0585fa29c0a2d33469b9e4d53cb2b24d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0585fa29c0a2d33469b9e4d53cb2b24d_JaffaCakes118
Size

3.5MB
MD5

0585fa29c0a2d33469b9e4d53cb2b24d
SHA1

0225c049136550292ae8773ec985987ca905ee7f
SHA256

8b250766300791bc6fd3ff827248e885fb2f3dcbfd3788d3a3e909d859de0312
SHA512

bf39e908757d84ec10bf8d54d1d0c190dd2149590e16234e8d347f198e7989329ed5181a2b304980a52b00e64986bdd4734cbc6b5ac6535feadbbc135630cb09
SSDEEP

98304:iXPNmby7lVjxj2PFzmgZ1AnIsFRu4FGMBYzRB0V:iXPNrbh2PFzmgAnI6sRBg

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/System.dll

Files

0585fa29c0a2d33469b9e4d53cb2b24d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:e9:e4:78:cc:fb:3a:b8:76:7c:8c:59:e4:0c:f5:ce:4b:3c:4b:ef
Signer

Actual PE Digest

6e:e9:e4:78:cc:fb:3a:b8:76:7c:8c:59:e4:0c:f5:ce:4b:3c:4b:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 964KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$R0.exe
.exe windows:5 windows x86 arch:x86

5634c03920ee3f5fa1775a4e72ac72a3

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8d
Signer

Actual PE Digest

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\europe_screenshot\Release\InstallHelper.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
GlobalFree
OpenProcess
LocalFree
GetCurrentProcess
CreateDirectoryW
GetModuleFileNameW
WritePrivateProfileStringW
GetModuleHandleExW
SetLocalTime
WaitForSingleObject
GetCommandLineW
GetTimeFormatW
GetDateFormatW
CreateProcessW
GetExitCodeProcess
GetUserDefaultLangID
QueryDosDeviceW
GetLogicalDriveStringsW
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
CancelIo
WaitForMultipleObjects
CreateEventW
SetEndOfFile
SetFilePointerEx
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
SetEvent
GetFileAttributesW
TerminateProcess
CopyFileW
GetTempPathW
GetUserDefaultUILanguage
GetLocalTime
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
ReleaseMutex
GetFileSizeEx
GetTimeFormatA
FindResourceW
GetStringTypeA
GetLocaleInfoA
LoadResource
SizeofResource
LockResource
FreeResource
GetNativeSystemInfo
GetProcessHeap
HeapAlloc
Sleep
HeapFree
AreFileApisANSI
GetVersionExW
CreateMutexW
GetLastError
GetModuleHandleW
GetSystemInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
LoadLibraryW
GetProcAddress
ReadFile
FreeLibrary
ExpandEnvironmentStringsW
GetTickCount
CreateFileW
FreeEnvironmentStringsW
HeapSize
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
SetHandleCount
LCMapStringW
LCMapStringA
GetStartupInfoW
GetSystemTimeAsFileTime
LoadLibraryA
RtlUnwind
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
lstrlenA
lstrlenW
WriteFile
CloseHandle
VirtualQueryEx
ReadProcessMemory
GetPrivateProfileStringW
AddVectoredExceptionHandler
MoveFileExW
DeleteFileW
GetDateFormatA
GetUserDefaultLCID
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesA
SetConsoleCtrlHandler
IsValidLocale
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
FindResourceExW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetLogicalDrives
CreateFileMappingW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetVolumeInformationW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Module32NextW
VirtualProtect
Module32FirstW
GetPrivateProfileIntW
HeapCreate
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetCurrentThreadId
GetEnvironmentStringsW

user32

wsprintfW
PostMessageW
MessageBoxExW

advapi32

SetNamedSecurityInfoW
OpenSCManagerW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RevertToSelf
CloseServiceHandle
QueryServiceStatusEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
GetNamedSecurityInfoW
SetEntriesInAclW
OpenServiceW
DeleteService
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
EnumDependentServicesW
ControlService

shell32

ord165
SHFileOperationW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
OleRun
StringFromGUID2
CoCreateGuid

oleaut32

VariantClear
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathCombineW
StrStrIW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathIsRootW
PathQuoteSpacesW
StrChrW
PathMatchSpecW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW
SHDeleteKeyW
PathIsURLW
PathIsDirectoryW
PathRemoveExtensionW
PathAppendW
PathRemoveBackslashW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleInformation

wintrust

WinVerifyTrust

imm32

ImmDisableIME

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpOpen
WinHttpSetStatusCallback
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryOption
WinHttpReadData
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSetOption
WinHttpCloseHandle

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/InstallHelper.exe
.exe windows:5 windows x86 arch:x86

5634c03920ee3f5fa1775a4e72ac72a3

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8d
Signer

Actual PE Digest

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\europe_screenshot\Release\InstallHelper.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
GlobalFree
OpenProcess
LocalFree
GetCurrentProcess
CreateDirectoryW
GetModuleFileNameW
WritePrivateProfileStringW
GetModuleHandleExW
SetLocalTime
WaitForSingleObject
GetCommandLineW
GetTimeFormatW
GetDateFormatW
CreateProcessW
GetExitCodeProcess
GetUserDefaultLangID
QueryDosDeviceW
GetLogicalDriveStringsW
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
CancelIo
WaitForMultipleObjects
CreateEventW
SetEndOfFile
SetFilePointerEx
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
SetEvent
GetFileAttributesW
TerminateProcess
CopyFileW
GetTempPathW
GetUserDefaultUILanguage
GetLocalTime
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
ReleaseMutex
GetFileSizeEx
GetTimeFormatA
FindResourceW
GetStringTypeA
GetLocaleInfoA
LoadResource
SizeofResource
LockResource
FreeResource
GetNativeSystemInfo
GetProcessHeap
HeapAlloc
Sleep
HeapFree
AreFileApisANSI
GetVersionExW
CreateMutexW
GetLastError
GetModuleHandleW
GetSystemInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
LoadLibraryW
GetProcAddress
ReadFile
FreeLibrary
ExpandEnvironmentStringsW
GetTickCount
CreateFileW
FreeEnvironmentStringsW
HeapSize
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
SetHandleCount
LCMapStringW
LCMapStringA
GetStartupInfoW
GetSystemTimeAsFileTime
LoadLibraryA
RtlUnwind
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
lstrlenA
lstrlenW
WriteFile
CloseHandle
VirtualQueryEx
ReadProcessMemory
GetPrivateProfileStringW
AddVectoredExceptionHandler
MoveFileExW
DeleteFileW
GetDateFormatA
GetUserDefaultLCID
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesA
SetConsoleCtrlHandler
IsValidLocale
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
FindResourceExW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetLogicalDrives
CreateFileMappingW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetVolumeInformationW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Module32NextW
VirtualProtect
Module32FirstW
GetPrivateProfileIntW
HeapCreate
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetCurrentThreadId
GetEnvironmentStringsW

