamma
SDL_SetGammaRamp
SDL_SetModState
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetTimer
SDL_SetVideoMode
SDL_ShowCursor
SDL_SoftStretch
SDL_ThreadID
SDL_UnloadObject
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UpdateRect
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoInit
SDL_VideoModeOK
SDL_VideoQuit
SDL_WM_GetCaption
SDL_WM_GrabInput
SDL_WM_IconifyWindow
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WM_ToggleFullScreen
SDL_WaitEvent
SDL_WaitThread
SDL_WarpMouse
SDL_WasInit
SDL_WriteBE16
SDL_WriteBE32
SDL_WriteBE64
SDL_WriteLE16
SDL_WriteLE32
SDL_WriteLE64
SDL_mutexP
SDL_mutexV

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SsmpVlogLayerComm.dll
.dll windows:4 windows x86 arch:x86

3cef58becfdad379367411a14bb1cdf7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:90:00:6e:ac:71:fb:90:e8:82:06:d9:f3:b8:17:b7:27:f5:78:65
Signer

Actual PE Digest

49:90:00:6e:ac:71:fb:90:e8:82:06:d9:f3:b8:17:b7:27:f5:78:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sdl

SDL_Delay
SDL_KillThread
SDL_CreateMutex
SDL_GetTicks
SDL_CondWaitTimeout
SDL_CondWait
SDL_CondBroadcast
SDL_CondSignal
SDL_DestroyCond
SDL_CreateCond
SDL_SemValue
SDL_SemPost
SDL_SemWaitTimeout
SDL_SemTryWait
SDL_SemWait
SDL_DestroySemaphore
SDL_CreateSemaphore
SDL_mutexV
SDL_mutexP
SDL_DestroyMutex
SDL_CreateThread

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OutputDebugStringA
InterlockedExchange
Sleep
GetModuleFileNameA
OpenFileMappingA
CreateThread
CloseHandle

ws2_32

sendto
select
WSAGetLastError
htons
WSASocketA
ntohs
inet_addr
recvfrom
recv
__WSAFDIsSet
setsockopt
ioctlsocket
WSAStartup
WSACleanup
inet_ntoa
getsockname
gethostbyname
gethostname
getsockopt
connect
socket
bind
htonl
getpeername
WSAJoinLeaf
send
closesocket

winmm

timeEndPeriod
timeBeginPeriod

msvcrt

?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_stricmp
_strdup
printf
memchr
system
ctime
strchr
tolower
strncmp
isdigit
realloc
_errno
strerror
free
malloc
mktime
strtol
srand
scanf
fread
__CxxFrameHandler
memset
??2@YAPAXI@Z
_close
_write
_lseeki64
memcpy
time
sprintf
rand
sscanf
strtoul
strlen
memmove
_open
fclose
fwrite
fopen
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcmp
strncpy
fgets
localtime
_vsnprintf
atoi
strcpy
_atoi64
strcmp
strcat
_splitpath

iphlpapi

GetTcpTable
GetUdpTable
GetAdaptersInfo

Exports

Exports

smp_agent_destroy
smp_agent_init
smp_check_stream
smp_close_channel
smp_get_datapack_count
smp_get_dll_version
smp_get_last_errno
smp_get_lost_packet_info
smp_get_patch_packet_state
smp_get_send_data_len
smp_get_switch_data_path
smp_get_switch_info
smp_get_upload_state
smp_get_vod_recv_end
smp_logfile_lock
smp_logfile_unlock
smp_open_channel
smp_open_channel_test
smp_openclose_lock
smp_openclose_unlock
smp_set_cfg_path
smp_set_client_bandwidth_value
smp_set_important_lost_packet
smp_set_info
smp_set_localport_type
smp_set_patch_packet_state
smp_set_write_file_info
smp_set_writelog_flag
smp_validate_multicast_bind_address

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UFDeMux.ax
.dll regsvr32 windows:4 windows x86 arch:x86

6bf36bb52a5a6e2eaa7e4b35300682b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:9a:ef:a3:72:8a:70:f8:f8:f7:c6:5a:da:6c:22:c2:ec:92:b2:c0
Signer

Actual PE Digest

21:9a:ef:a3:72:8a:70:f8:f8:f7:c6:5a:da:6c:22:c2:ec:92:b2:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutGetNumDevs

kernel32

CloseHandle
InterlockedExchange
SetThreadPriority
Sleep
InterlockedIncrement
InterlockedDecrement
CreateEventA
VirtualFree
GetCurrentProcess
GetCurrentThreadId
VirtualAlloc
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetTickCount
GetLastError
GetVersionExA
CreateThread
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
DisableThreadLibraryCalls
RaiseException
HeapFree
RtlUnwind
HeapAlloc
GetCommandLineA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
HeapReAlloc
ResetEvent
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
WaitForSingleObject
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
GetEnvironmentStrings

user32

wsprintfA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegEnumValueA

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoCreateInstance
CoFreeUnusedLibraries

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UFSource.ax
.dll regsvr32 windows:4 windows x86 arch:x86

376d0c418d10c2eeaba61ca79a12d2e1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:19:13:85:b9:ea:b4:63:ee:21:57:e4:52:74:4a:e8:66:3b:06:eb
Signer

Actual PE Digest

a9:19:13:85:b9:ea:b4:63:ee:21:57:e4:52:74:4a:e8:66:3b:06:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\FFormat\UFSource\Release\UFSource.pdb

Imports

kernel32

CloseHandle
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
CreateEventA
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetCurrentThreadId
GetTickCount
GetVersionExA
CreateSemaphoreA
InterlockedIncrement
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
VirtualFree
GetCurrentProcess
VirtualAlloc
FreeLibrary
LoadLibraryA
lstrlenA
GetModuleFileNameA
DisableThreadLibraryCalls
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
GetLastError
CreateThread
ResetEvent
SetEvent
InterlockedDecrement
HeapReAlloc
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter

user32

wsprintfA

advapi32

RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA

ole32

StringFromGUID2
CoTaskMemFree
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUPlayer.exe
.exe windows:4 windows x86 arch:x86

cdc28a82c5f93ee4c8db41c7ffe0dc6b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:28:0e:b8:c0:0f:42:50:25:d5:5f:ee:48:75:91:8e:05:68:51:ab
Signer

Actual PE Digest

dd:28:0e:b8:c0:0f:42:50:25:d5:5f:ee:48:75:91:8e:05:68:51:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord4480
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord4272
ord2756
ord4199
ord1569
ord6371
ord4269
ord540
ord538
ord858
ord800
ord3131
ord535
ord1165

msvcrt

__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
__p__commode

kernel32

GetStartupInfoW
GetCommandLineW
GetModuleHandleW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UUPlayer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

f1b092d618f56cc6568ea27e4b33d894

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:be:c6:c0:7a:72:06:31:ba:4c:7f:9e:e7:bd:75:60
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/05/2007, 00:00