user32

wsprintfW
PostMessageW
MessageBoxExW

advapi32

SetNamedSecurityInfoW
OpenSCManagerW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RevertToSelf
CloseServiceHandle
QueryServiceStatusEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
GetNamedSecurityInfoW
SetEntriesInAclW
OpenServiceW
DeleteService
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
EnumDependentServicesW
ControlService

shell32

ord165
SHFileOperationW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
OleRun
StringFromGUID2
CoCreateGuid

oleaut32

VariantClear
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathCombineW
StrStrIW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathIsRootW
PathQuoteSpacesW
StrChrW
PathMatchSpecW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW
SHDeleteKeyW
PathIsURLW
PathIsDirectoryW
PathRemoveExtensionW
PathAppendW
PathRemoveBackslashW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleInformation

wintrust

WinVerifyTrust

imm32

ImmDisableIME

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpOpen
WinHttpSetStatusCallback
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryOption
WinHttpReadData
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSetOption
WinHttpCloseHandle

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashReport.exe
.exe windows:5 windows x86 arch:x86

a613c0499f7681c152f63aa1d27396a6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:53:84:c9:1a:32:37:d4:77:25:18:53:63:ad:ab:11:1a:54:0d:22
Signer

Actual PE Digest

3b:53:84:c9:1a:32:37:d4:77:25:18:53:63:ad:ab:11:1a:54:0d:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\work\crash_report\bavOutput\Pdb\Release\CrashReport.pdb

Imports

psapi

GetProcessMemoryInfo
QueryWorkingSet
GetModuleFileNameExW
GetModuleInformation

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

VirtualQueryEx
WriteFile
FindNextFileW
DeleteFileW
FindFirstFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatus
ReadProcessMemory
GetLocalTime
OpenThread
ExpandEnvironmentStringsW
InterlockedExchange
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
ReadFile
GetTempFileNameW
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
GetTempPathW
CreateFileMappingW
RemoveDirectoryW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetCurrentProcessId
GetVolumeInformationW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
InterlockedCompareExchange
SystemTimeToFileTime
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
GetPrivateProfileIntW
Module32NextW
VirtualProtect
Module32FirstW
HeapCreate
HeapAlloc
CreateEventW
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
CreateFileW
lstrlenA
SetEndOfFile
GetModuleFileNameA
SetEvent
ExitProcess
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetFileAttributesW
GetSystemTimeAsFileTime
GetStartupInfoW
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
GetCurrentThreadId
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetProcAddress
GetTickCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
WideCharToMultiByte
TerminateProcess
Sleep
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
CreateProcessW
GetCommandLineW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
LocalFree
GetNativeSystemInfo
IsWow64Process
OpenProcess
LoadLibraryW
WaitForSingleObject
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
lstrcmpiW
InterlockedDecrement
GetStdHandle
InterlockedIncrement
GetLastError
RaiseException
lstrlenW
GetVersionExW
MultiByteToWideChar
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
AddVectoredExceptionHandler
SetHandleCount
WriteConsoleW

user32

GetClassNameW
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
GetWindowTextW
SetTimer
LoadMenuW
LoadAcceleratorsW
CreateWindowExW
GetClassInfoExW
LoadImageW
RegisterClassExW
DestroyWindow
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
LoadCursorW
PtInRect
IsWindow
MessageBeep
TrackPopupMenuEx
CallWindowProcW
LoadStringA
LoadStringW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
CreatePopupMenu
SetWindowLongW
SendMessageW
InvalidateRect
TranslateAcceleratorW
PostQuitMessage
DrawTextW
DestroyCursor
TrackMouseEvent
GetWindowDC
UpdateLayeredWindow
GetCursorPos
ScreenToClient
SetCursor
GetFocus
DefWindowProcW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SetFocus
KillTimer
ReleaseDC
SetWindowTextW
GetWindowLongW
PostMessageW
PeekMessageW
UnregisterClassA

gdi32

CreateCompatibleDC
SelectObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
CreateFontW
GetBitmapBits
SetBitmapBits
RestoreDC
DeleteDC
DeleteObject
SaveDC
CreateDIBSection

advapi32

OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
QueryServiceStatus
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
CreateServiceW
RegEnumValueW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RevertToSelf
LookupPrivilegeValueW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

SHDeleteKeyW
PathStripPathW
PathGetDriveNumberW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathAppendW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpCloseHandle

Sections

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CrashReportModuleConf.ini
CrashUL.exe
.exe windows:5 windows x86 arch:x86

f44dc83c9c4a46e804d2ff12d89499bc

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:c9:2a:11:a5:0c:23:6a:c0:0e:44:00:3d:6a:bd:46:cb:26:0c:de
Signer

Actual PE Digest

2f:c9:2a:11:a5:0c:23:6a:c0:0e:44:00:3d:6a:bd:46:cb:26:0c:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\work\crash_report\bavOutput\Pdb\Release\CrashUL.pdb

Imports

winhttp

WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
CreateDirectoryA
FindFirstFileW
FindNextFileW
FindClose
DeleteFileA
InterlockedCompareExchange
ExpandEnvironmentStringsA
GetModuleFileNameA
InterlockedExchange
CopyFileW
CreateFileA
WriteFile
SetFilePointer
GetNativeSystemInfo
IsWow64Process
GetCurrentProcess
GetVersionExW
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
ReadFile
GetLocalTime
SystemTimeToFileTime
GetTickCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
CreateDirectoryW
SizeofResource
DeviceIoControl
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
LCMapStringA
WideCharToMultiByte
lstrlenW
lstrlenA
MultiByteToWideChar
GetCommandLineW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
CreateFileW
DeleteFileW
CreateEventW
GetLastError
CreateMutexW
CloseHandle
GetModuleFileNameW
Sleep
WaitForSingleObject
SetEvent
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
CreateThread
GetCurrentThreadId
ExitThread
GetFileAttributesW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

RegisterClassExW
CreateWindowExW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
PostMessageW
DestroyWindow
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
LoadCursorW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExA
RegSetValueExW
RegCloseKey

shell32

SHFileOperationA
SHGetFolderPathA
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid

shlwapi

PathRemoveFileSpecW
PathIsDirectoryA
PathAppendW
PathFindFileNameW
PathIsDirectoryW
SHDeleteKeyW
PathFileExistsW
PathAppendA
PathRemoveFileSpecA
PathFileExistsA

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DuiLibResource/EN/MainFrame.xml
.xml
DuiLibResource/EN/PopupFontSize.xml
.xml
DuiLibResource/EN/PopupLineType.xml
.xml
DuiLibResource/EN/PopupTrayMenu.xml
.xml
DuiLibResource/EN/ToolBar.xml
.xml
DuiLibResource/picture/TrayMenu/bg_menu_clicked.png
.png
DuiLibResource/picture/TrayMenu/bg_menu_hover.png
.png
DuiLibResource/picture/TrayMenu/bg_tray_menu.png
.png
DuiLibResource/picture/TrayMenu/exit.png
.png
DuiLibResource/picture/TrayMenu/icn_open.png
.png
DuiLibResource/picture/TrayMenu/icn_shortcut.png
.png
DuiLibResource/picture/bg_core.png
.png
DuiLibResource/picture/bg_core_big.png
.png
DuiLibResource/picture/bg_function_clicked.png
.png
DuiLibResource/picture/bg_function_hover.png
.png
DuiLibResource/picture/btn_close_hover.png
.png
DuiLibResource/picture/btn_close_normal.png
.png
DuiLibResource/picture/btn_close_pressed.png
.png
DuiLibResource/picture/btn_min_hover.png
.png
DuiLibResource/picture/btn_min_normal.png
.png
DuiLibResource/picture/btn_min_pressed.png
.png
DuiLibResource/picture/btn_shortcut_clicked.png
.png
DuiLibResource/picture/btn_shortcut_hover.png
.png
DuiLibResource/picture/btn_shortcut_normal.png
.png
DuiLibResource/picture/icn_conflict.png
.png
DuiLibResource/picture/icn_custom_hover.png
.png
DuiLibResource/picture/icn_custom_normal.png
.png
DuiLibResource/picture/icn_printscreen_hover.png
.png
DuiLibResource/picture/icn_printscreen_normal.png
.png
DuiLibResource/picture/icn_region_hover.png
.png
DuiLibResource/picture/icn_region_normal.png
.png
DuiLibResource/picture/ico_scroll_hover.png
.png
DuiLibResource/picture/icon_scroll_normal.png
.png
DuiLibResource/picture/logo.png
.png
DuiLibResource/picture/optionbar/bg_linetype_hover.png
.png
DuiLibResource/picture/optionbar/bg_list.png
.png
DuiLibResource/picture/optionbar/bg_list_font_size.png
.png
DuiLibResource/picture/optionbar/bg_option.png
.png
DuiLibResource/picture/optionbar/bg_option_triangle.png
.png
DuiLibResource/picture/optionbar/btn_bold.png
.png
DuiLibResource/picture/optionbar/btn_brush_l.png
.png
DuiLibResource/picture/optionbar/btn_brush_m.png
.png
DuiLibResource/picture/optionbar/btn_brush_s.png
.png
DuiLibResource/picture/optionbar/btn_italic.png
.png
DuiLibResource/picture/optionbar/btn_list.png
.png
DuiLibResource/picture/optionbar/color_swatches.png
.png
DuiLibResource/picture/optionbar/color_swatches_l.png
.png
DuiLibResource/picture/optionbar/icn_check_grey.png
.png
DuiLibResource/picture/optionbar/icn_check_white.png
.png
DuiLibResource/picture/optionbar/icn_list_drop.png
.png
DuiLibResource/picture/optionbar/line_1.png
.png
DuiLibResource/picture/optionbar/line_2.png
.png
DuiLibResource/picture/optionbar/line_3.png
.png
DuiLibResource/picture/optionbar/line_4.png
.png
DuiLibResource/picture/setting/bg_blur.png
.png
DuiLibResource/picture/setting/bg_input_error.png
.png
DuiLibResource/picture/setting/bg_input_focused.png
.png
DuiLibResource/picture/setting/bg_input_normal.png
.png
DuiLibResource/picture/setting/bg_popup.png
.png
DuiLibResource/picture/setting/bg_setting.png
.png
DuiLibResource/picture/setting/btn_cancel_clicked.png
.png
DuiLibResource/picture/setting/btn_cancel_hover.png
.png
DuiLibResource/picture/setting/btn_cancel_normal.png
.png
DuiLibResource/picture/setting/btn_save_clicked.png
.png
DuiLibResource/picture/setting/btn_save_hover.png
.png
DuiLibResource/picture/setting/btn_save_normal.png
.png
DuiLibResource/picture/setting/dimmed_bg.png
.png
DuiLibResource/picture/setting/icn_error.png
.png
DuiLibResource/picture/toolbar/bg_toolbar_narrow.png
.png
DuiLibResource/picture/toolbar/btn_action_cancel.png
.png
DuiLibResource/picture/toolbar/btn_action_complete.png
.png
DuiLibResource/picture/toolbar/btn_action_save.png
.png
DuiLibResource/picture/toolbar/btn_action_undo.png
.png
DuiLibResource/picture/toolbar/btn_tool_arrow.png
.png
DuiLibResource/picture/toolbar/btn_tool_brush.png
.png
DuiLibResource/picture/toolbar/btn_tool_eclipse.png
.png
DuiLibResource/picture/toolbar/btn_tool_mosaic.png
.png
DuiLibResource/picture/toolbar/btn_tool_rectangle.png
.png
DuiLibResource/picture/toolbar/btn_tool_text.png
.png
InstallHelper.exe
.exe windows:5 windows x86 arch:x86