Not After

24/05/2008, 23:59

Subject

CN=UUSee Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Multimedia Dept.,O=UUSee Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:c4:15:57:6e:b7:ba:c3:70:41:94:ab:78:b6:f7:c1:a6:8a:9f:2d
Signer

Actual PE Digest

c0:c4:15:57:6e:b7:ba:c3:70:41:94:ab:78:b6:f7:c1:a6:8a:9f:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3670
ord561
ord825
ord3952
ord2724
ord6354
ord1216
ord1168
ord6467
ord1227
ord535
ord800
ord858
ord537
ord540
ord823
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord2396
ord4654
ord3922
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord2860
ord2541
ord4949
ord2864
ord926
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord2514
ord6052
ord1775
ord2385
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord5199
ord5023
ord1089
ord1255
ord1578
ord600
ord826
ord5731
ord2554
ord2512
ord4486
ord6375
ord4643
ord815
ord269
ord1131

msvcrt

wcsncpy
wcslen
__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_adjust_fdiv
malloc
_initterm

kernel32

LocalFree
LocalAlloc

user32

EnableWindow
SendMessageA
FillRect

gdi32

Ellipse
GetStockObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUSeeMediaCenter.exe
.exe windows:4 windows x86 arch:x86

bba500509a63053dbd0f3f4cf41e785d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

de:a3:df:32:4a:f8:cf:79:94:41:7e:bf:cf:ea:e8:a6:7b:13:65:35
Signer

Actual PE Digest

de:a3:df:32:4a:f8:cf:79:94:41:7e:bf:cf:ea:e8:a6:7b:13:65:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mfc42u

ord6376
ord925
ord1771
ord4050
ord861
ord2910
ord1775
ord2634
ord536
ord2933
ord3312
ord6279
ord6278
ord2756
ord5706
ord1570
ord1568
ord2385
ord5349
ord5352
ord5804
ord5199
ord3224
ord2755
ord389
ord4273
ord6655
ord3806
ord1644
ord1197
ord1230
ord551
ord2078
ord6266
ord4294
ord1940
ord2388
ord3341
ord5296
ord5299
ord4074
ord4693
ord5303
ord5285
ord4616
ord817
ord565
ord2718
ord4221
ord2248
ord996
ord613
ord289
ord5819
ord3659
ord415
ord715
ord5637
ord3568
ord640
ord323
ord2854
ord1859
ord2861
ord816
ord5785
ord562
ord283
ord2746
ord1863
ord686
ord5603
ord2754
ord897
ord2400
ord1635
ord2445
ord1854
ord3696
ord500
ord772
ord1173
ord2430
ord6138
ord2559
ord5784
ord5783
ord5871
ord4272
ord3915
ord472
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord6190
ord3688
ord3614
ord3566
ord2855
ord1633
ord5781
ord4215
ord2576
ord3649
ord5568
ord2914
ord807
ord2915
ord2004
ord2112
ord554
ord1172
ord4197
ord5852
ord1192
ord5602
ord4158
ord2745
ord696
ord1258
ord4018
ord2444
ord1808
ord2538
ord3810
ord291
ord1109
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord1717
ord5252
ord4421
ord706
ord1857
ord5095
ord2093
ord5098
ord3346
ord976
ord4147
ord2374
ord5279
ord5250
ord2437
ord674
ord1850
ord2094
ord5469
ord645
ord1856
ord5248
ord1834
ord4140
ord5480
ord3227
ord1134
ord1137
ord4155
ord5801
ord2144
ord1851
ord4689
ord5935
ord5191
ord1995
ord5726
ord3943
ord2177
ord2176
ord4209
ord3102
ord5612
ord988
ord3439
ord3188
ord4157
ord3348
ord6449
ord709
ord411
ord1811
ord3097
ord6150
ord2294
ord4358
ord4052
ord5467
ord4116
ord2381
ord5077
ord1702
ord1706
ord5230
ord6365
ord5275
ord5244
ord2436
ord331
ord4231
ord6644
ord2706
ord5856
ord1614
ord3981
ord3651
ord407
ord326
ord3652
ord408
ord3645
ord401
ord3618
ord366
ord3638
ord394
ord4180
ord909
ord5624
ord3697
ord1083
ord5638
ord773
ord501
ord5446
ord6390
ord5436
ord6379
ord2680
ord3792
ord5431
ord1676
ord1666
ord2620
ord5976
ord2633
ord4117
ord6210
ord6192
ord4293
ord5944
ord3083
ord3866
ord3869
ord3868
ord6194
ord4281
ord4278
ord3132
ord3791
ord5715
ord6088
ord3519
ord4027
ord6091
ord4030
ord2541
ord2425
ord3574
ord726
ord426
ord3785
ord920
ord3805
ord833
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord5298
ord4692
ord5710
ord3733
ord561
ord815
ord826
ord6113
ord1202
ord1131
ord824
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord2717
ord3313
ord5180
ord354
ord1155
ord2822
ord1941
ord4029
ord6191
ord3865
ord4028
ord433
ord5571
ord1565
ord2070
ord2081
ord2072
ord2108
ord2105
ord2106
ord2100
ord2086
ord6608
ord2092
ord2115
ord6437
ord4270
ord1229
ord755
ord470
ord4042
ord3716
ord795
ord556
ord809
ord2372
ord4118
ord1088
ord2114
ord2567
ord4390
ord3569
ord609
ord3084
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord6316
ord4474
ord6238
ord3605
ord656
ord6919
ord6921
ord6920
ord3711
ord790
ord3714
ord793
ord3693
ord765
ord3626
ord683
ord6735
ord6511
ord6354
ord3747
ord2574
ord3635
ord693
ord4238
ord3288
ord956
ord3296
ord6597
ord6688
ord3281
ord4396
ord3728
ord810
ord4266
ord3298
ord3285
ord3292
ord3291
ord3282
ord6153
ord3365
ord2631
ord5491
ord729
ord2496
ord1699
ord430
ord3993
ord6003
ord3211
ord5778
ord4037
ord3393
ord2085
ord3703
ord781
ord2572
ord4394
ord3625
ord682
ord5681
ord3269
ord439
ord736
ord4517
ord4078
ord1937
ord4522
ord4536
ord4538
ord4519
ord4524
ord6871
ord6211
ord860
ord5977
ord2857
ord1235
ord857
ord1143
ord2233
ord465
ord4219
ord535
ord353
ord6381
ord1971
ord665
ord942
ord2810
ord6898
ord6896
ord2606
ord1105
ord823
ord538
ord5679
ord4124
ord940
ord384
ord2088
ord4279
ord5949
ord818
ord2127
ord567
ord3397
ord5286
ord4769
ord4495
ord4494
ord4452
ord3016
ord4768
ord4804
ord1130
ord4493
ord2858
ord5047
ord4718
ord4451
ord2447
ord1637

msvcrt

_CxxThrowException
malloc
_strlwr
_wremove
_vsnprintf
_wsplitpath
fgets
_wcsnicmp
fgetws
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
_itoa
__CxxFrameHandler
strlen
sprintf
memset
memcpy
exit
wcstod
_wcsicmp
_wtoi
wcscmp
_ftol
strcat
strcpy
strcmp
_except_handler3
_purecall
memcmp
fclose
fflush
fwrite
_wfopen
_wtol
rand
srand
time
localtime
wcscpy
swprintf
wprintf
wcsncmp
wcslen
strncat
getenv
atoi
printf
strtok
sscanf
atol
strstr
fopen
fread
ftell
fseek
swscanf
_mbstok
wcscat
memmove
_beginthreadex
free