5634c03920ee3f5fa1775a4e72ac72a3

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8d
Signer

Actual PE Digest

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\europe_screenshot\Release\InstallHelper.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
GlobalFree
OpenProcess
LocalFree
GetCurrentProcess
CreateDirectoryW
GetModuleFileNameW
WritePrivateProfileStringW
GetModuleHandleExW
SetLocalTime
WaitForSingleObject
GetCommandLineW
GetTimeFormatW
GetDateFormatW
CreateProcessW
GetExitCodeProcess
GetUserDefaultLangID
QueryDosDeviceW
GetLogicalDriveStringsW
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
CancelIo
WaitForMultipleObjects
CreateEventW
SetEndOfFile
SetFilePointerEx
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
SetEvent
GetFileAttributesW
TerminateProcess
CopyFileW
GetTempPathW
GetUserDefaultUILanguage
GetLocalTime
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
ReleaseMutex
GetFileSizeEx
GetTimeFormatA
FindResourceW
GetStringTypeA
GetLocaleInfoA
LoadResource
SizeofResource
LockResource
FreeResource
GetNativeSystemInfo
GetProcessHeap
HeapAlloc
Sleep
HeapFree
AreFileApisANSI
GetVersionExW
CreateMutexW
GetLastError
GetModuleHandleW
GetSystemInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
LoadLibraryW
GetProcAddress
ReadFile
FreeLibrary
ExpandEnvironmentStringsW
GetTickCount
CreateFileW
FreeEnvironmentStringsW
HeapSize
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
SetHandleCount
LCMapStringW
LCMapStringA
GetStartupInfoW
GetSystemTimeAsFileTime
LoadLibraryA
RtlUnwind
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
lstrlenA
lstrlenW
WriteFile
CloseHandle
VirtualQueryEx
ReadProcessMemory
GetPrivateProfileStringW
AddVectoredExceptionHandler
MoveFileExW
DeleteFileW
GetDateFormatA
GetUserDefaultLCID
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesA
SetConsoleCtrlHandler
IsValidLocale
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
FindResourceExW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetLogicalDrives
CreateFileMappingW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetVolumeInformationW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Module32NextW
VirtualProtect
Module32FirstW
GetPrivateProfileIntW
HeapCreate
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetCurrentThreadId
GetEnvironmentStringsW

user32

wsprintfW
PostMessageW
MessageBoxExW

advapi32

SetNamedSecurityInfoW
OpenSCManagerW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RevertToSelf
CloseServiceHandle
QueryServiceStatusEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
GetNamedSecurityInfoW
SetEntriesInAclW
OpenServiceW
DeleteService
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
EnumDependentServicesW
ControlService

shell32

ord165
SHFileOperationW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
OleRun
StringFromGUID2
CoCreateGuid

oleaut32

VariantClear
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathCombineW
StrStrIW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathIsRootW
PathQuoteSpacesW
StrChrW
PathMatchSpecW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW
SHDeleteKeyW
PathIsURLW
PathIsDirectoryW
PathRemoveExtensionW
PathAppendW
PathRemoveBackslashW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleInformation

wintrust

WinVerifyTrust

imm32

ImmDisableIME

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpOpen
WinHttpSetStatusCallback
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryOption
WinHttpReadData
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSetOption
WinHttpCloseHandle

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Report.exe
.exe windows:5 windows x86 arch:x86

bbb77d338e80d56f0603986ccba0c5ec

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:aa:b3:f8:6c:0a:c2:63:ba:82:83:d7:4c:ba:f5:29:c6:af:87:9b
Signer

Actual PE Digest

0e:aa:b3:f8:6c:0a:c2:63:ba:82:83:d7:4c:ba:f5:29:c6:af:87:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\europe_screenshot\Release\Report.pdb

Imports

kernel32

CancelIo
GetOverlappedResult
WriteFile
WaitForSingleObject
SetEvent
SetFilePointerEx
SetEndOfFile
CreateFileW
lstrlenA
GetVersionExW
GetNativeSystemInfo
GetDateFormatW
GetTimeFormatW
lstrlenW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
Sleep
InterlockedExchange
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
GetPrivateProfileSectionNamesW
DeleteFileW
GetPrivateProfileSectionW
ReadFile
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
CreateFileMappingW
WaitForMultipleObjects
DeviceIoControl
GetCurrentProcessId
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
GlobalFree
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleHandleExW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
GetProcessHeap
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
WritePrivateProfileStringW
GetCommandLineW
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
InterlockedCompareExchange
InitializeCriticalSection
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
WTSGetActiveConsoleSessionId
VirtualProtect
GetLocalTime
HeapCreate
HeapAlloc
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
CreateProcessW
GetCurrentThreadId
TerminateProcess
AddVectoredExceptionHandler
SystemTimeToFileTime
ReadProcessMemory
VirtualQueryEx
GetFileSizeEx
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetStartupInfoW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
GetACP
GetOEMCP
GetModuleHandleA

user32

PostMessageW

advapi32

RegCreateKeyExW
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RevertToSelf
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ord165
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryOption
WinHttpWriteData

shlwapi

PathAppendW
PathFindFileNameW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathIsDirectoryW

iphlpapi

GetAdaptersAddresses

psapi

GetModuleFileNameExW
GetModuleInformation

version

VerQueryValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Roboto-Regular.ttf
ScreenshotPro.exe
.exe windows:5 windows x86 arch:x86

2eba1ad49f9ac46e265566366c670333

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:c0:5f:70:c0:b5:50:b9:63:50:3d:fb:f5:5a:40:84:59:97:db:46
Signer

Actual PE Digest

2a:c0:5f:70:c0:b5:50:b9:63:50:3d:fb:f5:5a:40:84:59:97:db:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\europe_screenshot\Release\ScreenshotPro.pdb

Imports

kernel32

SetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
GetPrivateProfileSectionW
FindFirstFileW
FindNextFileW
FindClose
SetNamedPipeHandleState
TransactNamedPipe
OpenProcess
WaitNamedPipeW
GlobalFree
GetACP
LoadLibraryW
GetCurrentDirectoryW
FreeResource
DosDateTimeToFileTime
SystemTimeToFileTime
GetFileType
CreateMutexW
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileW
DeleteTimerQueueTimer
GetStringTypeA
CreateTimerQueue
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
ExitThread
UnhandledExceptionFilter
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
ReadProcessMemory
AddVectoredExceptionHandler
TerminateProcess
CreateProcessW
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
HeapCreate
VirtualProtect
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
HeapSize
HeapReAlloc
HeapDestroy
CreateTimerQueueTimer
GetStringTypeW
DeleteTimerQueueEx
DeleteCriticalSection
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeviceIoControl
ReadFile
CreateDirectoryW
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
GetCurrentProcess
GetTempPathW
GetSystemDirectoryW
GetLocalTime
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
DeleteFileW
GetSystemTimeAsFileTime
InterlockedIncrement
HeapAlloc
InterlockedDecrement
HeapFree
GetProcessHeap
GlobalAddAtomW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
MulDiv
lstrlenW
InterlockedExchange
InterlockedCompareExchange
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
lstrcmpiW
lstrcatW
lstrcpyW
LocalUnlock
LocalLock
GetCurrentProcessId
SetCurrentDirectoryW
WideCharToMultiByte
AreFileApisANSI
MultiByteToWideChar
GetModuleHandleExW
WritePrivateProfileStringW
GetCommandLineW
CopyFileW
GetWindowsDirectoryW
Sleep
ProcessIdToSessionId
CreateEventW
CreateThread
GetModuleFileNameW
LocalAlloc
LocalFree
GetCurrentThreadId
GetLastError
CloseHandle
GetProcAddress
GetModuleHandleW
GetVersionExW
GetModuleHandleA

user32

EnumChildWindows
ChildWindowFromPointEx
EnumWindows
GetParent
SetCursorPos
GetSystemMetrics
BringWindowToTop
FindWindowW
FindWindowExW
DestroyCursor
RegisterRawInputDevices
GetWindow
GetRawInputData
wvsprintfW
GetWindowThreadProcessId
IsRectEmpty
ShowWindow
wsprintfW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateCaret
ShowCaret
HideCaret
SystemParametersInfoW
InvalidateRect
GetFocus
GetUpdateRect
BeginPaint
EndPaint
EnableWindow
RegisterClassW
GetClassInfoExW
RegisterClassExW
SetWindowTextW
SetWindowPos
SetForegroundWindow
CreateWindowExW
DestroyWindow
PostThreadMessageW
MessageBoxW
CopyImage
SetCaretPos
EmptyClipboard
SetClipboardData
CloseClipboard
ReleaseDC
InflateRect
PtInRect
ScreenToClient
GetCursorInfo
ReleaseCapture
GetCapture
SendMessageW
SetCapture
DefWindowProcW
CallWindowProcW
PostMessageW
GetMonitorInfoW
SetCursor
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
DrawTextW
GetWindowDC
UpdateLayeredWindow
GetWindowRect
SetWindowLongW
SetPropW
RemovePropW
GetWindowLongW
GetPropW
GetDC
OffsetRect
ClientToScreen
LoadIconW
DestroyIcon
LoadImageW
LoadStringW
SetTimer
KillTimer
MonitorFromRect
IntersectRect
GetKeyboardLayout
UnionRect
EqualRect
SetFocus
IsWindowVisible
RegisterHotKey
UnregisterHotKey
IsWindow
IsZoomed
GetSysColor
SetRect
CharPrevW
PostQuitMessage
MonitorFromWindow
SetWindowRgn
IsIconic
UpdateWindow
MoveWindow
GetCursorPos
GetClientRect
InvalidateRgn
CreateAcceleratorTableW
OpenClipboard
FillRect
SetRectEmpty
MapWindowPoints
GetKeyState

gdi32

GetCurrentObject
GetTextMetricsW
SaveDC
CreateCompatibleBitmap
RestoreDC
Rectangle
SetWindowOrgEx
GetTextExtentPoint32W
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
GetPixel
CombineRgn
SetStretchBltMode
SetBrushOrgEx
ExtTextOutW
LineTo
CreatePenIndirect
Polygon
RoundRect
GetCharABCWidthsW
TextOutW
StretchBlt
CreateDIBSection
IntersectClipRect
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
GetObjectW
CreateFontIndirectW
SetTextColor
SetBkColor
CreateSolidBrush
SetBkMode
MoveToEx
DeleteObject
DeleteDC
CreateBrushIndirect
AddFontResourceW
CreatePen
GetDeviceCaps
CreateRoundRectRgn
CreateRectRgn
Ellipse
ExtSelectClipRgn
Polyline

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RevertToSelf

shell32

ord165
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

shlwapi

PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
StrStrIW
PathAppendW
PathFindExtensionW
PathIsDirectoryW
PathRemoveExtensionW
PathIsRelativeW
PathCombineW

gdiplus

GdipDrawImageRectRect
GdipLoadImageFromFile
GdipBitmapGetPixel
GdipDrawImageRectI
GdipCloneBitmapAreaI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageWidth
GdipGetImageHeight
GdipReleaseDC
GdipGetDC
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipMeasureString
GdipFillRectangle
GdipSetPenColor
GdipGraphicsClear
GdipDrawRectangle
GdipDrawLines
GdipFillClosedCurve2
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipResetClip
GdipDrawLineI
GdipDrawLinesI
GdipSetPenLineJoin
GdipSetPenDashStyle
GdipSetPenMode
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipSetSolidFillColor
GdipEndContainer
GdipFillRectangleI
GdipDrawImagePointRectI
GdipSetClipPath
GdipBeginContainer2
GdipAddPathClosedCurveI
GdipDeletePath
GdipCreatePath
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree
GdipImageRotateFlip

imm32

ImmDisableIME
ImmSetCompositionFontW
ImmReleaseContext
ImmGetProperty
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

msimg32

AlphaBlend

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx
DrawShadowText

iphlpapi

GetAdaptersAddresses

psapi

GetModuleFileNameExW
GetModuleInformation

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpOpen
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpReceiveResponse

version

VerQueryValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

Sections

.text
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScreenshotProServ.exe
.exe windows:5 windows x86 arch:x86

4aaf827ee4040f9620dd7240646c2066

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:06:de:9b:1d:f6:ab:a3:13:43:3c:f8:be:1d:6b:8c:cc:43:bc:ab
Signer

Actual PE Digest

18:06:de:9b:1d:f6:ab:a3:13:43:3c:f8:be:1d:6b:8c:cc:43:bc:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\europe_screenshot\Release\Service.pdb

Imports

shlwapi

PathCombineW
PathAppendW
PathFileExistsW
StrStrIW
PathFindFileNameW
PathQuoteSpacesW
PathRemoveFileSpecW

kernel32

HeapFree
CreateEventW
SetEvent
HeapAlloc
GetModuleHandleExW
GetModuleHandleW
WritePrivateProfileStringW
GetCommandLineW
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetExitCodeProcess
WaitForSingleObject
GetTickCount
WaitForMultipleObjects
Sleep
WTSGetActiveConsoleSessionId
CloseHandle
GetLastError
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetStringTypeA
GetStringTypeW
GetProcessHeap
LockResource
InitializeCriticalSection
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
VirtualProtect
GetLocalTime
GetCurrentProcessId
HeapCreate
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
CreateProcessW
GetCurrentThreadId
TerminateProcess
AddVectoredExceptionHandler
SizeofResource
LCMapStringA
LoadResource
FindResourceW
FindResourceExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
InterlockedCompareExchange
SystemTimeToFileTime
WriteFile
CreateFileW
ReadProcessMemory
VirtualQueryEx
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointer
ExitThread
CreateThread
LoadLibraryA
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
LCMapStringW

advapi32

OpenProcessToken
DuplicateTokenEx
RegCreateKeyExW
RegSetValueExW
RevertToSelf
StartServiceCtrlDispatcherW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceW
EnumDependentServicesW
ControlService
QueryServiceStatusEx
DeleteService
CreateServiceW
ChangeServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CreateProcessAsUserW
GetTokenInformation
SetTokenInformation

shell32

ord165

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW

psapi

GetModuleFileNameExW
GetModuleInformation

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ToolsUpdate.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:f6:34:7d:b1:cb:d9:1c:6e:2e:ca:a8:77:11:c6:ff
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/05/2016, 00:00