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
lstrlenW
CreateFileW
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyW
IsBadReadPtr
IsBadCodePtr
lstrcpynW
FormatMessageW
GetVersionExW
CreateProcessW
CloseHandle
ResumeThread
GetExitCodeThread
WideCharToMultiByte
WaitForSingleObject
GetModuleFileNameW
GetProcAddress
MapViewOfFile
CreateFileMappingW
CopyFileW
OpenFileMappingW
LoadLibraryExW
GetProcessTimes
GetProcessHeap
HeapFree
HeapAlloc
GlobalMemoryStatusEx
HeapReAlloc
GetPrivateProfileIntW
IsDebuggerPresent
GetPrivateProfileStructW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetComputerNameW
GetStartupInfoW
LoadLibraryW
WriteFile
TerminateProcess
GetModuleHandleW
VirtualQuery
SetFilePointer
OutputDebugStringW
GetSystemInfo
GetFileSize
FileTimeToDosDateTime
GlobalMemoryStatus
GetSystemTimeAsFileTime
InterlockedDecrement
CreateThread
GetTickCount
CompareStringW
GetTempPathW
GetPrivateProfileStringW
LocalFree
FindClose
FindNextFileA
FindFirstFileA
GetCommandLineW
FreeLibrary
GetLastError
MultiByteToWideChar
WritePrivateProfileStringW
DeleteFileW
SetFileAttributesW
DeleteFileA
GetTempPathA
MoveFileExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Sleep
OpenProcess
FreeResource
LockResource
LoadResource
FindResourceW
UnmapViewOfFile
GetVersion
MulDiv
SetLastError
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
CreateDirectoryW
GetSystemDirectoryW

user32

LoadAcceleratorsW
TranslateAcceleratorW
SetCursor
SetRectEmpty
ReleaseCapture
UpdateWindow
SetCapture
InvalidateRect
PtInRect
IsWindowVisible
GetKeyState
GetWindowRgn
TrackMouseEvent
GetCapture
ScreenToClient
GetDlgCtrlID
RegisterClipboardFormatW
GetMenuDefaultItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
GrayStringW
DrawTextW
TabbedTextOutW
DrawFocusRect
DrawEdge
SetRect
DrawStateW
FillRect
GetMessagePos
GetMenuItemInfoW
InflateRect
CopyRect
OffsetRect
WindowFromDC
GetMenuInfo
IsZoomed
GetIconInfo
GetMenuItemRect
IsMenu
SetMenuInfo
GetSysColor
LoadBitmapW
IsWindow
SetTimer
RemovePropW
PostQuitMessage
GetSystemMetrics
FindWindowW
MoveWindow
SetForegroundWindow
ModifyMenuW
LoadCursorW
SetPropW
BringWindowToTop
BeginPaint
EndPaint
SetWindowLongW
GetWindowLongW
DefWindowProcW
GetWindow
DrawMenuBar
SetMenu
CallNextHookEx
GetClassNameW
CallWindowProcW
GetPropW
UnhookWindowsHookEx
SetWindowsHookExW
IntersectRect
GetDC
ReleaseDC
EqualRect
GetWindowDC
UpdateLayeredWindow
RegisterClassExW
ClientToScreen
RedrawWindow
GetMenuState
GetParent
SendMessageW
RegisterWindowMessageW
SetWindowRgn
GetWindowRect
EnableWindow
CreatePopupMenu
DeleteMenu
IsRectEmpty
RemoveMenu
LoadImageW
GetSystemMenu
LoadMenuW
GetDesktopWindow
GetMenuStringW
InsertMenuW
DestroyIcon
CreateWindowExW
SetWindowPos
wvsprintfW
MessageBoxW
wsprintfW
PostMessageW
GetClientRect
SystemParametersInfoW
keybd_event
LoadIconW
ShowWindow
IsChild
GetFocus
MenuItemFromPoint
GetCursorPos
KillTimer
GetMenu
DestroyMenu
AppendMenuW

gdi32

GetCurrentObject
GetBrushOrgEx
CreateBitmap
StretchBlt
SetBkColor
SetTextColor
GetObjectType
OffsetRgn
CreateRectRgnIndirect
SelectClipRgn
CreateHatchBrush
Escape
ExtTextOutW
TextOutW
SetPixel
GetPixel
RoundRect
Rectangle
RectVisible
PtVisible
GetNearestColor
SetBrushOrgEx
UnrealizeObject
CreateCompatibleBitmap
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetTextExtentPoint32W
GetObjectW
GetStockObject
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
CombineRgn
CreateRoundRectRgn
CreateRectRgn
SetStretchBltMode

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify

comctl32

ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIcon
ImageList_AddMasked
ImageList_Add
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_Replace

ole32

CoInitialize
OleDraw
OleCreate
OleSetContainedObject
CoCreateInstance
OleRun
CoGetMalloc
ProgIDFromCLSID
CLSIDFromString
CoUninitialize

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear
GetErrorInfo

msvcp60

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

PathFileExistsW

psapi

EmptyWorkingSet

imagehlp

CheckSumMappedFile
ImageNtHeader

wininet

InternetQueryOptionW
InternetGetConnectedState
InternetOpenA
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle

iphlpapi

GetAdaptersInfo
GetIpAddrTable
GetBestInterface
GetIpForwardTable

ws2_32

recvfrom
WSAGetLastError
setsockopt
connect
send
recv
inet_ntoa
gethostbyname
htons
socket
WSAStartup
WSACleanup
closesocket
inet_addr
sendto

winmm

waveOutGetNumDevs

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 536KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UUUpgrade.exe
.exe windows:4 windows x86 arch:x86

73a4a79e9d711c2519f8b94dd592967b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:6e:58:f7:fc:41:a6:e8:34:ed:3e:d1:e4:59:fa:84:15:33:8a:5c
Signer

Actual PE Digest

77:6e:58:f7:fc:41:a6:e8:34:ed:3e:d1:e4:59:fa:84:15:33:8a:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mfc42u

ord5286
ord3397
ord4418
ord3634
ord567
ord692
ord2294
ord4270
ord956
ord3798
ord3614
ord3716
ord809
ord795
ord2606
ord556
ord3621
ord3658
ord2406
ord5871
ord1088
ord2114
ord1634
ord2855
ord6195
ord3871
ord3792
ord6354
ord858
ord535
ord6193
ord2854
ord6871
ord2859
ord942
ord5568
ord2910
ord927
ord2810
ord6451
ord823
ord537
ord538
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord4395
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord6865
ord6920
ord6867
ord922
ord925
ord2613
ord1131
ord1196
ord1244
ord4272
ord4124
ord5679
ord5706
ord818
ord663
ord6279
ord6278
ord2755
ord6330
ord2634
ord940
ord3566
ord1143
ord1165
ord348
ord2127
ord1172
ord4219
ord4155
ord2858
ord6211
ord2371
ord1569
ord470
ord4294
ord2078
ord2680
ord3806
ord2637
ord536
ord1941
ord4029
ord1768
ord6051
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord3087
ord4229
ord2362
ord825
ord324
ord540
ord861
ord641
ord800
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord1089
ord755