Not After

04/05/2017, 23:59

Subject

CN=世元何,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:ff:7a:c1:4a:59:4b:43:81:a8:45:f5:63:1d:f9:8a:66:07:00:59
Signer

Actual PE Digest

d3:ff:7a:c1:4a:59:4b:43:81:a8:45:f5:63:1d:f9:8a:66:07:00:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashReport.exe
.exe windows:5 windows x86 arch:x86

a613c0499f7681c152f63aa1d27396a6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:f6:34:7d:b1:cb:d9:1c:6e:2e:ca:a8:77:11:c6:ff
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/05/2016, 00:00

Not After

04/05/2017, 23:59

Subject

CN=世元何,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:53:84:c9:1a:32:37:d4:77:25:18:53:63:ad:ab:11:1a:54:0d:22
Signer

Actual PE Digest

3b:53:84:c9:1a:32:37:d4:77:25:18:53:63:ad:ab:11:1a:54:0d:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\work\crash_report\bavOutput\Pdb\Release\CrashReport.pdb

Imports

psapi

GetProcessMemoryInfo
QueryWorkingSet
GetModuleFileNameExW
GetModuleInformation

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

VirtualQueryEx
WriteFile
FindNextFileW
DeleteFileW
FindFirstFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatus
ReadProcessMemory
GetLocalTime
OpenThread
ExpandEnvironmentStringsW
InterlockedExchange
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
ReadFile
GetTempFileNameW
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
GetTempPathW
CreateFileMappingW
RemoveDirectoryW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetCurrentProcessId
GetVolumeInformationW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
InterlockedCompareExchange
SystemTimeToFileTime
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
GetPrivateProfileIntW
Module32NextW
VirtualProtect
Module32FirstW
HeapCreate
HeapAlloc
CreateEventW
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
CreateFileW
lstrlenA
SetEndOfFile
GetModuleFileNameA
SetEvent
ExitProcess
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetFileAttributesW
GetSystemTimeAsFileTime
GetStartupInfoW
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
GetCurrentThreadId
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetProcAddress
GetTickCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
WideCharToMultiByte
TerminateProcess
Sleep
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
CreateProcessW
GetCommandLineW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
LocalFree
GetNativeSystemInfo
IsWow64Process
OpenProcess
LoadLibraryW
WaitForSingleObject
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
lstrcmpiW
InterlockedDecrement
GetStdHandle
InterlockedIncrement
GetLastError
RaiseException
lstrlenW
GetVersionExW
MultiByteToWideChar
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
AddVectoredExceptionHandler
SetHandleCount
WriteConsoleW

user32

GetClassNameW
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
GetWindowTextW
SetTimer
LoadMenuW
LoadAcceleratorsW
CreateWindowExW
GetClassInfoExW
LoadImageW
RegisterClassExW
DestroyWindow
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
LoadCursorW
PtInRect
IsWindow
MessageBeep
TrackPopupMenuEx
CallWindowProcW
LoadStringA
LoadStringW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
CreatePopupMenu
SetWindowLongW
SendMessageW
InvalidateRect
TranslateAcceleratorW
PostQuitMessage
DrawTextW
DestroyCursor
TrackMouseEvent
GetWindowDC
UpdateLayeredWindow
GetCursorPos
ScreenToClient
SetCursor
GetFocus
DefWindowProcW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SetFocus
KillTimer
ReleaseDC
SetWindowTextW
GetWindowLongW
PostMessageW
PeekMessageW
UnregisterClassA

gdi32

CreateCompatibleDC
SelectObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
CreateFontW
GetBitmapBits
SetBitmapBits
RestoreDC
DeleteDC
DeleteObject
SaveDC
CreateDIBSection

advapi32

OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
QueryServiceStatus
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
CreateServiceW
RegEnumValueW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RevertToSelf
LookupPrivilegeValueW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

SHDeleteKeyW
PathStripPathW
PathGetDriveNumberW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathAppendW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpCloseHandle

Sections

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CrashReport64.exe
.exe windows:5 windows x64 arch:x64

fc598a67e11622984d851058b2d48321

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:f6:34:7d:b1:cb:d9:1c:6e:2e:ca:a8:77:11:c6:ff
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/05/2016, 00:00

Not After

04/05/2017, 23:59

Subject

CN=世元何,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:38:b4:89:f9:aa:d8:26:30:9d:28:59:73:db:5b:4e:b8:4b:23:3b
Signer

Actual PE Digest

59:38:b4:89:f9:aa:d8:26:30:9d:28:59:73:db:5b:4e:b8:4b:23:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

J:\work\crash_report\bavOutput\Pdb\Release\CrashReport64.pdb

Imports

psapi

QueryWorkingSet
GetModuleInformation
GetModuleFileNameExW
GetProcessMemoryInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FindFirstFileW
ReadProcessMemory
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatus
GetLocalTime
OpenThread
ExpandEnvironmentStringsW
Sleep
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
ReadFile
GetTempFileNameW
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
GetTempPathW
CreateFileMappingW
RemoveDirectoryW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetCurrentProcessId
GetVolumeInformationW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
SystemTimeToFileTime
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
GetPrivateProfileIntW
VirtualProtect
Module32NextW
Module32FirstW
HeapCreate
HeapAlloc
CreateEventW
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
AddVectoredExceptionHandler
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
VirtualQueryEx
EnumSystemLocalesA
DeleteFileW
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FatalAppExitA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
GetCurrentThread
SetLastError
FlsFree
FlsSetValue
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
GetCPInfo
LCMapStringW
LCMapStringA
GetFileAttributesW
GetSystemTimeAsFileTime
GetStartupInfoW
CreateThread
ExitThread
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
RtlPcToFileHeader
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
FindNextFileW
GetUserDefaultLCID
CreateFileW
WideCharToMultiByte
SwitchToThread
SetEvent
CreateProcessW
GetCommandLineW
LocalFree
OpenProcess
LoadLibraryW
WaitForSingleObject
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
lstrcmpiW
lstrlenA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
lstrlenW
GetVersionExW
MultiByteToWideChar
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteFile
IsValidLocale