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
swscanf
_beginthreadex
__p__wpgmptr
_wcsicmp
_wcsnicmp
wcscmp
vswprintf
swprintf
fwrite
fflush
wcscpy
_wfopen
fseek
fclose
wcsstr
wcslen
wcscat
__CxxFrameHandler
ftell

kernel32

ReadProcessMemory
CloseHandle
GetModuleHandleW
Sleep
GetLocalTime
WideCharToMultiByte
GetModuleFileNameW
InitializeCriticalSection
EnterCriticalSection
GetPrivateProfileIntW
GetLastError
FormatMessageW
LocalFree
LeaveCriticalSection
DeleteCriticalSection
lstrcatW
lstrcpyW
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GetVersion
GetCommandLineA
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryExW
SetErrorMode
ExitProcess
GetModuleFileNameA
CreateProcessW
MoveFileExW
DeleteFileW
CopyFileW
GetCommandLineW
GetPrivateProfileSectionW
GetPrivateProfileStringW
TerminateThread
WaitForSingleObject
SetEvent
ResetEvent
GetStartupInfoW
GetCurrentProcess
OpenProcess
lstrcpynW
TerminateProcess
GetShortPathNameW

user32

GetWindowRect
GetParent
LoadCursorW
RedrawWindow
GetCursorPos
KillTimer
FindWindowExW
FindWindowW
SetCursorPos
GetWindowThreadProcessId
EnumWindows
MessageBoxA
GetActiveWindow
SetForegroundWindow
IntersectRect
GetWindow
LoadIconW
GetSystemMetrics
LoadBitmapW
AppendMenuW
GetSystemMenu
DrawIcon
IsIconic
PostMessageW
GetDC
ReleaseDC
InflateRect
InvalidateRect
IsWindow
SetWindowTextW
EnableWindow
SendMessageW
PtInRect
SetWindowLongW
GetClientRect
SetTimer
SetCursor
DestroyCursor
CopyIcon

gdi32

GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
GetStockObject

advapi32

LookupPrivilegeValueW
RegQueryValueExW
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueW

shell32

CommandLineToArgvW
ShellExecuteW

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UUUpgrade.ini
UUUpgrade.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

96b728d2f61b07e251cecc31f89b2ed0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:9d:a8:75:c5:9e:b8:71:df:37:6b:3e:a4:f9:3a:0a:6f:9b:22:e8
Signer

Actual PE Digest

d6:9d:a8:75:c5:9e:b8:71:df:37:6b:3e:a4:f9:3a:0a:6f:9b:22:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupIterateCabinetW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathFileExistsW
SHDeleteKeyW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
SHCreateDirectoryExW

iphlpapi

GetAdaptersInfo

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

mfc42u

ord3820
ord3074
ord4075
ord4418
ord3658
ord1165
ord1143
ord6193
ord6211
ord4294
ord4270
ord2371
ord6451
ord755
ord5871
ord5785
ord6168
ord470
ord6597
ord815
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3665
ord561
ord3947
ord2716
ord6350
ord1213
ord6466
ord1224
ord1869
ord4244
ord2478
ord2679
ord6360
ord3321
ord6361
ord4466
ord5494
ord3273
ord3348
ord3676
ord446
ord743
ord1174
ord4001
ord2719
ord2722
ord2721
ord1223
ord1207
ord348
ord663
ord2431
ord1686
ord5614
ord994
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord3826
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord5002
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord2949
ord2376
ord6366
ord2978
ord3143
ord3255
ord4460
ord2981
ord3075
ord4076
ord4618
ord5821
ord723
ord3941
ord423
ord2855
ord2533
ord4943
ord641
ord2506
ord324
ord922
ord5706
ord1594
ord1128
ord4219
ord941
ord536
ord3806
ord940
ord4273
ord6867
ord1244
ord4453
ord668
ord3176
ord4053
ord2773
ord2762
ord356
ord942
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord711
ord4163
ord413
ord2756
ord1884
ord4247
ord1209
ord4564
ord4666
ord4837
ord5005
ord5261
ord4370
ord4847
ord4992
ord4707
ord6048
ord1767
ord6367
ord5282
ord4432
ord3274
ord4619
ord4419
ord449
ord746
ord2270
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord1941
ord927
ord538
ord925
ord389
ord6055
ord3224
ord5199
ord5804
ord5352
ord2385
ord6868
ord4272
ord2755
ord6414
ord537
ord354
ord5180
ord6381
ord1971
ord2810
ord665
ord860
ord823
ord861
ord5679
ord4124
ord858
ord540
ord2910
ord535
ord800
ord825
ord269
ord826
ord600
ord1571
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1568
ord1173
ord1115
ord1129
ord4897
ord2787

msvcrt

_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
malloc
swscanf
wcsncpy
_ftol
wcscmp
_adjust_fdiv
strncpy
free
realloc
wcslen
__CxxFrameHandler
sprintf
fclose
ftell
fseek
_wfopen
wcscpy
atoi
strtok
strstr
_beginthreadex
fflush
fwrite
swprintf
vswprintf
localtime
time
isalpha
_wcsicmp

kernel32

GetModuleHandleW
lstrlenW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetVersionExW
GetLocalTime
WaitForSingleObject
CloseHandle
GetModuleFileNameW
InitializeCriticalSection
EnterCriticalSection
GetPrivateProfileIntW
TerminateThread
FormatMessageW
LeaveCriticalSection
Sleep
DeleteCriticalSection
WideCharToMultiByte
GetTickCount
GetFileSize
CreateFileW
GetFileAttributesW
MoveFileExW
PulseEvent
ResetEvent
SetEvent
CreateMutexW
DeviceIoControl
CreateFileA
LocalAlloc
GetCurrentProcess
OpenProcess
GetShortPathNameW
TerminateProcess
GetTempPathW
DeleteFileW
SetErrorMode
LoadLibraryExW
FreeLibrary
LocalFree
GetProcAddress
lstrcatW
lstrcpyW
CreateProcessW
GetPrivateProfileSectionW
GetLastError
ReadFile
WriteFile

user32

SetTimer
KillTimer
RedrawWindow
SetRect
GetSystemMetrics
GetWindowRect
GetCursorPos
SetWindowPos
UpdateWindow
SetForegroundWindow
PostMessageW
DrawTextW
SystemParametersInfoW
LoadIconW
DrawIcon
LoadMenuW
GetSubMenu
CharLowerW
EnableWindow
FillRect
PtInRect
SetCursor
GetClientRect
GetSysColor
InflateRect
DrawEdge
LoadCursorW
FindWindowExW
FindWindowW
SetCursorPos

gdi32

CreateSolidBrush
GetDeviceCaps
SelectObject
Rectangle
SetBkMode
SetTextColor
GetStockObject
CreateFontW
DeleteObject
GetObjectW
Ellipse

advapi32

AdjustTokenPrivileges
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW

comctl32

_TrackMouseEvent

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
LoadRegTypeLi
SysStringLen

ws2_32

inet_addr
gethostbyname
sendto
connect
closesocket
send
recv
WSACleanup
WSAStartup
htons
socket