user32

ReleaseDC
KillTimer
SetFocus
SetWindowPos
GetWindowLongW
PostMessageW
ShowWindow
SetWindowTextW
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
DefWindowProcW
GetFocus
SetCursor
ScreenToClient
GetCursorPos
UpdateLayeredWindow
GetWindowDC
EnumWindows
GetWindowThreadProcessId
EnumChildWindows
GetClassNameW
GetWindowTextW
SetTimer
LoadMenuW
LoadAcceleratorsW
GetClassInfoExW
LoadImageW
RegisterClassExW
CreateWindowExW
DestroyWindow
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassA
LoadCursorW
PeekMessageW
PtInRect
IsWindow
MessageBeep
GetWindowLongPtrW
SetWindowLongPtrW
TrackPopupMenuEx
CallWindowProcW
LoadStringA
LoadStringW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
CreatePopupMenu
SendMessageW
InvalidateRect
TranslateAcceleratorW
PostQuitMessage
DrawTextW
DestroyCursor
TrackMouseEvent

gdi32

CreateDIBSection
CreateFontW
CreateCompatibleDC
SelectObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
SaveDC
GetBitmapBits
SetBitmapBits
RestoreDC
DeleteDC
DeleteObject

advapi32

RegDeleteValueW
RegCloseKey
RevertToSelf
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
RegEnumValueW
CreateServiceW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
QueryServiceStatus
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathAppendW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathGetDriveNumberW
PathStripPathW
SHDeleteKeyW

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

Sections

.text
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CrashReportConfig.ini
CrashReportModuleConf.ini
CrashUL.exe
.exe windows:5 windows x86 arch:x86

f44dc83c9c4a46e804d2ff12d89499bc

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:f6:34:7d:b1:cb:d9:1c:6e:2e:ca:a8:77:11:c6:ff
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/05/2016, 00:00

Not After

04/05/2017, 23:59

Subject

CN=世元何,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:c9:2a:11:a5:0c:23:6a:c0:0e:44:00:3d:6a:bd:46:cb:26:0c:de
Signer

Actual PE Digest

2f:c9:2a:11:a5:0c:23:6a:c0:0e:44:00:3d:6a:bd:46:cb:26:0c:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\work\crash_report\bavOutput\Pdb\Release\CrashUL.pdb

Imports

winhttp

WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
CreateDirectoryA
FindFirstFileW
FindNextFileW
FindClose
DeleteFileA
InterlockedCompareExchange
ExpandEnvironmentStringsA
GetModuleFileNameA
InterlockedExchange
CopyFileW
CreateFileA
WriteFile
SetFilePointer
GetNativeSystemInfo
IsWow64Process
GetCurrentProcess
GetVersionExW
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
ReadFile
GetLocalTime
SystemTimeToFileTime
GetTickCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
CreateDirectoryW
SizeofResource
DeviceIoControl
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
LCMapStringA
WideCharToMultiByte
lstrlenW
lstrlenA
MultiByteToWideChar
GetCommandLineW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
CreateFileW
DeleteFileW
CreateEventW
GetLastError
CreateMutexW
CloseHandle
GetModuleFileNameW
Sleep
WaitForSingleObject
SetEvent
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
CreateThread
GetCurrentThreadId
ExitThread
GetFileAttributesW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

RegisterClassExW
CreateWindowExW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
PostMessageW
DestroyWindow
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
LoadCursorW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExA
RegSetValueExW
RegCloseKey

shell32

SHFileOperationA
SHGetFolderPathA
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid

shlwapi

PathRemoveFileSpecW
PathIsDirectoryA
PathAppendW
PathFindFileNameW
PathIsDirectoryW
SHDeleteKeyW
PathFileExistsW
PathAppendA
PathRemoveFileSpecA
PathFileExistsA

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdatePlatform.exe
.exe windows:5 windows x86 arch:x86

644e1da247fb9f847c65af41f82d3279

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:f6:34:7d:b1:cb:d9:1c:6e:2e:ca:a8:77:11:c6:ff
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/05/2016, 00:00

Not After

04/05/2017, 23:59

Subject

CN=世元何,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:8e:ab:82:b6:4a:cf:58:69:a6:ff:4c:02:a2:e4:96:6d:5b:f0:d4
Signer

Actual PE Digest

39:8e:ab:82:b6:4a:cf:58:69:a6:ff:4c:02:a2:e4:96:6d:5b:f0:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jenkins\workspace\businessplatform_global\Release\UpdatePlatform.pdb

Imports

ws2_32

freeaddrinfo
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
ntohs
connect
socket
closesocket
getpeername
getsockopt
htons
bind
getsockname

wldap32

ord200
ord32
ord30
ord26
ord33
ord35
ord79
ord27
ord41
ord46
ord301
ord22
ord211
ord143
ord60
ord50

version

VerQueryValueW

wininet

InternetCheckConnectionW

kernel32

GetFullPathNameA
FlushFileBuffers
SetStdHandle
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
WideCharToMultiByte
GetCurrentProcess
MultiByteToWideChar
GetLastError
CloseHandle
GetModuleFileNameW
LocalFree
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
GetLocalTime
GetProcAddress
FreeLibrary
LoadLibraryW
ReadFile
GetFileSize
Sleep
CreateFileW
GetPrivateProfileSectionW
ExitProcess
GetDateFormatW
FindFirstFileW
MoveFileExW
GetFileAttributesW
WritePrivateProfileStringW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
GetCommandLineW
GetModuleHandleExW
AreFileApisANSI
GetExitCodeProcess
WaitForSingleObject
GetTempPathW
CopyFileW
CreateProcessW
WriteFile
WTSGetActiveConsoleSessionId
FileTimeToSystemTime
GetPrivateProfileStringW
WritePrivateProfileSectionW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindResourceExW
LockResource
LoadResource
GetCurrentDirectoryA
BeginUpdateResourceW
lstrlenW
UpdateResourceW
EndUpdateResourceW
CreateMutexW
GetExitCodeThread
CreateDirectoryW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ReleaseMutex
GetSystemDirectoryW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFullPathNameW
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
SleepEx
GetVersionExA
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
LoadLibraryA
ExpandEnvironmentStringsA
FindResourceW
ProcessIdToSessionId
InterlockedExchange
InterlockedCompareExchange
HeapSize
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
GetPrivateProfileIntW
VirtualProtect
GetCurrentProcessId
HeapCreate
HeapAlloc
CreateEventW
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetModuleHandleW
GetCurrentThreadId
TerminateProcess
AddVectoredExceptionHandler
GetPrivateProfileSectionNamesW
DeviceIoControl
SizeofResource
GetProcessHeap
RaiseException
InterlockedIncrement
InterlockedDecrement
LocalAlloc
ExpandEnvironmentStringsW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetStartupInfoW
ExitThread
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapDestroy
HeapFree
HeapReAlloc
CreateThread
ReadProcessMemory
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
VirtualAlloc
VirtualFree