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUWebPlayer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

d211161b4b0dc1dad46077d05d10cf1c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:42:77:6c:7e:c0:a0:8f:50:02:f4:c5:60:ff:98:6c:cb:1b:7c:80
Signer

Actual PE Digest

70:42:77:6c:7e:c0:a0:8f:50:02:f4:c5:60:ff:98:6c:cb:1b:7c:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa
sendto
gethostbyname
htons
socket
WSACleanup
WSAStartup
inet_addr
closesocket

mfc42

ord1182
ord342
ord1243
ord6449
ord2727
ord6467
ord2730
ord2729
ord825
ord6055
ord1776
ord5290
ord3402
ord4424
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord567
ord324
ord2135
ord818
ord2302
ord4234
ord800
ord6197
ord2379
ord823
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord1134
ord824
ord3952
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord2724
ord6354
ord1216
ord1168
ord1227
ord1877
ord4249
ord2486
ord2687
ord1577
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord1177
ord4006
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord1131
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord540
ord423
ord5333
ord2541
ord4949
ord6030
ord6215
ord6195
ord3870
ord2086
ord861
ord2614
ord2864
ord4459
ord924
ord939
ord922
ord941
ord537
ord860
ord6663
ord535
ord858
ord926
ord4202
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord1949
ord4034
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord1575
ord1176
ord1116
ord1132
ord6364
ord6002

msvcrt

_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
free
_onexit
__dllonexit
srand
rand
strncpy
_mbscmp
strchr
strstr
time
localtime
_CxxThrowException
__CxxFrameHandler
sprintf

kernel32

CompareStringA
GetDiskFreeSpaceExA
LocalFree
LocalAlloc
GetVersionExA

user32

BringWindowToTop
IsWindow
EnableWindow
GetParent

ole32

OleRun
CoCreateInstance
CoInitialize

oleaut32

GetErrorInfo
VariantInit
SysAllocString
LoadRegTypeLi
VariantClear

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VsdnRecv.dll
.dll windows:4 windows x86 arch:x86

f987f44d9a218c96526a8ec2a0e186a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c6:af:86:be:5f:8e:ca:5d:08:8d:1f:81:f7:c8:32:79:6f:9f:5d:19
Signer

Actual PE Digest

c6:af:86:be:5f:8e:ca:5d:08:8d:1f:81:f7:c8:32:79:6f:9f:5d:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3584
ord543
ord803
ord5199
ord665
ord5442
ord5773
ord6385
ord5186
ord1979
ord6467
ord1158
ord1168
ord3953
ord2725
ord4277
ord3663
ord5450
ord6394
ord5440
ord6383
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1105
ord941
ord3811
ord5606
ord5860
ord2614
ord500
ord772
ord940
ord939
ord922
ord540
ord2818
ord537
ord2764
ord4278
ord535
ord860
ord924
ord858
ord800
ord823
ord354
ord825
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
printf
_ftol
remove
_access
memset
strncpy
_open
_close
memcpy
atoi
_mbscmp
strcpy
time
srand
rand
strlen
__CxxFrameHandler
sprintf

kernel32

LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
CreateDirectoryA
SetFilePointer
Sleep
CreateFileA
ReadFile
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LocalFree
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
lstrlenA
CloseHandle
OpenFileMappingA
GetModuleFileNameA

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

Exports

Exports

CheckStream
CloseStream
CloseUrl
Exit
GetDeviceInfo
Init
LockLogFile
OpenStream
OpenStreamTest
OpenStreamUni
OpenUrl
SetPatchPacketState
SetPushMode
SetRecvParam
StartStream
StopStream
StopStreamEx
UnlockLogFile
ValidateMulticastIP
VsdnCheckPacketInfo
VsdnCheckRecvPacket
VsdnCheckUrlRecvPacket
VsdnGetChannelID
VsdnGetErrorInfo
VsdnGetPacketInfo
VsdnGetUrlPacketInfo
VsdnRecvExit
VsdnRecvInit

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WSComm.dll
.dll windows:4 windows x86 arch:x86

3181585037d16ed0d72f6873a4118146

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

29:f5:3e:3e:ce:05:6b:48:a3:2e:d0:ad:b2:0c:40:bd:a8:81:8e:4f
Signer

Actual PE Digest

29:f5:3e:3e:ce:05:6b:48:a3:2e:d0:ad:b2:0c:40:bd:a8:81:8e:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord500
ord772
ord800
ord823
ord537
ord6467
ord540
ord858
ord535
ord2818
ord2512
ord860
ord4129
ord5710
ord4277
ord922
ord940
ord4278
ord2764
ord924
ord3811
ord690
ord941
ord5807
ord5204
ord3229
ord268
ord389
ord1567
ord3953
ord2725
ord2763
ord926
ord5860
ord6662
ord6874
ord6648
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2554
ord4486
ord6375
ord825
ord4274

msvcrt

strchr
mktime
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
tolower
_isctype
strncmp
__mb_cur_max
_pctype
_strdup
strcpy
memset
strlen
sprintf
__CxxFrameHandler
rand
srand
time
_stricmp
atoi
_mbscmp
malloc
memmove
realloc
_errno
strerror
free

kernel32

MultiByteToWideChar
LocalFree
LocalAlloc
OutputDebugStringA

ws2_32

gethostbyname
htons
recv
socket
setsockopt
connect
WSAGetLastError
closesocket
inet_ntoa
WSACleanup
WSAStartup
send

Exports

Exports

SsmpVlogDecrypt
SsmpVlogEncryptCompound
SsmpVlogEncryptCompoundEx
SsmpVlogWebserviceComm

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
check_cmd.exe
.exe windows:4 windows x86 arch:x86

5bb0949a332b2dedf4049800738c00f0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:f2:8f:fc:7d:b4:68:32:9c:7b:ad:ac:5d:7f:02:0e:ec:83:5e:47
Signer