user32

WindowFromPoint
GetWindowThreadProcessId
PostQuitMessage
DestroyWindow
MessageBoxW
GetDlgItemTextW
DispatchMessageW
TranslateMessage
IsDialogMessageW
IsWindow
GetMessageW
ShowWindow
SetDlgItemTextW
CreateDialogParamW
LoadStringW
wsprintfW
GetSystemMetrics

advapi32

RevertToSelf
ConvertSidToStringSidW
DuplicateTokenEx
SetTokenInformation
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
RegCreateKeyExW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
CreateProcessAsUserW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
CheckTokenMembership
FreeSid
IsTextUnicode
AllocateAndInitializeSid
RegOpenKeyExW
RegQueryValueExW
EqualSid
GetTokenInformation
OpenProcessToken
RegEnumValueW

shell32

SHGetSpecialFolderPathW
ord165
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid
StringFromGUID2

shlwapi

PathRelativePathToW
PathMakePrettyW
StrChrW
SHDeleteKeyW
PathMatchSpecW
PathIsRelativeW
PathAddExtensionW
PathRemoveExtensionW
PathQuoteSpacesW
PathRemoveBackslashW
StrStrIW
PathCombineW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathIsURLW
SHGetValueW
PathFindFileNameW

psapi

GetModuleFileNameExW
GetModuleInformation
GetProcessImageFileNameW

wintrust

WinVerifyTrust

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

iphlpapi

GetAdaptersAddresses

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Updata.dll
.dll windows:5 windows x86 arch:x86

deaeb0cdd50c5e71cfaed2c61a31dd17

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:26:f0:3b:b5:3c:83:fc:32:1a:c8:bf:04:36:75:ec:06:6e:d2:4b
Signer

Actual PE Digest

46:26:f0:3b:b5:3c:83:fc:32:1a:c8:bf:04:36:75:ec:06:6e:d2:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\europe_screenshot\Release\Updata.pdb

Imports

kernel32

FindResourceW
FindResourceExW
GetTickCount
WaitForSingleObject
GetExitCodeThread
GetVersionExW
GetCurrentProcess
GetSystemTimeAsFileTime
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
ReadFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateEventW
SetEvent
GetModuleFileNameW
SetFilePointer
GetCurrentProcessId
MultiByteToWideChar
FlushFileBuffers
GetModuleHandleW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateDirectoryW
WaitForMultipleObjects
IsDebuggerPresent
CheckRemoteDebuggerPresent
GetSystemDefaultLCID
GetThreadLocale
GetLastError
CreateThread
FreeLibrary
TlsAlloc
VirtualAlloc
SizeofResource
LoadLibraryA
FindResourceA
FindResourceExA
TerminateProcess
TlsSetValue
TlsGetValue
HeapFree
GetProcessHeap
HeapAlloc
Sleep
CreateEventA
FreeEnvironmentStringsW
GetEnvironmentStrings
LockResource
LoadResource
WideCharToMultiByte
DisableThreadLibraryCalls
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
HeapDestroy
HeapCreate
HeapReAlloc
GetEnvironmentStringsW
ExitProcess
HeapSize
CopyFileW
CloseHandle
WriteFile
SetLastError
TlsFree
CreateFileW
MoveFileExW
DeviceIoControl
CreateMutexW
DeleteFileW
VirtualFree
ExpandEnvironmentStringsW
GetPrivateProfileSectionW
LCMapStringW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetModuleHandleA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
InterlockedExchange
ExitThread
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
RaiseException
GetCPInfo
LCMapStringA

user32

wsprintfW

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumKeyW
RegEnumValueW
RegOpenKeyW
RegEnumKeyExW

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsW
PathIsDirectoryW
SHGetValueW
PathAddExtensionW
PathAddBackslashW
PathRemoveFileSpecW
StrRChrW
PathFindFileNameW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx

psapi

GetModuleBaseNameW
GetModuleFileNameExW

crypt32

CertGetNameStringW

ntdll

RtlCharToInteger
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeChar
RtlInitUnicodeString
NtQueryInformationProcess
RtlUnicodeStringToInteger
RtlFreeUnicodeString
RtlUnwind

iphlpapi

GetAdaptersAddresses

ws2_32

sendto
recv
bind
socket
closesocket
send
getsockopt
listen
setsockopt
inet_addr
select
WSAGetLastError
__WSAFDIsSet
ntohl
htonl
ntohs
shutdown
getsockname
recvfrom
connect
ioctlsocket
getpeername
gethostbyname
WSACleanup
WSAStartup
accept
htons

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoCreateGuid

Exports

Exports

DllGetClassObject

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updata.ini

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

6e:e9:e4:78:cc:fb:3a:b8:76:7c:8c:59:e4:0c:f5:ce:4b:3c:4b:efSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 964KB

.rsrc Size: 386KB - Virtual size: 386KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

5634c03920ee3f5fa1775a4e72ac72a3

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

6e:e9:e4:78:cc:fb:3a:b8:76:7c:8c:59:e4:0c:f5:ce:4b:3c:4b:ef
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 964KB

.rsrc
Size: 386KB - Virtual size: 386KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8d
Signer

.text
Size: 598KB - Virtual size: 598KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 11KB - Virtual size: 27KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 32KB - Virtual size: 31KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:c9:1a:e2:65:6f:47:01:7f:3e:4e:4f:eb:bd:17:31:5b:bc:d8:8d
Signer

.text
Size: 598KB - Virtual size: 598KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 11KB - Virtual size: 27KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 32KB - Virtual size: 31KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3b:53:84:c9:1a:32:37:d4:77:25:18:53:63:ad:ab:11:1a:54:0d:22
Signer