Actual PE Digest

16:f2:8f:fc:7d:b4:68:32:9c:7b:ad:ac:5d:7f:02:0e:ec:83:5e:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemDirectoryW
GetVersionExW
GetModuleHandleW
GetCommandLineW
GetConsoleTitleW
CreateFileW
CopyFileW
CloseHandle

user32

EnableWindow
ShowWindow
FindWindowW

mfc42u

ord5261
ord4847
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord800
ord641
ord861
ord540
ord324
ord825
ord2286
ord2354
ord2362
ord4229
ord858
ord6330
ord2634
ord3087
ord4704
ord940
ord2810
ord942
ord4370
ord2438
ord823
ord537
ord561
ord815
ord1568

msvcrt

exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_itoa
_controlfp
_exit
_onexit
__dllonexit
wcscpy
_wtoi
_except_handler3
memmove
wcslen
wcscat
__CxxFrameHandler
_adjust_fdiv

msvcp60

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

ImageNtHeader
CheckSumMappedFile

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
download.dll
.dll windows:4 windows x86 arch:x86

06092623e0ceca9d2f41f99cada61441

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

88:0d:72:33:80:2a:6e:0a:11:21:90:92:a7:6b:70:f6:40:b1:19:7f
Signer

Actual PE Digest

88:0d:72:33:80:2a:6e:0a:11:21:90:92:a7:6b:70:f6:40:b1:19:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord1199
ord1247
ord3584
ord543
ord803
ord941
ord5710
ord2818
ord6283
ord6282
ord5714
ord2614
ord922
ord4278
ord939
ord6663
ord860
ord2764
ord4202
ord5683
ord1158
ord2763
ord269
ord600
ord1578
ord6467
ord1255
ord826
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord924
ord823
ord540
ord858
ord535
ord825
ord800
ord4129
ord537

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
_strdup
strchr
_mkdir
_write
_read
realloc
localtime
_getpid
ctime
printf
atoi
_lseeki64
_close
_stati64
time
_iob
fprintf
_open
_mbsicmp
_ftol
_mbscmp
sprintf
malloc
free
__CxxFrameHandler
_stat

kernel32

RemoveDirectoryA
GetLastError
DeleteFileA
GetTempPathA
GetTickCount
FindClose
MoveFileA
CreateThread
GetVersionExA
LocalFree
LocalAlloc
FindNextFileA
FindFirstFileA
Sleep
InitializeCriticalSection
DeleteCriticalSection
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection

user32

FindWindowA

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA

wsock32

WSACleanup
send
socket
inet_ntoa
connect
closesocket
ioctlsocket
gethostbyname
htons
select
__WSAFDIsSet
recv
WSAStartup
sendto
inet_addr

Exports

Exports

AddIERequest
AddURL
AddWatchURL
CreateDownloadMgr
GetData
GetStatusInfo
GetTotalLength
ReleaseDownloadMgr
Run
SetCachePath
SetCacheSize
SetIEDrag
SetIndex
SetTaskParams

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
in_net.dll
.dll windows:4 windows x86 arch:x86

22d50d98242a7c0b374bed94e8f38697

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:d3:87:a8:b2:0b:a1:63:2a:c2:57:2e:91:a3:b1:03:0c:b6:ee:8c
Signer

Actual PE Digest

8e:d3:87:a8:b2:0b:a1:63:2a:c2:57:2e:91:a3:b1:03:0c:b6:ee:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
TryEnterCriticalSection
Sleep
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReleaseMutex
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OpenMutexA
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemTime
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateMutexA
CreateIoCompletionPort
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
gethostbyname
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
htonl
connect
closesocket
bind

ws2_32

WSAAccept
WSARecv
WSASend
WSASocketA
WSAGetLastError
closesocket

iphlpapi

GetIpAddrTable
GetBestInterface

Exports

Exports

uuseePSPmodlePlugin
uuseePSPmodlePlugin2
uuseePSPmodlePlugin3
uuseePSPmodlePlugin4

Sections

.text
Size: 778KB - Virtual size: 777KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
out_mmshttp.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:f4:e1:db:26:56:4f:62:10:f9:a5:84:a4:6e:da:eb:01:e5:c5:00
Signer

Actual PE Digest

e4:f4:e1:db:26:56:4f:62:10:f9:a5:84:a4:6e:da:eb:01:e5:c5:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

RebootServer2
TestPortUp2
uuseeOutmodulePlugin
uuseeOutmodulePlugin2

Sections

CODE
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
review/bf_bg.gif
.gif
review/local.htm
.html .js polyglot
review/skin1_bufferbar.gif
.gif
review/skin1_bufferbg0.gif
.gif
review/skin1_bufferbg1.gif
.gif
review/skin_fullscreen.gif
.gif
review/skin_mute.gif
.gif
review/skin_pause.gif
.gif
review/skin_play.gif
.gif
review/skin_qback.gif
.gif
review/skin_qnext.gif
.gif
review/skin_share.gif
.gif
review/skin_stop.gif
.gif
review/skin_volume.gif
.gif
review/skin_volumebar.gif
.gif
review/skin_volumebarbg.gif
.gif
review/skin_volumebarbg2.gif
.gif
rmsp011.ax
.dll regsvr32 windows:4 windows x86 arch:x86

048968259072da98ce3384f5378d92f3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:f1:ec:6e:11:40:e3:5b:e6:e9:33:76:33:bd:cd:d2:bf:50:5a:16
Signer

Actual PE Digest

63:f1:ec:6e:11:40:e3:5b:e6:e9:33:76:33:bd:cd:d2:bf:50:5a:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Video\mpc-hc_svn\bin\x86\RealMediaSplitter.pdb

Imports

kernel32

SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameW
LocalAlloc
GlobalAddAtomW
WritePrivateProfileStringW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetModuleHandleA
GlobalFlags
CompareStringW
GetVersionExA
LoadLibraryA
GlobalFindAtomW
HeapFree
RtlUnwind
HeapAlloc
GetCommandLineA
GetProcessHeap
WriteFile
ExitProcess
SetStdHandle
GetFileType
VirtualQuery
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ReadFile
GetThreadLocale
GetFileTime
GetFileSize
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
SetLastError
DeleteFileW
Sleep
RaiseException
GetModuleFileNameW
GetVersion
CreateFileW
GetVolumeInformationW
FindFirstFileW
FindClose
DisableThreadLibraryCalls
CreateThread
GetVersionExW
GetTickCount
GetCurrentThread
SetThreadPriority
GetModuleHandleW
InterlockedExchange
VirtualAlloc
CreateSemaphoreW
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
CloseHandle
lstrcpynW
InterlockedDecrement
InterlockedIncrement
lstrcmpW
GetLastError
lstrlenA
lstrlenW
GetSystemDirectoryW
GetModuleFileNameA
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
HeapReAlloc

user32

LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UnregisterClassA
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
UnregisterClassW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
CharUpperW
GetSystemMetrics
DestroyMenu
ShowWindow
SetWindowPos
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
PostMessageW
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetRect
DispatchMessageW
RegisterWindowMessageW
PeekMessageW
GetSysColorBrush

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SetViewportExtEx
PtVisible
SaveDC
OffsetViewportOrgEx
CreateBitmap
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
SetBkColor
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
RectVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathRemoveFileSpecA
PathFileExistsW
PathAppendW
PathAddBackslashW
PathAddBackslashA
PathFindFileNameW

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString

oleaut32

VariantInit
VariantChangeType
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
seeplayer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9ae929b79bfaec30a250821d6473e23d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:98:89:ed:4b:35:8b:35:01:7c:61:bc:21:5b:7b:3b:c8:9f:ba:63
Signer

Actual PE Digest

08:98:89:ed:4b:35:8b:35:01:7c:61:bc:21:5b:7b:3b:c8:9f:ba:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\MyFiles\myProject\TrafficLight\UPlayer\release\UPlayer.pdb

Imports

wmvcore

WMCreateWriter
WMCreateReader

iphlpapi

GetIpAddrTable
GetBestInterface
GetAdaptersInfo

msdmo

DMOEnum

kernel32

GetCPInfo
GetOEMCP
FindClose
FindFirstFileA
GetFileAttributesA
GetFileTime
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
FindResourceExA
GetProfileIntA
GetSystemTimeAsFileTime
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
GlobalFlags
RtlUnwind
HeapSize
SetStdHandle
GetFileType
GetTimeZoneInformation
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetUserDefaultLCID
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameW
GetThreadLocale
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalSize
FormatMessageA
ReleaseMutex
CreateMutexA
GetProcessHeap
HeapFree
GetModuleHandleA
LoadLibraryExA
GlobalFree
IsDBCSLeadByte
InterlockedExchange
CompareStringW
lstrcmpiA
CompareStringA
GetVersion
LocalFree
OpenFileMappingA
GetSystemDirectoryA
CopyFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetVersionExA
TerminateThread
SetFileAttributesA
GetPrivateProfileStringA
CreateThread
GetPrivateProfileIntA
SetThreadPriority
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateProcessA
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
GlobalLock
InitializeCriticalSection
GetModuleFileNameA
EnterCriticalSection
GlobalUnlock
MulDiv
LeaveCriticalSection
lstrlenW
SetLastError
RaiseException
lstrcmpA
CreateEventA
InterlockedIncrement
SetEvent
WaitForSingleObject
CloseHandle
Sleep
GetCurrentThreadId
FindResourceA
InterlockedDecrement
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenA
GetLastError
MultiByteToWideChar
GetTempPathA
DeleteFileA
GetTickCount
GetCurrentProcessId
OutputDebugStringA
InterlockedCompareExchange
IsProcessorFeaturePresent
GetCommandLineA

user32

GetSysColorBrush
UnregisterClassA
LockWindowUpdate
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetRectEmpty
RegisterClipboardFormatA
SetWindowRgn
IsRectEmpty
CreateMenu
DestroyMenu
DrawEdge
SetCursor
GetMessageA
GetActiveWindow
ValidateRect
PostQuitMessage
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
InflateRect
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetActiveWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
GetMenu
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
SetWindowPlacement
GetDlgCtrlID
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
GetMenuState
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
SetForegroundWindow
GetForegroundWindow
GetCursorPos
WindowFromPoint
SystemParametersInfoA
UpdateWindow
GetSystemMetrics
SetParent
CharUpperA
LoadImageA
CopyRect
wsprintfW
SetRect
EnableWindow
ShowWindow
GetWindowRect
SetCapture
IsChild
ReleaseCapture
GetFocus
LoadCursorA
GetWindowTextA
BeginPaint
SetFocus
CharNextA
SetWindowTextA
PostThreadMessageA
GetDCEx
GetWindow
MessageBoxA
MessageBeep
GetNextDlgGroupItem
GetDialogBaseUnits
GetTabbedTextExtentA
DestroyIcon
IsWindowVisible
CopyAcceleratorTableA
wsprintfA
DestroyWindow
GetSysColor
FillRect
UnhookWindowsHookEx
GetClassInfoExA
CallWindowProcA
InvalidateRect
SetWindowsHookExA
CallNextHookEx
SendMessageA
RegisterClassExA
RedrawWindow
IsWindow
InvalidateRgn
EndPaint
CreateAcceleratorTableA
GetDlgItem
DestroyAcceleratorTable
GetDC
GetClientRect
ReleaseDC
EnumChildWindows
ClientToScreen
GetDesktopWindow
DefWindowProcA
ScreenToClient
GetWindowLongA
SetWindowPos
SetWindowLongA
MoveWindow
RegisterWindowMessageA
GetClassNameA
GetParent
GetWindowTextLengthA
CreateWindowExA
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
GetMenuStringA

gdi32

CreatePen
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
GetBkColor
GetTextColor
LPtoDP
OffsetViewportOrgEx
CloseMetaFile
DeleteMetaFile
GetTextExtentPoint32A
GetRgnBox
GetTextAlign
GetTextMetricsA
EnumFontFamiliesExA
Rectangle
UnrealizeObject
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
GetCurrentPositionEx
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
CreateMetaFileA
GetObjectA
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetTextAlign
MoveToEx
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
SetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegDeleteKeyA
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
RegOpenKeyExA
RegQueryValueExA

shell32

ExtractIconA

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameA
PathFileExistsA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

ReadClassStm
CLSIDFromString
CoInitialize
OleRun
CLSIDFromProgID
OleUninitialize
CoTaskMemAlloc
OleInitialize
StringFromGUID2
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemFree
GetRunningObjectTable
CreateItemMoniker
CoTaskMemRealloc
ReadFmtUserTypeStg
StringFromCLSID
ReleaseStgMedium
OleDuplicateData
CoRegisterClassObject
CoRevokeClassObject
CreateDataCache
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
CreateOleAdviseHolder
OleSaveToStream
CoDisconnectObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleLoadFromStream
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreatePropertyFrame
RegisterTypeLi
GetErrorInfo
VarUI4FromStr
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
OleLoadPicture
OleCreatePictureIndirect
VariantInit

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

gethostbyname
WSAStartup
sendto
htons
socket
closesocket
inet_addr
WSACleanup
inet_ntoa

wininet

HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetConnectA
InternetQueryDataAvailable
HttpQueryInfoA
HttpOpenRequestA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 612KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skins/UUPlayer/About_Engine.bmp
skins/UUPlayer/Ctrl_CheckBox_1_Engine.bmp
skins/UUPlayer/Ctrl_CheckBox_2_Engine.bmp
skins/UUPlayer/Ctrl_CheckBox_3_Engine.bmp
skins/UUPlayer/Ctrl_CheckBox_4_Engine.bmp
skins/UUPlayer/Ctrl_CheckBox_C1_Engine.bmp
skins/UUPlayer/Ctrl_CheckBox_C2_Engine.bmp
skins/UUPlayer/Ctrl_CheckBox_C3_Engine.bmp
skins/UUPlayer/Ctrl_CheckBox_C4_Engine.bmp
skins/UUPlayer/Ctrl_ComboBox_1_Engine.bmp
skins/UUPlayer/Ctrl_ComboBox_2_Engine.bmp
skins/UUPlayer/Ctrl_ComboBox_3_Engine.bmp
skins/UUPlayer/Ctrl_ComboBox_4_Engine.bmp
skins/UUPlayer/Ctrl_Edit_1_Engine.bmp
skins/UUPlayer/Ctrl_Edit_4_Engine.bmp
skins/UUPlayer/Ctrl_PushButton_1_Engine.bmp
skins/UUPlayer/Ctrl_PushButton_2_Engine.bmp
skins/UUPlayer/Ctrl_PushButton_3_Engine.bmp
skins/UUPlayer/Ctrl_PushButton_4_Engine.bmp
skins/UUPlayer/Ctrl_RadioButton_1_Engine.bmp
skins/UUPlayer/Ctrl_RadioButton_2_Engine.bmp
skins/UUPlayer/Ctrl_RadioButton_3_Engine.bmp
skins/UUPlayer/Ctrl_RadioButton_4_Engine.bmp
skins/UUPlayer/Ctrl_RadioButton_C1_Engine.bmp
skins/UUPlayer/Ctrl_RadioButton_C2_Engine.bmp
skins/UUPlayer/Ctrl_RadioButton_C3_Engine.bmp
skins/UUPlayer/Ctrl_RadioButton_C4_Engine.bmp
skins/UUPlayer/Dlg_Back_Engine.bmp
skins/UUPlayer/Dlg_Detect_Engine.bmp
skins/UUPlayer/Dlg_Frame_1_Engine.bmp
skins/UUPlayer/Dlg_Frame_2_Engine.bmp
skins/UUPlayer/Dlg_Frame_3_Engine.bmp
skins/UUPlayer/Icon_Information_Engine.bmp
skins/UUPlayer/Icon_Question_Engine.bmp
skins/UUPlayer/Icon_Stop_Engine.bmp
skins/UUPlayer/ListHeader_1_Engine.bmp
skins/UUPlayer/ListHeader_2_Engine.bmp
skins/UUPlayer/ListHeader_3_Engine.bmp
skins/UUPlayer/ListHeader_ArrowD_Engine.bmp
skins/UUPlayer/ListHeader_ArrowU_Engine.bmp
skins/UUPlayer/ListHeader_SP_Engine.bmp
skins/UUPlayer/Resource.h
skins/UUPlayer/Resource_Engine.h
skins/UUPlayer/Setting_Group_1_1_Engine.bmp
skins/UUPlayer/Setting_Group_1_2_Engine.bmp
skins/UUPlayer/Setting_Group_1_3_Engine.bmp
skins/UUPlayer/Setting_Group_2_1_Engine.bmp
skins/UUPlayer/Setting_Group_2_2_Engine.bmp
skins/UUPlayer/Setting_Group_2_3_Engine.bmp
skins/UUPlayer/Setting_Group_3_1_Engine.bmp
skins/UUPlayer/Setting_Group_3_2_Engine.bmp
skins/UUPlayer/Setting_Group_3_3_Engine.bmp
skins/UUPlayer/Setting_Group_4_1_Engine.bmp
skins/UUPlayer/Setting_Group_4_2_Engine.bmp
skins/UUPlayer/Setting_Group_4_3_Engine.bmp
skins/UUPlayer/Setting_Group_5_1_Engine.bmp
skins/UUPlayer/Setting_Group_5_2_Engine.bmp
skins/UUPlayer/Setting_Group_5_3_Engine.bmp
skins/UUPlayer/UUSEE_Engine.ui
skins/UUPlayer/Wnd_Setting_1_Engine.bmp
skins/UUPlayer/Wnd_Setting_2_Engine.bmp
skins/UUPlayer/Wnd_Setting_3_Engine.bmp
trafficlight.dll
.dll windows:4 windows x86 arch:x86

4241aaf1ba94564d5fa53d1108a676b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:62:c9:43:da:8d:04:f7:e9:cc:17:fa:a7:90:bc:d0:10:7e:75:17
Signer

Actual PE Digest

f1:62:c9:43:da:8d:04:f7:e9:cc:17:fa:a7:90:bc:d0:10:7e:75:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetBestInterface
GetAdaptersInfo
GetIpAddrTable

kernel32

WritePrivateProfileStringA
GlobalFlags
GetCPInfo
GetOEMCP
MoveFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
RtlUnwind
RaiseException
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
ExitProcess
HeapSize
GetStdHandle
GetACP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
VirtualFree
HeapDestroy
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
GetThreadLocale
GlobalGetAtomNameA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
SetErrorMode
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
ReleaseMutex
CreateMutexA
GetModuleFileNameA
CreateThread
GetCommandLineA
GetModuleHandleA
lstrlenA
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
LocalFree
OpenFileMappingA
FreeLibrary
LoadLibraryA
GetProcAddress
CopyFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileSize
GetSystemDirectoryA
CreateFileA
GetVersionExA
DeleteFileA
GetWindowsDirectoryA
SetEvent
WaitForMultipleObjects
TerminateThread
GetLastError
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
ResetEvent
WaitForSingleObject
CloseHandle
InterlockedIncrement
SetThreadPriority
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetTickCount
GetCurrentThreadId
Sleep
OutputDebugStringA
VirtualAlloc

user32

SetWindowTextA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
DestroyMenu
SetForegroundWindow
ShowWindow
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextA

gdi32

ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
SaveDC
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
PtVisible

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantClear
VariantInit

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

imagehlp

ImageNtHeader
CheckSumMappedFile

ws2_32

WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
listen
WSAEnumNetworkEvents
WSAGetLastError
closesocket
htons
WSAStartup
WSASend
WSAAccept
WSACleanup
bind
WSACloseEvent
WSARecv
socket
inet_addr
sendto
inet_ntoa
WSASocketA

Exports

Exports

GetChannelCtrl
GetDownloadCtrl

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:73:78:cf:75:af:e5:18:82:71:8b:4b:7e:14:5b:64:61:2c:96:48
Signer

Actual PE Digest

b6:73:78:cf:75:af:e5:18:82:71:8b:4b:7e:14:5b:64:61:2c:96:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uusee_base_update.ini
vermini.ini
vermini_x.ini
vermini_x1.ini
videoAccDll.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:83:61:19:07:11:af:4d:c4:ad:88:d8:1a:d4:09:b2:24:51:81:1a
Signer

Actual PE Digest

40:83:61:19:07:11:af:4d:c4:ad:88:d8:1a:d4:09:b2:24:51:81:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

binddll
binddllT
binddllT2
clearurllist
destroydll
getstatus
getstatusInfo
initdll
setguidT
setguidT2
setoutdll
setoutdllT
settrueoutdll
startdll
startdllex
stopT
stopT2

Sections

CODE
Size: 559KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 288KB

.rsrc Size: 4KB - Virtual size: 4KB

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

fd41c89ab9f125174e3a5d62ed38c115

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 288KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

57:3f:f6:bb:81:e8:a3:ec:3f:a2:82:32:4a:b2:3d:55:3f:0d:90:4a
Signer

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

3f:35:9b:1d:50:bc:f6:de:fb:b5:21:43:ae:bd:a7:36:98:c8:4a:09
Signer

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 41KB

.rsrc
Size: 4KB - Virtual size: 792B

.reloc
Size: 12KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate