10be088f12ca95c8cecc33837c003dcf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

10be088f12ca95c8cecc33837c003dcf_JaffaCakes118
Size

12.8MB
MD5

10be088f12ca95c8cecc33837c003dcf
SHA1

d2de00166e44c5978d4e9ddcfeb9f8f29a41b95b
SHA256

9fe30048d34ff5408049fec33b1e32c65cc3c38f1875ed7098bdf10b077d5534
SHA512

02c06e76aa579f059c0496d4f9c77fbe5d57587bb5e70fa3e04541903a0f996a0cf0f730c821c93c2e04d44c618e79576a05fdd8a6d96fc774b79e3fc40e29f6
SSDEEP

393216:5Ruhvn4ytzKXx1ZKlHy0xJrwxwQW/WMWJ3:Otn98/ZK/JruBTnJ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/360AvFlt_win10.sys
unpack001/deepscan/BAPIDRV64_win10.sys

Files

10be088f12ca95c8cecc33837c003dcf_JaffaCakes118
.7z
360AvFlt.dll
.dll windows:6 windows x64 arch:x64

ed7fe213330d9e74bc70e81c5f5ed767

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:40:b1:88:14:d5:1f:bf:93:aa:31:bf:38:cb:6d:f4:66:15:b4:27:e0:02:00:c1:7b:31:fd:13:d9:cb:1e:6b
Signer

Actual PE Digest

6b:40:b1:88:14:d5:1f:bf:93:aa:31:bf:38:cb:6d:f4:66:15:b4:27:e0:02:00:c1:7b:31:fd:13:d9:cb:1e:6b

Digest Algorithm

sha256

PE Digest Matches

true

a8:8b:ae:9f:c1:8f:85:16:a6:a4:cc:e5:07:8f:0e:10:0d:33:0f:5f
Signer

Actual PE Digest

a8:8b:ae:9f:c1:8f:85:16:a6:a4:cc:e5:07:8f:0e:10:0d:33:0f:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\vmagent_new\bin\joblist\99165\src\3\360avflt64_dll\user\objfre_win7_amd64\amd64\360AvFltLoad.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
free
malloc
wcsstr
_wcsnicmp
_vsnwprintf
wcsrchr
memset
memcpy

kernel32

GetProcessHeap
GetSystemDirectoryW
LoadLibraryW
TerminateThread
CopyFileW
GetVersionExW
InterlockedPopEntrySList
GetModuleFileNameW
GetOverlappedResult
GetLastError
SetLastError
GetProcAddress
VirtualFree
CreateEventW
GetModuleHandleA
CloseHandle
DeleteFileW
InterlockedPushEntrySList
GetModuleHandleW
CreateThread
InitializeSListHead
QueryDosDeviceW
Sleep
QueryPerformanceCounter
SleepEx
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetEvent
WaitForSingleObject
HeapFree
MoveFileExW
HeapAlloc
FreeLibrary
SetFileAttributesW
VirtualAlloc
GetTickCount

advapi32

RegOpenKeyExW
StartServiceW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegCloseKey
RegDeleteValueW
RegSetValueExW

fltlib

FilterConnectCommunicationPort
FilterSendMessage
FilterGetMessage
FilterVolumeFindFirst
FilterGetDosName
FilterVolumeFindNext
FilterVolumeFindClose
FilterReplyMessage

shlwapi

SHDeleteKeyW
PathFileExistsW

ws2_32

WSAStartup
WSACloseEvent
inet_ntoa
WSAGetLastError
WSACreateEvent
WSAResetEvent

iphlpapi

GetIpAddrTable
NotifyAddrChange

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

AddClientRule
AddClientRuleEx
AddClientSessionSuffix
AddClientTypeRule
AddExceptionProcessId
AddExceptionRule
AddExceptionRuleEx
AddHiddenFileName
AddPidToIgnoreHiddenFile
AddProtectedFile
AddProtectedFileEx
AddRule
CleanupAllClientRules
CleanupAllClientTypeRules
CleanupAllRules
ClearAllExceptionProcessId
ClearAllExceptionRules
CloseClientHandle
CloseClientSession
CreateClientHandle
CreateClientSession
GetClientSessionHandle
Install
NotifyDriverClientResult
NotifyDriverResult
QueryDriverVersion
QueryProtectedInformation
RemoveAllHiddenFileName
RemoveAllProtectedFile
RemoveAllProtectedFileEx
RemoveClientAllProcessNameType
RemoveClientRule
RemoveClientSessionAllSuffix
RemoveClientTypeRule
RemoveExceptionProcessId
RemoveExceptionRule
RemoveHiddenFileName
RemoveProtectedFile
RemoveProtectedFileEx
ReplyClientResult
SetClientProcessIdType
SetClientProcessNameType
SetClientSessionClientConfig
SetClientSessionTimeout
SetClientSessionTimeoutCallback
SetIgnoreNtfsStreamOperations
SetupInstall
StartHookEx
TranslateDosDeviceToNtDevice
Uninstall

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360AvFlt_win10.sys
.sys windows:6 windows x64 arch:x64

5b0a006a439beeb5f8d3c4bf7ff30e10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\vmagent_new\bin\joblist\96931\src\3\360avflt64_sys\filter\objfre_win7_amd64\amd64\360AvFlt_x64.pdb

Imports

ntoskrnl.exe

KeAcquireSpinLockRaiseToDpc
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ZwQueryValueKey
ExQueryDepthSList
ZwOpenKey
RtlUpcaseUnicodeString
FsRtlLegalAnsiCharacterArray
FsRtlIsNameInExpression
RtlCompareUnicodeString
ExQueueWorkItem
ExAcquireResourceExclusiveLite
IoThreadToProcess
ExRaiseStatus
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
KeSetPriorityThread
MmGetSystemRoutineAddress
KeInitializeEvent
PsGetThreadId
IoFreeMdl
KeEnterCriticalRegion
FsRtlIsPagingFile
KeDelayExecutionThread
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
ExAcquireResourceSharedLite
IoGetCurrentProcess
ExReleaseResourceLite
PsGetProcessInheritedFromUniqueProcessId
KeWaitForSingleObject
MmProbeAndLockPages
PsGetVersion
DbgPrint
ExDeleteResourceLite
PsGetCurrentThreadId
ExInitializeResourceLite
FsRtlIsNtstatusExpected
PsGetProcessId
IoAllocateMdl
ProbeForRead
IoBuildDeviceIoControlRequest
ObOpenObjectByName
PsLookupProcessByProcessId
wcsncpy
IoQueryFileInformation
RtlEqualUnicodeString
KeUnstackDetachProcess
ObQueryNameString
IoGetDeviceObjectPointer
RtlPrefixUnicodeString
RtlAppendUnicodeStringToString
ZwOpenProcess
ZwQueryInformationProcess
ObfReferenceObject
KeStackAttachProcess
IofCallDriver
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeBugCheckEx
ObfDereferenceObject
ExInitializePagedLookasideList
RtlCopyUnicodeString
PsGetCurrentProcessId
ObReferenceObjectByHandle
ZwClose
ExEventObjectType
ExAllocatePool
ExDeletePagedLookasideList
ZwCreateFile
IoFileObjectType
KeReleaseSpinLock
IoCreateFile
KeSetEvent
RtlInitUnicodeString
_wcsnicmp
ExFreePoolWithTag
MmUnlockPages
ExAllocatePoolWithTag
ZwTerminateProcess
__C_specific_handler

fltmgr.sys

FltReleaseFileNameInformation
FltGetFileNameInformation
FltAllocateContext
FltReleaseContext
FltDeleteContext
FltGetDestinationFileNameInformation
FltSetStreamHandleContext
FltSendMessage
FltGetStreamHandleContext
FltStartFiltering
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltFreeSecurityDescriptor
FltCreateCommunicationPort
FltCloseClientPort
FltParseFileNameInformation

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 11B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Base64.dll
.dll windows:5 windows x64 arch:x64

313213d252614730c105772a24a43049

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:1b:6d:bb:0c:3d:e1:ab:7c:1e:5f:b9:0c:00:91:34:20:b9:b1:b6:fa:0a:d6:e9:fb:fa:6c:36:33:92:aa:d5
Signer

Actual PE Digest

ff:1b:6d:bb:0c:3d:e1:ab:7c:1e:5f:b9:0c:00:91:34:20:b9:b1:b6:fa:0a:d6:e9:fb:fa:6c:36:33:92:aa:d5

Digest Algorithm

sha256

PE Digest Matches

true

98:b7:55:ff:e3:b9:1d:6a:76:0d:ed:67:37:23:55:5f:6c:34:e7:da
Signer

Actual PE Digest

98:b7:55:ff:e3:b9:1d:6a:76:0d:ed:67:37:23:55:5f:6c:34:e7:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\121049\out\Release\360Base64.pdb

Imports

kernel32

LockResource
UnmapViewOfFile
SetLastError
GetFileType
GetVersionExW
lstrcmpA
GetProcessHeap
HeapFree
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ReleaseMutex
LocalFree
lstrlenA
HeapAlloc
GetACP
LocalFileTimeToFileTime
FreeResource
GetSystemWindowsDirectoryW
GetSystemInfo
MapViewOfFileEx
IsBadReadPtr
GetFileSize
GetLocalTime
GetCurrentProcess
FindResourceExW
ExitProcess
GetStdHandle
GetVersion
GlobalMemoryStatus
GetTickCount
TlsGetValue
GetSystemTime
FormatMessageW
OutputDebugStringW
SetErrorMode
LoadLibraryW
GetFileAttributesW
UnlockFileEx
LockFileEx
QueryPerformanceCounter
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
SetFilePointer
DeleteFileW
GetFileAttributesExW
FlushFileBuffers
FileTimeToSystemTime
MapViewOfFile
SystemTimeToFileTime
WriteFile
GetCurrentThreadId
WideCharToMultiByte
RtlVirtualUnwind
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcessId
CloseHandle
DeviceIoControl
lstrcmpiA
TlsFree
SetEndOfFile
DeleteAtom
FindAtomW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
LoadLibraryA
AddAtomW
OpenThread
GetAtomNameW
SetStdHandle
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
Sleep
FreeLibrary
CreateFileW
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
CreateFileMappingW
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsSetValue

user32

GetProcessWindowStation
GetDesktopWindow
MessageBoxW
CharNextW
GetUserObjectInformationW

advapi32

OpenProcessToken
RegEnumKeyExA
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegQueryValueExW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance

oleaut32

VarUI4FromStr
SysAllocString

shlwapi

StrRChrW
PathCombineW
PathFindFileNameW
PathFileExistsW
StrStrIA
StrTrimA
StrCmpNIW
StrStrIW
SHSetValueA
StrCmpIW
SHGetValueA
PathAppendW

version

GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios

crypt32

CertGetNameStringW
CertFreeCertificateChain
CryptMsgClose
CertGetCertificateChain
CertGetCertificateContextProperty
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertOpenSystemStoreW
CertCloseStore
CertOpenStore
CertAddStoreToCollection
CryptDecodeObjectEx
CryptQueryObject
CertFindCertificateInStore
CryptMsgControl
CryptDecodeObject
CertFreeCertificateContext

iphlpapi

GetAdaptersInfo

Exports

Exports

CreateObject
InitLibs

Sections

.text
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Conf64.dll
.dll windows:5 windows x64 arch:x64

7749b78811a1881988e44641eef47726

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:7c:c1:09:ab:39:e9:51:a8:8e:d6:cb:dc:d1:88:c8:c7:dc:49:4d
Signer

Actual PE Digest

3d:7c:c1:09:ab:39:e9:51:a8:8e:d6:cb:dc:d1:88:c8:c7:dc:49:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\build\360BaseNew\360Conf\x64\ReleaseT64\360Conf64.pdb

Imports

kernel32

FindResourceW
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSection
GetCurrentDirectoryW
WideCharToMultiByte
CreateFileW
GetFileSize
ReadFile
CloseHandle
LockFile
LoadResource
UnlockFile
LockResource
FindResourceExW
SetLastError
CreateEventW
SetEvent
WaitForSingleObject
CreateThread
SetThreadPriority
WaitForMultipleObjects
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
Sleep
EnterCriticalSection
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
LCMapStringA
LCMapStringW
GetCPInfo
HeapSetInformation
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

user32

CharNextW

advapi32

RegCreateKeyW
RegQueryValueExW
IsTextUnicode
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegNotifyChangeKeyValue

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysAllocString
SysAllocStringByteLen
SysAllocStringLen

shlwapi

PathAppendW
SHCreateStreamOnFileW
PathMatchSpecA

Exports

Exports

CreateObject

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360FileGuard.exe
.exe windows:5 windows x64 arch:x64

fc1b665c0f5f540153e9f39f513d6449

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:46:38:f1:bc:24:47:ea:84:1b:86:ce:4a:91:89:ab:95:1d:4c:7b
Signer

Actual PE Digest

e5:46:38:f1:bc:24:47:ea:84:1b:86:ce:4a:91:89:ab:95:1d:4c:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\vmagent_new\bin\joblist\25019\out\Release\360FileGuard64.pdb

Imports

kernel32

GetThreadLocale
GetCurrentDirectoryW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
SetErrorMode
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
GetSystemDirectoryW
GetStartupInfoW
RtlLookupFunctionEntry
RtlUnwindEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
ExitThread
CreateThread
ExitProcess
HeapQueryInformation
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
lstrlenA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetAtomNameW
GlobalGetAtomNameW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsAlloc
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
SetLastError
GlobalSize
GlobalAlloc
GlobalLock
GetFullPathNameA
GetDriveTypeA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetDiskFreeSpaceW
LocalUnlock
LocalLock
DeleteAtom
FindAtomW
AddAtomW
OutputDebugStringW
SetFilePointerEx
lstrcpynW
GetTempFileNameW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetProcessHeap
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
ResetEvent
CreateSemaphoreW
CreateEventW
WaitForSingleObjectEx
OutputDebugStringA
ReadFileEx
SetThreadPriority
ReleaseSemaphore
SetEvent
GetExitCodeThread
TerminateThread
CreateFileA
SetNamedPipeHandleState
QueryPerformanceCounter
WaitForMultipleObjects
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
SetFilePointer
GetLocalTime
GetTimeZoneInformation
GetPrivateProfileSectionW
MoveFileExW
MoveFileW
CreateMutexW
SetFileAttributesW
RemoveDirectoryW
GetACP
lstrcmpW
ExpandEnvironmentStringsW
GetFileAttributesExW
GetCommandLineW
WaitForSingleObject
TlsGetValue
TlsSetValue
CopyFileW
Sleep
FindNextFileW
WriteFile
Module32FirstW
Module32NextW
ReadProcessMemory
AreFileApisANSI
QueryDosDeviceW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
lstrlenW
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToFileTime
GlobalMemoryStatus
ResumeThread
Thread32First
OpenThread
SuspendThread
Thread32Next
FindFirstFileW
FindClose
GetCurrentProcessId
ProcessIdToSessionId
LoadLibraryA
GetModuleHandleA
TlsFree
CreateFileW
GetFileSize
ReadFile
CreateProcessW
GetExitCodeProcess
CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetTempPathW
GetDriveTypeW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
CreateMutexA
ReleaseMutex
DeleteFileW
GetVersionExW
WritePrivateProfileSectionW
GetTickCount
GetPrivateProfileStringW
GetSystemTime
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SystemTimeToTzSpecificLocalTime
GetFileAttributesW
GetLongPathNameW
GlobalFree
GetCurrentProcess
GetLastError
OpenProcess
TerminateProcess
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetProcAddress
FindResourceW
LoadResource
LockResource
DecodePointer
SizeofResource

user32

GetMessageW
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
DestroyMenu
GetMenuItemInfoW
InflateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
GetWindowThreadProcessId
GetKeyNameTextW
ScrollWindowEx
IsWindowEnabled
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
SetCursor
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
EnableWindow
SendMessageW
FrameRect
GetClientRect
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
LoadCursorW
UnregisterClassW
SetRectEmpty
GetDialogBaseUnits
DeleteMenu
CharUpperW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatW
GetSystemMenu
SetParent
UnionRect
PostThreadMessageW
GetDCEx
LockWindowUpdate
SendDlgItemMessageA
InvalidateRect
GetSystemMetrics
CheckMenuItem
GetSubMenu
LoadMenuW
PostMessageW
SetTimer
MapVirtualKeyW
KillTimer
GetParent
SetForegroundWindow
SetWindowTextA
GetDlgItem
ExitWindowsEx
SetWindowTextW
GetCursorPos
DrawTextW
IsWindow
RedrawWindow
ShowWindow
SetLayeredWindowAttributes
SetWindowLongW
GetWindowLongW
GetTabbedTextExtentW
DrawIcon
EnumWindows
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
EnumChildWindows
IsZoomed
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
CopyImage
GetUpdateRgn
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
RemoveMenu
EnumThreadWindows
CharLowerBuffW
SystemParametersInfoW
WindowFromPoint
WaitForInputIdle
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
SetActiveWindow
GetDC
SwitchToThisWindow
BringWindowToTop
SetWindowPos
PtInRect
IsWindowVisible
GetWindowRect
LoadIconW
ReleaseDC
ReleaseCapture
LoadImageW
PostQuitMessage
DrawIconEx
DestroyIcon
SetCapture
OffsetRect
CopyRect
GetClassInfoW
FindWindowW
SendMessageTimeoutW
IsIconic

gdi32

CreateFontW
StretchDIBits
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthW
GetTextExtentPoint32W
CombineRgn
SetRectRgn
CreateFontIndirectW
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
ExtTextOutW
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
TextOutW
RectVisible
PtVisible
DPtoLP
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateCompatibleDC
RectInRegion
GetObjectW
DeleteDC
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CopyMetaFileW
StartDocW
GetMapMode
CreateDIBSection
GetDIBits
StretchBlt
SetPixel
GetBkMode
GetCurrentObject
SetDIBits
ExtCreateRegion
GetBitmapBits
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
CreateDCW
GetDCOrgEx
GetClipBox
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateRectRgnIndirect
SetTextColor
SetBkColor
CreateBitmap
Escape

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
RegEnumKeyExW
RegQueryValueExA
OpenProcessToken
RegCreateKeyW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
RegDeleteValueW
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges

shell32

SHChangeNotify
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
ExtractIconW
DragFinish
SHGetSpecialFolderPathW

shlwapi

StrCmpNW
StrCmpNIW
PathIsDirectoryW
StrCmpIW
SHGetValueW
PathAppendW
PathFindExtensionW
PathAddBackslashW
StrCmpW
StrStrIW
SHSetValueW
SHDeleteValueW
SHDeleteKeyW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
SetConvertStg
CoTaskMemFree
OleFlushClipboard
CoInitialize
CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
CreateStreamOnHGlobal
StringFromGUID2
WriteFmtUserTypeStg

oleaut32

VariantCopy
VariantClear
SysAllocString
VariantChangeType
SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SafeArrayAllocData
VariantInit
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
OleCreateFontIndirect
SysFreeString
SysStringLen
SafeArrayAllocDescriptor
GetErrorInfo
SetErrorInfo
CreateErrorInfo
OleLoadPicture

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

ws2_32

select

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360GuardBase64.dll
.dll windows:5 windows x64 arch:x64

252571e5c96c263478325e5bf2675bb3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:69:d6:21:7c:74:d2:29:f2:9e:9d:37:46:8a:4a:ac:05:e4:c0:c0
Signer

Actual PE Digest

c4:69:d6:21:7c:74:d2:29:f2:9e:9d:37:46:8a:4a:ac:05:e4:c0:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

P:\intermoutput\3\360guardbase_20121204_9.0_64\Release\360GuardBase64.pdb

Imports

kernel32

WritePrivateProfileStringW
GetPrivateProfileIntW
DeleteFileW
LockResource
FindResourceExW
LoadLibraryW
GetFileAttributesExW
GetVersionExW
FileTimeToSystemTime
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
CloseHandle
OpenProcess
CreateFileW
ReadFile
WriteFile
GetFileSize
DeleteCriticalSection
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
WideCharToMultiByte
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
HeapCreate
HeapSetInformation
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
DeviceIoControl
GetCurrentProcessId
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
SetLastError
GetCurrentThreadId
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
WaitForSingleObject
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
ExitProcess
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
GetStdHandle

user32

GetActiveWindow
IsWindow
SendMessageTimeoutW
CharNextW
MessageBoxW
SendMessageW
FindWindowW
PostMessageW
RegisterWindowMessageW
GetShellWindow
GetWindowThreadProcessId

advapi32

RegCloseKey
RegDeleteKeyW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExA

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

SHGetValueA
PathIsRelativeW
SHSetValueW
SHGetValueW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathCombineW
StrCmpNIW

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htons
ntohl
ntohs
htonl

Exports

Exports

GB_SetPayInsure
GetEntryInterface

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360NetBase64.dll
.dll windows:5 windows x64 arch:x64

3027312a8e37a4b5ca653000bf0c00d5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:76:96:65:6a:49:27:ae:01:9b:3d:88:5a:61:ea:27:70:4b:5f:48:92:2d:11:0b:9b:8c:ff:a0:d7:63:34:ae
Signer

Actual PE Digest

b7:76:96:65:6a:49:27:ae:01:9b:3d:88:5a:61:ea:27:70:4b:5f:48:92:2d:11:0b:9b:8c:ff:a0:d7:63:34:ae

Digest Algorithm

sha256

PE Digest Matches

true

5f:25:27:cd:da:74:a3:df:44:17:12:83:02:41:d2:4a:aa:be:29:5b
Signer

Actual PE Digest

5f:25:27:cd:da:74:a3:df:44:17:12:83:02:41:d2:4a:aa:be:29:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\vmagent_new\bin\joblist\99681\out\Release\360NetBase64.pdb

Imports

ws2_32

htons
getsockopt
ntohs
getsockname
getpeername
recv
closesocket
socket
connect
WSASetLastError
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
ioctlsocket
__WSAFDIsSet
select
send
bind
setsockopt
WSAGetLastError

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
SleepEx
GetLastError
CloseHandle
WaitForSingleObject
ExpandEnvironmentStringsA
Sleep
FormatMessageA
GetTickCount
MultiByteToWideChar
FreeLibrary
DeviceIoControl
CreateFileA
GetCurrentProcessId
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryA
lstrlenA
LoadLibraryW
lstrlenW
FindClose
lstrcmpW
GetLongPathNameW
FindFirstFileW
ReadDirectoryChangesW
CreateFileW
CreateEventA
GetPrivateProfileStringW
lstrcmpiW
GetOverlappedResult
lstrcatW
lstrcpyW
GetSystemDirectoryW
WriteFile
SetEvent
GetVersionExA
GetSystemDirectoryA
WaitForMultipleObjects
FreeLibraryAndExitThread
CreateThread
GetModuleHandleExA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
ReadFile
GetFileSizeEx
OutputDebugStringW
FormatMessageW
GetCurrentThreadId
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
RtlUnwindEx
ExitThread
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleFileNameA
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
InitializeCriticalSectionAndSpinCount

advapi32

RegEnumKeyExA
RegQueryValueExW
RegEnumKeyExW
RegQueryValueExA
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExW

oleaut32

VarBstrCmp
VariantClear
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString

shlwapi

PathAppendW
PathFileExistsW
SHGetValueW
StrStrIW
StrCmpIW

Exports

Exports

InitLibs

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360QVM64.dll
.dll windows:5 windows x64 arch:x64

9725d1effeecffce39687b31f1a2cc11

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:f8:d6:48:e9:05:68:01:91:01:18:4b:b8:03:f2:50:61:6c:c2:38:da:b2:bd:85:59:ef:de:e8:1b:e1:0f:11
Signer

Actual PE Digest

b6:f8:d6:48:e9:05:68:01:91:01:18:4b:b8:03:f2:50:61:6c:c2:38:da:b2:bd:85:59:ef:de:e8:1b:e1:0f:11

Digest Algorithm

sha256

PE Digest Matches

true

f4:b7:a9:80:2d:a9:06:dc:75:e8:67:18:1d:b1:e2:f1:d9:b9:bb:4d
Signer

Actual PE Digest

f4:b7:a9:80:2d:a9:06:dc:75:e8:67:18:1d:b1:e2:f1:d9:b9:bb:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Q:\QVM\tags\bole_5.0.2.1004_20160426\bin\x64\Release\360QVM64.pdb

Imports

kernel32

CreateDirectoryA
GetLastError
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateFileA
CreateFileW
CloseHandle
ReadFile
WriteFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetFileSize
GetFileType
GetFileTime
SetFileTime
CopyFileA
CopyFileW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetTempPathA
GetWindowsDirectoryA
GetTempPathW
GetWindowsDirectoryW
GetFileInformationByHandle
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetLastError
GetModuleHandleW
Sleep
IsBadReadPtr
GetModuleFileNameA
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
HeapSize
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW

Exports

Exports

BoleFeaturesInitialize
BoleGetVersion
BoleInitialize
ClearEnviroment
CreateEnviroment
GetClassObject

Sections

.text
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Util64.dll
.dll windows:5 windows x64 arch:x64

01f57abb7aed657fbad4b29c75a8e1b0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:e8:52:16:86:26:76:63:a6:a5:4a:3b:d4:ac:7b:a8:3b:13:8c:3d:82:5b:a0:00:c6:95:a7:d8:b1:b5:39:60
Signer

Actual PE Digest

40:e8:52:16:86:26:76:63:a6:a5:4a:3b:d4:ac:7b:a8:3b:13:8c:3d:82:5b:a0:00:c6:95:a7:d8:b1:b5:39:60

Digest Algorithm

sha256

PE Digest Matches

true

3b:7f:d7:45:d0:c5:f5:18:4f:79:65:c7:98:17:86:01:4e:d7:b9:fa
Signer

Actual PE Digest

3b:7f:d7:45:d0:c5:f5:18:4f:79:65:c7:98:17:86:01:4e:d7:b9:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\109064\out\Release\360Util64.pdb

Imports

kernel32

OpenProcess
GetTickCount
CreateProcessW
WTSGetActiveConsoleSessionId
LocalAlloc
LocalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
GlobalAlloc
GlobalFree
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
SearchPathW
GetFileSizeEx
CreateThread
GetFileAttributesExW
GetCommandLineW
CreateMutexW
ReleaseMutex
GetSystemTimeAsFileTime
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
SetFileAttributesW
DeleteFileW
OpenThread
WideCharToMultiByte
IsBadStringPtrW
HeapAlloc
GetProcessHeap
HeapFree
ResumeThread
GetExitCodeProcess
GetSystemDefaultUILanguage
GetFileSize
GetLocalTime
WriteFile
GetFileTime
GlobalLock
GlobalSize
GlobalUnlock
GetModuleHandleExW
DeleteCriticalSection
HeapDestroy
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetWindowsDirectoryW
GetLongPathNameW
GetCurrentProcessId
DeviceIoControl
FindResourceExW
lstrlenA
GetModuleFileNameW
RaiseException
lstrlenW
lstrcmpiW
SetLastError
CloseHandle
GetLastError
GetSystemDirectoryW
SetFilePointer
GetFileInformationByHandle
CreateFileW
ReadFile
MultiByteToWideChar
ExpandEnvironmentStringsW
LoadLibraryW
GetCurrentProcess
Sleep
GetVersionExW
GetProcAddress
GetModuleHandleW
GetSystemWindowsDirectoryW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
InitializeCriticalSection
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapReAlloc
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapSetInformation
HeapSize
CreateFileA
LocalFileTimeToFileTime
SetFilePointerEx
OutputDebugStringW
FormatMessageW
GetCurrentThreadId
TlsGetValue
TlsSetValue
GetAtomNameW
AddAtomW
ExitProcess
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
GetCommandLineA
FlsSetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
GetFileAttributesW

user32

WindowFromPoint
GetAncestor
IsZoomed
GetWindowThreadProcessId
GetWindowInfo
SetForegroundWindow
wsprintfW
LoadStringW
GetSystemMetrics
GetForegroundWindow
GetDesktopWindow
GetWindowRect
GetWindow
GetShellWindow
CharNextW
FindWindowW

advapi32

RegCloseKey
RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
LookupAccountSidW
CreateProcessAsUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
QueryServiceStatus
StartServiceW
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
FreeSid
GetLengthSid
SetTokenInformation
AllocateAndInitializeSid
CreateRestrictedToken
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegQueryValueExA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
ord155
ord190
ord25
ShellExecuteW
ord152
ShellExecuteExW
ord18
SHGetFileInfoW
SHGetSpecialFolderPathW
ord165

ole32

CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoTaskMemAlloc
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
GetHGlobalFromStream

oleaut32

SafeArrayPutElement
SafeArrayCreate
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetElement
VariantChangeType
VariantInit
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

PathCombineW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW
StrChrW
SHSetValueW
PathIsRelativeW
PathAddBackslashW
PathFindExtensionW
StrStrIA
StrPBrkW
StrPBrkA
StrRetToBufW
StrCmpNIW
StrCpyNW
PathFindFileNameW
SHGetValueW
PathFileExistsW
StrCmpIW
StrStrIW
ord176

ws2_32

WSAGetLastError
ntohs
htons
ntohl
WSCUnInstallNameSpace
WSCDeinstallProvider32
WSCDeinstallProvider
WSACleanup
htonl
WSAStartup

version

VerQueryValueW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetModuleFileNameExW

iphlpapi

GetIpAddrTable

Exports

Exports

CreateObject
InitLibs
RegisterInstallTime

Sections

.text
Size: 573KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360avflt.sys
.sys windows:6 windows x64 arch:x64

5b0a006a439beeb5f8d3c4bf7ff30e10

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:d3:81:e5:ff:8c:48:d1:ff:02:db:d3:35:0e:79:74:34:05:f8:fd:db:6d:0b:62:89:13:76:79:a4:4e:cf:96
Signer

Actual PE Digest

af:d3:81:e5:ff:8c:48:d1:ff:02:db:d3:35:0e:79:74:34:05:f8:fd:db:6d:0b:62:89:13:76:79:a4:4e:cf:96

Digest Algorithm

sha256

PE Digest Matches

true

66:1e:df:db:c1:bb:d6:ff:6b:5c:fa:cc:4f:d7:87:df:74:98:d5:f7
Signer

Actual PE Digest

66:1e:df:db:c1:bb:d6:ff:6b:5c:fa:cc:4f:d7:87:df:74:98:d5:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\vmagent_new\bin\joblist\96931\src\3\360avflt64_sys\filter\objfre_win7_amd64\amd64\360AvFlt_x64.pdb

Imports

ntoskrnl.exe

KeAcquireSpinLockRaiseToDpc
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ZwQueryValueKey
ExQueryDepthSList
ZwOpenKey
RtlUpcaseUnicodeString
FsRtlLegalAnsiCharacterArray
FsRtlIsNameInExpression
RtlCompareUnicodeString
ExQueueWorkItem
ExAcquireResourceExclusiveLite
IoThreadToProcess
ExRaiseStatus
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
KeSetPriorityThread
MmGetSystemRoutineAddress
KeInitializeEvent
PsGetThreadId
IoFreeMdl
KeEnterCriticalRegion
FsRtlIsPagingFile
KeDelayExecutionThread
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
ExAcquireResourceSharedLite
IoGetCurrentProcess
ExReleaseResourceLite
PsGetProcessInheritedFromUniqueProcessId
KeWaitForSingleObject
MmProbeAndLockPages
PsGetVersion
DbgPrint
ExDeleteResourceLite
PsGetCurrentThreadId
ExInitializeResourceLite
FsRtlIsNtstatusExpected
PsGetProcessId
IoAllocateMdl
ProbeForRead
IoBuildDeviceIoControlRequest
ObOpenObjectByName
PsLookupProcessByProcessId
wcsncpy
IoQueryFileInformation
RtlEqualUnicodeString
KeUnstackDetachProcess
ObQueryNameString
IoGetDeviceObjectPointer
RtlPrefixUnicodeString
RtlAppendUnicodeStringToString
ZwOpenProcess
ZwQueryInformationProcess
ObfReferenceObject
KeStackAttachProcess
IofCallDriver
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeBugCheckEx
ObfDereferenceObject
ExInitializePagedLookasideList
RtlCopyUnicodeString
PsGetCurrentProcessId
ObReferenceObjectByHandle
ZwClose
ExEventObjectType
ExAllocatePool
ExDeletePagedLookasideList
ZwCreateFile
IoFileObjectType
KeReleaseSpinLock
IoCreateFile
KeSetEvent
RtlInitUnicodeString
_wcsnicmp
ExFreePoolWithTag
MmUnlockPages
ExAllocatePoolWithTag
ZwTerminateProcess
__C_specific_handler

fltmgr.sys

FltReleaseFileNameInformation
FltGetFileNameInformation
FltAllocateContext
FltReleaseContext
FltDeleteContext
FltGetDestinationFileNameInformation
FltSetStreamHandleContext
FltSendMessage
FltGetStreamHandleContext
FltStartFiltering
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltFreeSecurityDescriptor
FltCreateCommunicationPort
FltCloseClientPort
FltParseFileNameInformation

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 11B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360compro64.dll
.dll windows:5 windows x64 arch:x64

f420b7554b30da498061143d299b91b1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:33:67:ee:65:c2:68:99:c9:02:e5:b2:cd:72:2d:5b:19:bf:10:d6:f7:50:9f:74:e8:96:24:4d:c8:1f:fe:ab
Signer

Actual PE Digest

74:33:67:ee:65:c2:68:99:c9:02:e5:b2:cd:72:2d:5b:19:bf:10:d6:f7:50:9f:74:e8:96:24:4d:c8:1f:fe:ab

Digest Algorithm

sha256

PE Digest Matches

true

19:0d:04:4f:28:8c:fb:4d:f0:fe:ce:e3:c0:4f:48:65:fe:1e:b0:bb
Signer

Actual PE Digest

19:0d:04:4f:28:8c:fb:4d:f0:fe:ce:e3:c0:4f:48:65:fe:1e:b0:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\vmagent_new\bin\joblist\119859\out\Release\360compro64.pdb

Imports

kernel32

LoadResource
RaiseException
HeapFree
GetProcessHeap
GetDiskFreeSpaceW
FlushInstructionCache
GlobalFree
SystemTimeToFileTime
GetSystemTime
GlobalAlloc
ReleaseMutex
ResetEvent
SetEvent
GetCurrentDirectoryW
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalSize
SetLastError
Sleep
GetTempFileNameW
GetTempPathW
SetCurrentDirectoryW
GetCommandLineW
GetTickCount
CreateSemaphoreW
ReleaseSemaphore
GetDriveTypeW
IsBadReadPtr
WriteFile
CreateDirectoryW
GetLocalTime
CreateEventW
FindResourceW
SizeofResource
FreeResource
lstrcmpiW
SetFilePointer
GetCurrentProcessId
HeapAlloc
LoadLibraryA
SetEndOfFile
GetFileSizeEx
CreateMutexW
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
TlsFree
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
LocalFree
GetPrivateProfileStringW
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
InitializeCriticalSectionAndSpinCount
FlsAlloc
FlsFree
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
GetModuleFileNameA
GetStdHandle
GetCommandLineA
FlsSetValue
GetSystemTimeAsFileTime
ExitThread
ExitProcess
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
MultiByteToWideChar
OutputDebugStringW
DebugBreak
lstrlenA
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFileEx
ReadFile
GetVolumeInformationW
GetLongPathNameW
LoadLibraryExW
CreateThread
DeleteFileW
GetSystemDirectoryW
CopyFileW
GetLastError
WideCharToMultiByte
WaitForSingleObject
CreateFileW
DeviceIoControl
GetFileAttributesExW
GetStartupInfoW
CreateProcessW
lstrlenW
GetPrivateProfileIntW
GetFileAttributesW
SetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetCurrentProcess
GetModuleHandleA
GetSystemInfo
GetVersionExW
OpenProcess
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
FreeLibrary
LoadLibraryW
FormatMessageW

user32

MapWindowPoints
GetWindowDC
TrackMouseEvent
SetCursor
ReleaseCapture
CheckMenuItem
PtInRect
SetCapture
CharUpperW
PostMessageW
SendMessageTimeoutW
IsWindow
CreateWindowExW
ScreenToClient
GetAncestor
WindowFromPoint
EnumDisplaySettingsW
GetMonitorInfoW
MonitorFromPoint
GetWindowInfo
GetWindow
GetDesktopWindow
GetShellWindow
GetSystemMetrics
EqualRect
GetWindowRect
GetForegroundWindow
SetWindowPos
SystemParametersInfoW
GetClientRect
SetWindowRgn
ShowWindow
RegisterClassW
IsWindowVisible
InvalidateRect
UnregisterClassA
GetWindowThreadProcessId
SendMessageW
GetActiveWindow
MessageBoxW
LoadStringW
OffsetRect
FindWindowW
RegisterWindowMessageW
ClientToScreen
GetDlgItem
MonitorFromWindow
UpdateLayeredWindow
IsDialogMessageW
KillTimer
SetTimer
SetWindowLongW
GetWindowLongW
DestroyWindow
DefDlgProcW
CreateDialogParamW
SetWindowLongPtrW
RedrawWindow
SetDlgItemTextW
LoadCursorW
DestroyCursor
GetCursorPos
TrackPopupMenu
GetParent
CreatePopupMenu
GetSubMenu
LoadMenuW
DestroyMenu
DrawIcon
DrawTextW
GetDC
ReleaseDC
CharNextW
CopyRect
GetClassInfoW
WaitForInputIdle

advapi32

CloseServiceHandle
RegCloseKey
RegOpenKeyExW
RegSetValueExW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegDeleteValueW
ChangeServiceConfigW
GetUserNameW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumValueW
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RegCreateKeyExW
RegQueryValueExA

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

shell32

ShellExecuteW
ord680
ord165
SHParseDisplayName
ord155
SHGetSpecialFolderPathW
SHBindToParent
ExtractIconExW
SHGetFolderPathW
ShellExecuteExW

oleaut32

VariantChangeType
DispCallFunc
SysStringLen
VarUI4FromStr
VariantClear
VariantCopy
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantInit

shlwapi

wnsprintfW
PathIsDirectoryW
StrStrIW
PathIsRelativeW
StrStrIA
PathIsRootW
PathFindExtensionW
PathRemoveFileSpecW
PathCombineW
StrCmpW
PathFileExistsW
PathFindFileNameW
StrCmpIW
SHSetValueW
SHDeleteValueW
SHGetValueW
StrChrW
PathAppendW

gdi32

EnumFontFamiliesW
CreateFontW
CreateRectRgn
CombineRgn
CreateDIBSection
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
SelectObject
BitBlt
TextOutW
ExtTextOutW
SetBkColor
SetViewportOrgEx
SetTextColor
CreateCompatibleDC
DeleteObject
SetBkMode

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

gdiplus

GdiplusShutdown
GdipCreateBitmapFromStream
GdipCloneImage
GdiplusStartup
GdipDisposeImage
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics

netapi32

NetApiBufferFree
NetUserGetInfo

setupapi

CM_Get_Parent
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_IDW

Exports

Exports

CalcV3Param_RunOnce
CreateFireWallState
CreateFireWallState2
CreateFireWallState3
CreateFireWallState4
CreateFireWallStateQuick
CreateFireWallStateQuick2
CreateFireWallStateQuick3
CreatePluginFactory
CreateTrayClient
DeleteV3ParamItem
GetV3ParamInfo
NewCreatePlugin
SetAntiVirusCheckFlag

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360rp.dll
.dll windows:5 windows x64 arch:x64

2cfe1c5db1bba5f6b2954edd2dda97c2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:ea:7f:b3:1f:ca:0a:08:5c:95:f0:bf:8c:54:4a:b5:d7:27:ef:80:2d:35:ab:a4:6a:25:fb:4a:c0:93:a7:da
Signer

Actual PE Digest

21:ea:7f:b3:1f:ca:0a:08:5c:95:f0:bf:8c:54:4a:b5:d7:27:ef:80:2d:35:ab:a4:6a:25:fb:4a:c0:93:a7:da

Digest Algorithm

sha256

PE Digest Matches

true

19:57:2b:17:14:d8:3d:e9:d3:b0:84:42:ad:da:42:9e:ce:2e:d7:0c
Signer

Actual PE Digest

19:57:2b:17:14:d8:3d:e9:d3:b0:84:42:ad:da:42:9e:ce:2e:d7:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\127439\out\Release\360rp.pdb

Imports

kernel32

lstrcmpW
GetACP
GetTimeZoneInformation
lstrlenA
OpenFileMappingW
IsBadReadPtr
GetHandleInformation
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
OutputDebugStringW
GetSystemWindowsDirectoryW
GetFileInformationByHandle
SetThreadExecutionState
lstrcmpiW
SetPriorityClass
GetPrivateProfileIntA
GetFullPathNameW
GetVersionExA
LockFile
LockFileEx
UnlockFile
GetTempPathA
FormatMessageA
GetFileAttributesA
DeleteFileA
GetFullPathNameA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
SetNamedPipeHandleState
ReadFileEx
WaitForSingleObjectEx
CreateNamedPipeA
GetOverlappedResult
HeapFree
GetProcessHeap
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
GetStringTypeExW
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
lstrcmpA
LocalFileTimeToFileTime
SetFileTime
GetFileTime
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GetCommandLineW
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentDirectoryW
RtlLookupFunctionEntry
RtlUnwindEx
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
HeapAlloc
ExitThread
HeapReAlloc
FlsSetValue
GetCommandLineA
SetStdHandle
GetFileType
HeapSize
HeapQueryInformation
ExitProcess
GetStdHandle
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FatalAppExitA
LCMapStringA
PeekNamedPipe
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
DeleteAtom
FindAtomW
AddAtomW
AreFileApisANSI
QueryDosDeviceW
SetEnvironmentVariableW
LoadLibraryA
CreateSemaphoreA
OutputDebugStringA
RemoveDirectoryW
GetExitCodeProcess
VirtualAlloc
WideCharToMultiByte
Thread32First
Thread32Next
Module32FirstW
Module32NextW
GetModuleHandleA
Toolhelp32ReadProcessMemory
GetThreadTimes
GetSystemInfo
GlobalMemoryStatus
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
GetLogicalDrives
SetCurrentDirectoryW
SetUnhandledExceptionFilter
LocalAlloc
LocalFree
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryExW
OpenMutexW
GetCurrentThreadId
VirtualProtect
SetProcessWorkingSetSize
GetDiskFreeSpaceExW
FlushFileBuffers
GetTempFileNameW
CompareFileTime
GetThreadContext
ReadProcessMemory
GetFileSizeEx
SetFilePointer
WriteFile
SetEndOfFile
CreateMutexW
MoveFileW
GetShortPathNameW
OpenMutexA
SystemTimeToFileTime
GetCurrentThread
SetThreadPriority
FileTimeToLocalFileTime
GetExitCodeThread
TerminateThread
GetProcessIoCounters
WritePrivateProfileSectionW
GetPrivateProfileIntW
CreateEventA
CreateProcessW
ResetEvent
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
GetTempPathW
GetCurrentProcessId
ProcessIdToSessionId
Process32FirstW
GetProcessTimes
FileTimeToSystemTime
GetSystemTime
Process32NextW
SetLastError
TlsAlloc
CreateThread
ResumeThread
OpenThread
SuspendThread
GetLocalTime
SetLocalTime
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
CreateMutexA
ReleaseMutex
OpenProcess
GetPrivateProfileSectionW
GetDriveTypeW
CreateSemaphoreW
WaitForMultipleObjects
EnterCriticalSection
ReleaseSemaphore
GetPrivateProfileStringW
CreateDirectoryW
GetFileSize
ReadFile
WaitForSingleObject
SetEvent
GetWindowsDirectoryW
CreateEventW
WritePrivateProfileStringW
GetFileAttributesExW
CopyFileW
GetLongPathNameW
MoveFileExW
TlsGetValue
TlsSetValue
TlsFree
DeleteFileW
GetTickCount
FreeLibrary
GetLogicalDriveStringsW
lstrlenW
GetFileAttributesW
GetSystemDirectoryW
GetLastError
QueryDosDeviceA
Sleep
CreateFileW
MultiByteToWideChar
GetDriveTypeA
CreateFileA
DeviceIoControl
CloseHandle
LoadLibraryW
GetModuleFileNameW
IsBadCodePtr
GetVersionExW
GetVersion
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection
GlobalFlags

user32

GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnregisterClassW
SetWindowsHookExW
DeferWindowPos
GetMessageW
TranslateMessage
LoadIconW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
CharUpperW
MsgWaitForMultipleObjects
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
GetDesktopWindow
IsIconic
LoadStringW
MessageBoxW
SetTimer
KillTimer
EnumThreadWindows
CharLowerBuffW
ShowWindow
SendMessageTimeoutW
GetWindowRect
BringWindowToTop
SetForegroundWindow
SwitchToThisWindow
SetWindowPos
SystemParametersInfoW
WindowFromPoint
WaitForInputIdle
FindWindowExW
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetClientRect
UpdateWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
SetFocus
IsWindow
GetFocus
RemovePropW
GetPropW
SetPropW
GetClassLongPtrW
GetClassNameW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageW
CallNextHookEx
SendDlgItemMessageA
PostMessageW
FindWindowW
GetLastInputInfo
GetSystemMetrics
GetWindowThreadProcessId
RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetCapture
LockWindowUpdate
GetDCEx
UnionRect
SetParent
GetSystemMenu
IsRectEmpty
MapVirtualKeyW
GetKeyNameTextW
GetDialogBaseUnits
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuW
GetMenuBarInfo
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
DeleteMenu
ShowOwnedPopups
SetCursor
InvalidateRect
SetRectEmpty
PostQuitMessage
DestroyMenu
GetMenuItemInfoW
InflateRect
DestroyIcon
ScrollWindowEx
MoveWindow
DispatchMessageW
SetWindowTextW
ShowScrollBar

gdi32

GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ScaleWindowExtEx
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32W
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetBkColor
GetTextMetricsW
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
ExtCreatePen
GetDeviceCaps

advapi32

RegQueryValueExA
RegQueryValueExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegSetValueW
RegEnumKeyExW
OpenThreadToken
SetEntriesInAclW
RevertToSelf
DuplicateTokenEx
ControlService
QueryServiceStatusEx
SetTokenInformation
CreateProcessAsUserW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
RegDeleteValueW
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
RegCreateKeyExW
RegQueryInfoKeyW
ChangeServiceConfig2W
QueryServiceConfigW
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
CreateServiceW
ChangeServiceConfigW
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegCreateKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW
SHChangeNotify
SHFileOperationW
ShellExecuteExW
CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW

shlwapi

PathAppendW
PathFindExtensionW
PathCommonPrefixW
StrCmpNIW
StrStrIW
SHSetValueW
PathRemoveBackslashW
PathAddBackslashW
StrCmpIW
PathFileExistsW
PathFindFileNameW
PathCanonicalizeW
SHGetValueW
StrStrW
StrCmpNW
SHDeleteValueW
SHDeleteKeyW
wnsprintfW
PathCombineW
StrCmpW
PathIsDirectoryW
SHGetValueA
StrToIntW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathRemoveExtensionW

ole32

OleDuplicateData
CoDisconnectObject
StringFromGUID2
WriteClassStg
CoTreatAsClass
SetConvertStg
CoTaskMemFree
IIDFromString
CoInitializeSecurity
StringFromCLSID
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
WriteFmtUserTypeStg
CoTaskMemAlloc
CLSIDFromString
CoInitializeEx
OleRegGetUserType
CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
VarBstrCat
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SysStringByteLen
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
SafeArrayPutElement

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
CM_Request_Device_EjectW
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailW

ws2_32

WSAStartup
gethostname
gethostbyname
WSACleanup
inet_ntoa
select

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Exports

Exports

?StartListen2@Communicator@@YAPEAXPEBD@Z
?StartListen3@Communicator@@YAPEAXPEBDI@Z
?StartListen@Communicator@@YAHPEBD@Z
?StopListen2@Communicator@@YAXPEAX@Z
?StopListen@Communicator@@YAHXZ
CreateHipsClient

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 880KB - Virtual size: 880KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360rp.exe
.exe windows:5 windows x64 arch:x64

92cfe04df391f3fe25620f8df24d74ac

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:f4:cd:65:f7:9b:7b:6a:67:b2:d3:ee:78:ec:a8:ff:e2:59:fa:a7
Signer

Actual PE Digest

d9:f4:cd:65:f7:9b:7b:6a:67:b2:d3:ee:78:ec:a8:ff:e2:59:fa:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\360rp.pdb

Imports

kernel32

CreateEventW
DebugBreak
OutputDebugStringW
lstrlenA
GetVersion
GetVersionExW
GetWindowsDirectoryW
CloseHandle
ReadFile
GetFileSize
CreateFileW
TlsFree
ReleaseMutex
CreateMutexA
GetModuleHandleA
LoadLibraryA
ProcessIdToSessionId
GetCurrentProcessId
GetTickCount
FindClose
FindFirstFileW
Thread32Next
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
ResumeThread
GlobalMemoryStatus
SystemTimeToFileTime
FileTimeToSystemTime
SetEnvironmentVariableW
OpenProcess
WritePrivateProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileStringW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
QueryDosDeviceW
WideCharToMultiByte
AreFileApisANSI
ReadProcessMemory
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
WriteFile
GetPrivateProfileIntW
FindNextFileW
Sleep
CreateDirectoryW
CopyFileW
TlsSetValue
TlsGetValue
DeleteFileW
GetLongPathNameW
GetTempPathW
GetACP
CreateProcessW
GetExitCodeProcess
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesExW
GetFileAttributesW
ExpandEnvironmentStringsW
GetCommandLineW
lstrcmpW
CreateMutexW
TerminateProcess
MoveFileW
MoveFileExW
GetPrivateProfileSectionW
GetTimeZoneInformation
SetFilePointer
DeviceIoControl
DeleteAtom
FindAtomW
AddAtomW
GetAtomNameW
GetSystemTime
LocalFree
GetLocalTime
WaitForSingleObject
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetModuleFileNameW
SetLastError
lstrcmpiW
GetModuleHandleW
GetCurrentThreadId
GetLastError
lstrlenW
GetCurrentProcess
FlushInstructionCache
GetProcAddress
SetEvent
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FatalAppExitA
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
HeapReAlloc
QueryPerformanceCounter
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
GetCurrentThread
FlsFree
FlsSetValue
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
FormatMessageW
LoadLibraryW
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetStartupInfoW
RtlPcToFileHeader
RaiseException

user32

LoadCursorW
LoadStringW
CharNextW
DefWindowProcW
CallWindowProcW
GetClassInfoExW
UnregisterClassA
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
RegisterClassExW
CreateWindowExW
DispatchMessageW
CharLowerBuffW
EnumThreadWindows
CharLowerW
ShowWindow
FindWindowW
SendMessageTimeoutW
GetWindowRect
BringWindowToTop
SetForegroundWindow
SwitchToThisWindow
SetWindowPos
SystemParametersInfoW
GetSystemMetrics
WindowFromPoint
WaitForInputIdle
wvsprintfW
GetMessageW
TranslateMessage

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHChangeNotify
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

SHDeleteKeyW
StrCmpNW
StrStrIW
SHGetValueW
PathAppendW
SHDeleteValueW
SHSetValueW
PathFileExistsW
StrCmpIW
StrCmpNIW
PathAddBackslashW
PathRemoveFileSpecW
SHGetValueA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360rps.exe
.exe windows:5 windows x64 arch:x64

8d62d9d489d42dd4d1b744936ff3ee86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:46:de:60:4e:28:d4:da:0f:a6:ed:77:ea:9d:2c:14:8d:8b:62:86
Signer

Actual PE Digest

82:46:de:60:4e:28:d4:da:0f:a6:ed:77:ea:9d:2c:14:8d:8b:62:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateMutexA
LoadLibraryA
FindClose
FindFirstFileW
SuspendThread
OpenThread
SystemTimeToFileTime
GetPrivateProfileStringW
GetLogicalDriveStringsW
QueryDosDeviceW
WideCharToMultiByte
WriteFile
lstrlenA
DebugBreak
OutputDebugStringW
TlsSetValue
TlsGetValue
GetLongPathNameW
GetACP
CreateProcessW
GetFileAttributesExW
TerminateProcess
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetFileSizeEx
DeviceIoControl
SetEvent
GetHandleInformation
TerminateThread
DisconnectNamedPipe
OutputDebugStringA
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
CreateThread
FlushFileBuffers
GetLocalTime
CompareFileTime
WaitForMultipleObjects
CreateEventW
DeleteAtom
FindAtomW
AddAtomW
GetAtomNameW
GetProcessHeap
GetSystemTime
FormatMessageW
SetFilePointerEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReleaseMutex
GetConsoleMode
GetConsoleCP
LoadLibraryW
CreateMutexW
GetCurrentThreadId
Sleep
WaitForSingleObject
GetPrivateProfileSectionW
GetTickCount
WritePrivateProfileStringW
GetCommandLineW
OpenProcess
GetProcessTimes
FileTimeToLocalFileTime
FileTimeToSystemTime
GetWindowsDirectoryW
CreateDirectoryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcmpiW
GetCurrentThread
GetCurrentProcess
GetModuleFileNameW
lstrlenW
LocalAlloc
LocalFree
GetVersionExW
GetVersion
GetModuleHandleW
GetProcAddress
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
LCMapStringW
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
HeapCreate
HeapSetInformation
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
SetStdHandle
TlsFree
GetStartupInfoW
RtlUnwindEx
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RtlLookupFunctionEntry
RtlPcToFileHeader
UnhandledExceptionFilter
RaiseException

user32

CharNextW
LoadStringW
wvsprintfW
PostThreadMessageW
CharUpperW

advapi32

SetServiceStatus
CreateProcessAsUserW
RevertToSelf
DuplicateTokenEx
SetEntriesInAclW
AllocateAndInitializeSid
EqualSid
FreeSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetSecurityDescriptorDacl
QueryServiceStatus
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryValueExA
ControlService
StartServiceW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
PathFileExistsW
StrCmpIW
SHSetValueW
SHGetValueW
StrStrIW
PathRemoveFileSpecW
PathAddBackslashW
StrCmpNIW

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360sd.exe
.exe windows:5 windows x64 arch:x64

47fc72851f92d48eee0d0d70a87e67ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:79:58:5d:12:24:f0:8e:86:57:14:47:3f:88:b2:d6:95:a2:1b:2c:82:9a:ec:61:48:dd:42:2f:a9:27:c4:de
Signer

Actual PE Digest

ad:79:58:5d:12:24:f0:8e:86:57:14:47:3f:88:b2:d6:95:a2:1b:2c:82:9a:ec:61:48:dd:42:2f:a9:27:c4:de

Digest Algorithm

sha256

PE Digest Matches

true

44:c9:79:e5:20:b1:97:c4:96:28:10:7f:2f:e4:55:ba:69:92:77:ae
Signer

Actual PE Digest

44:c9:79:e5:20:b1:97:c4:96:28:10:7f:2f:e4:55:ba:69:92:77:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\vmagent_new\bin\joblist\127436\out\Release\360sd.pdb

Imports

kernel32

GlobalMemoryStatusEx
FindClose
FindNextFileW
FindFirstFileW
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemWindowsDirectoryW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
WritePrivateProfileSectionW
GetDiskFreeSpaceW
GetLocalTime
GetPrivateProfileIntW
ExpandEnvironmentStringsW
MoveFileExW
GetSystemTime
GetExitCodeProcess
CreateProcessW
SetThreadPriority
GetCurrentThread
SetFileAttributesW
GetTempFileNameW
CreateThread
CreateEventW
TerminateThread
SetEvent
WaitForMultipleObjects
GlobalDeleteAtom
GlobalAddAtomA
lstrcpynW
GlobalFree
GetExitCodeThread
GetDriveTypeW
OpenMutexA
GetLongPathNameW
SearchPathW
QueryDosDeviceW
MoveFileW
GetDiskFreeSpaceExW
GetFileSizeEx
OpenMutexW
GlobalAddAtomW
GlobalFindAtomW
SetPriorityClass
ResetEvent
CompareFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetStartupInfoW
SetCurrentDirectoryW
GetFileTime
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
GetNumberFormatW
CreateMutexW
GetACP
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
Module32NextW
Module32FirstW
RemoveDirectoryW
WriteFile
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
GlobalMemoryStatus
GetSystemInfo
VirtualProtect
SetErrorMode
GetModuleHandleA
GetProcessTimes
GetSystemTimes
lstrcatW
lstrcpyW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetNativeSystemInfo
FreeResource
GetTimeZoneInformation
FlushFileBuffers
OpenFileMappingW
MapViewOfFile
AreFileApisANSI
ReadProcessMemory
OutputDebugStringA
LoadLibraryA
ProcessIdToSessionId
Thread32Next
SuspendThread
OpenThread
Thread32First
ResumeThread
SetEnvironmentVariableW
lstrcmpW
InitializeCriticalSectionAndSpinCount
SetEndOfFile
SetFilePointer
GetPrivateProfileSectionNamesW
GetHandleInformation
CreateEventA
TlsFree
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
CreateSemaphoreW
ReleaseSemaphore
GetFullPathNameW
QueryPerformanceCounter
SetNamedPipeHandleState
ReadFileEx
WaitForSingleObjectEx
GetVersionExA
CompareStringW
MulDiv
LocalFree
FormatMessageW
GlobalSize
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetStringTypeExW
GetThreadLocale
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GetShortPathNameW
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
GlobalGetAtomNameW
GetAtomNameW
lstrlenA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
HeapReAlloc
ExitProcess
HeapQueryInformation
HeapSize
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetDateFormatA
GetTimeFormatA
LCMapStringA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
SetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
FatalAppExitA
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFullPathNameA
SetEnvironmentVariableA
CreateDirectoryW
LocalUnlock
LocalLock
DeleteAtom
FindAtomW
AddAtomW
SetFilePointerEx
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
SetProcessWorkingSetSize
GetCurrentProcessId
CopyFileW
GetPrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetTickCount
GetWindowsDirectoryW
OutputDebugStringW
GetTempPathW
LoadLibraryExW
lstrcmpiW
GetCurrentThreadId
GetVersion
GetFileSize
ReadFile
GetCurrentProcess
FlushInstructionCache
IsBadReadPtr
SetLastError
FreeLibrary
GetCommandLineW
OpenProcess
TerminateProcess
CreateMutexA
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetLogicalDriveStringsW
lstrlenW
GetFileAttributesW
GetSystemDirectoryW
LoadLibraryW
GetLastError
QueryDosDeviceA
Sleep
CreateFileW
MultiByteToWideChar
GetDriveTypeA
CreateFileA
DeviceIoControl
CloseHandle
DeleteFileW
WaitForSingleObject
GetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleW
GetVersionExW
GetProcAddress
FindResourceW
LoadResource
LockResource
DisconnectNamedPipe
SizeofResource

user32

GetCursor
SetPropW
GetPropW
PrintWindow
GetDlgCtrlID
WaitForInputIdle
CharLowerBuffW
EnumThreadWindows
GetWindowPlacement
SystemParametersInfoA
IntersectRect
GetMenu
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
GetSysColor
RegisterClassW
UpdateWindow
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetWindowTextLengthW
RemovePropW
GetClassLongPtrW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageW
SendDlgItemMessageA
RemoveMenu
InsertMenuW
AppendMenuW
GetMenuStringW
GetMenuState
GetWindowDC
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
ScrollWindowEx
ValidateRect
EnableMenuItem
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
GetKeyNameTextW
MapVirtualKeyW
InflateRect
GetNextDlgTabItem
GetMenuItemInfoW
DestroyMenu
DrawIcon
CharUpperW
GetSysColorBrush
UnregisterClassW
DestroyIcon
CopyAcceleratorTableW
SetRect
InvalidateRgn
GetShellWindow
MessageBeep
GetDialogBaseUnits
SetRectEmpty
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatW
GetSystemMenu
SetParent
UnionRect
PostThreadMessageW
GetDCEx
LockWindowUpdate
DeleteMenu
FindWindowExW
LoadImageW
RegisterHotKey
UnregisterHotKey
OpenDesktopW
SwitchDesktop
CloseDesktop
LoadIconW
IsIconic
LoadMenuW
GetSubMenu
CheckMenuItem
DefWindowProcW
ScreenToClient
SetForegroundWindow
BringWindowToTop
ExitWindowsEx
WindowFromPoint
GetCursorPos
PtInRect
SetLayeredWindowAttributes
SetWindowTextW
GetDlgItem
SetFocus
GetDesktopWindow
SetCursor
FillRect
ReleaseCapture
SetCapture
GetSystemMetrics
FrameRect
CreateWindowExA
GetWindowLongPtrW
GetPropA
SetPropA
CallWindowProcW
RegisterWindowMessageW
GetParent
KillTimer
OffsetRect
CopyRect
DrawTextW
UpdateLayeredWindow
ShowWindow
RedrawWindow
MsgWaitForMultipleObjects
PeekMessageW
PostQuitMessage
EnableWindow
SetActiveWindow
CreateDialogIndirectParamW
GetClassInfoW
MessageBoxW
SetWindowLongPtrW
RegisterClassExW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
GetClassInfoExW
PostMessageW
CreateWindowExW
FindWindowW
GetWindowThreadProcessId
IsWindowEnabled
ModifyMenuW
GetMenuItemID
GetMenuItemCount
GrayStringW
DrawTextExW
TabbedTextOutW
AdjustWindowRectEx
IsRectEmpty
DrawIconEx
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
GetActiveWindow
DialogBoxParamW
GetForegroundWindow
GetClassNameW
EndDialog
GetWindowTextW
SwitchToThisWindow
EndPaint
BeginPaint
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetNextDlgGroupItem
ClientToScreen
DestroyWindow
GetTabbedTextExtentW
UnregisterClassA
GetClipboardData
IsClipboardFormatAvailable
CopyImage
EnumWindows
EnumChildWindows
GetUpdateRgn
SendMessageTimeoutW
SetTimer
SendMessageW
SetWindowRgn
SystemParametersInfoW
MoveWindow
IsZoomed
GetClientRect
GetDC
IsWindow
IsWindowVisible
GetWindowLongW
SetWindowLongW
GetWindowRect
SetWindowPos
GetWindow
ReleaseDC
InvalidateRect

advapi32

RegCloseKey
StartServiceW
ChangeServiceConfigW
CreateServiceW
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
FreeSid
EqualSid
IsValidSid
AllocateAndInitializeSid
GetTokenInformation
SetEntriesInAclW
OpenThreadToken
ControlService
QueryServiceStatus
RegSetValueW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
SetFileSecurityW
GetFileSecurityW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
RegNotifyChangeKeyValue
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
OpenServiceW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
DragQueryFileW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
ShellExecuteExW
SHFileOperationW
CommandLineToArgvW
ExtractIconW
DragFinish
Shell_NotifyIconW

comctl32

_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindExtensionW
SHDeleteKeyW
StrRChrW
PathIsRelativeW
wnsprintfW
StrCmpIW
PathRemoveExtensionW
StrCmpW
StrCmpNW
PathFindFileNameW
StrCmpNIW
PathAppendW
StrStrW
StrCpyNW
PathCompactPathW
PathRemoveFileSpecW
PathAddBackslashW
SHDeleteValueW
SHSetValueW
SHSetValueA
SHGetValueA
PathIsDirectoryW
PathCombineW
SHGetValueW
StrStrIW
PathFileExistsW
PathIsUNCW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

gethostbyname
select
inet_addr
inet_ntoa

crypt32

CertCloseStore
CertNameToStrW
CertEnumCertificatesInStore
CertOpenStore
CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360sdToasts.exe
.exe windows:6 windows x64 arch:x64

6dcf02a43d359139a75cfe0795f1df05

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:bc:d2:ef:d4:90:ce:6d:f4:6d:2c:85:b6:f0:87:8e:75:ff:19:d4
Signer

Actual PE Digest

61:bc:d2:ef:d4:90:ce:6d:f4:6d:2c:85:b6:f0:87:8e:75:ff:19:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\x64\360sdToasts.pdb

Imports

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

shlwapi

PathAppendW
PathFileExistsW
StrStrIW
StrCmpNIW
StrStrW
SHStrDupW

kernel32

GetProcAddress
GetModuleHandleW
LoadLibraryW
GetWindowsDirectoryW
DeleteFileW
GetModuleFileNameW
CreateFileW
GetFileSize
ReadFile
CloseHandle
WriteFile
WideCharToMultiByte
GetCurrentProcessId
ReleaseMutex
GetLastError
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
FreeLibrary
MultiByteToWideChar
GetACP
OpenThread
WaitForSingleObject
CreateProcessW
CreateMutexW
SystemTimeToFileTime
Sleep
TerminateProcess
GetCommandLineW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesW
RaiseException
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushFileBuffers
GetTickCount64
QueryPerformanceCounter
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
SetLastError
GetCPInfo
GetOEMCP
IsValidCodePage
GetStartupInfoW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx
RtlLookupFunctionEntry
AddAtomW
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
RtlPcToFileHeader
GetSystemTimeAsFileTime
DecodePointer
LocalFree
FormatMessageW
GetFileSizeEx
LocalFileTimeToFileTime
CreateFileA
ReadConsoleW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer

user32

PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
CreateWindowExW

advapi32

RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

PropVariantClear
CoCreateInstance
CoInitialize

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z.dll
.dll windows:5 windows x64 arch:x64

ad38b131b826a9f541a532d2bc094d00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:64:0f:dd:e2:34:59:e4:1f:e8:79:05:07:aa:86:34:e8:8d:f1:26:10:c5:5f:e4:2e:75:fe:14:8a:90:6e:b0
Signer

Actual PE Digest

92:64:0f:dd:e2:34:59:e4:1f:e8:79:05:07:aa:86:34:e8:8d:f1:26:10:c5:5f:e4:2e:75:fe:14:8a:90:6e:b0

Digest Algorithm

sha256

PE Digest Matches

true

7d:b7:a1:98:10:aa:84:68:56:d5:fc:22:20:13:4a:84:8b:21:e9:fb
Signer

Actual PE Digest

7d:b7:a1:98:10:aa:84:68:56:d5:fc:22:20:13:4a:84:8b:21:e9:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\102838\out\Release\7z.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetLastError
AreFileApisANSI
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CompareFileTime
GetWindowsDirectoryW
GetWindowsDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesW
SetFileAttributesA
RemoveDirectoryW
RemoveDirectoryA
MoveFileW
MoveFileA
GetModuleHandleW
CreateDirectoryW
CreateDirectoryA
DeleteFileW
DeleteFileA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathW
GetTempPathA
FindClose
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
GetFileAttributesW
GetFileAttributesA
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstChangeNotificationA
GetLogicalDriveStringsW
GetLogicalDriveStringsA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
CreateFileA
GetSystemInfo
GlobalMemoryStatusEx
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeFormatA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetDateFormatA

user32

CharPrevExA
CharUpperW
CharUpperA

oleaut32

VariantCopy
SysAllocString
SysFreeString
SysStringLen
VariantClear
SysAllocStringLen
SysAllocStringByteLen

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z64.dll
.dll windows:5 windows x64 arch:x64

ad38b131b826a9f541a532d2bc094d00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:64:0f:dd:e2:34:59:e4:1f:e8:79:05:07:aa:86:34:e8:8d:f1:26:10:c5:5f:e4:2e:75:fe:14:8a:90:6e:b0
Signer

Actual PE Digest

92:64:0f:dd:e2:34:59:e4:1f:e8:79:05:07:aa:86:34:e8:8d:f1:26:10:c5:5f:e4:2e:75:fe:14:8a:90:6e:b0

Digest Algorithm

sha256

PE Digest Matches

true

7d:b7:a1:98:10:aa:84:68:56:d5:fc:22:20:13:4a:84:8b:21:e9:fb
Signer

Actual PE Digest

7d:b7:a1:98:10:aa:84:68:56:d5:fc:22:20:13:4a:84:8b:21:e9:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\102838\out\Release\7z.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetLastError
AreFileApisANSI
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CompareFileTime
GetWindowsDirectoryW
GetWindowsDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesW
SetFileAttributesA
RemoveDirectoryW
RemoveDirectoryA
MoveFileW
MoveFileA
GetModuleHandleW
CreateDirectoryW
CreateDirectoryA
DeleteFileW
DeleteFileA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathW
GetTempPathA
FindClose
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
GetFileAttributesW
GetFileAttributesA
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstChangeNotificationA
GetLogicalDriveStringsW
GetLogicalDriveStringsA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
CreateFileA
GetSystemInfo
GlobalMemoryStatusEx
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeFormatA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetDateFormatA

user32

CharPrevExA
CharUpperW
CharUpperA

oleaut32

VariantCopy
SysAllocString
SysFreeString
SysStringLen
VariantClear
SysAllocStringLen
SysAllocStringByteLen

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AVCheck64.dll
.dll windows:5 windows x64 arch:x64

444c79ab5fd3d877bc7d5113660709c0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:e5:c3:3d:8f:80:4d:13:5e:88:d3:40:0f:50:87:fd:b9:99:a9:f2
Signer

Actual PE Digest

1c:e5:c3:3d:8f:80:4d:13:5e:88:d3:40:0f:50:87:fd:b9:99:a9:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
FindNextFileW
lstrlenA
SetLastError
GetFullPathNameW
GetPrivateProfileStringW
GetWindowsDirectoryA
GetPrivateProfileStringA
GetFileAttributesExA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
DebugBreak
CloseHandle
ReadFile
GetFileSize
CreateFileW
SystemTimeToFileTime
GetWindowsDirectoryW
GetModuleFileNameW
GetPrivateProfileIntW
WaitForSingleObject
CreateThread
TlsFree
GetCurrentProcess
GetModuleHandleA
TlsAlloc
TlsSetValue
TlsGetValue
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
FreeLibrary
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
RaiseException
SearchPathW
GetFileAttributesW
LocalFree
LocalAlloc
lstrlenW
FindFirstFileW
FindClose
GetVersionExW
GetSystemDirectoryW
OutputDebugStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WriteFile
GetCurrentProcessId
GetTickCount
SetEnvironmentVariableA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
GetLastError
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
GetTimeZoneInformation
Sleep
GetModuleHandleW

user32

LoadStringW
CharNextW
wvsprintfW

advapi32

RegOpenKeyExW
RegOpenKeyExA
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegQueryValueExA
RegEnumKeyW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SysFreeString

shlwapi

SHQueryInfoKeyA
SHEnumKeyExA
PathAppendW
PathFindFileNameW
StrChrW
StrToIntW
StrCmpIW
PathFileExistsW
PathIsDirectoryW
PathAppendA
PathStripToRootW
StrDupW
StrCpyNW
StrCmpNIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

InitAntiVirusScanEng

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AVEI64.dll
.dll windows:5 windows x64 arch:x64

8db929e8f48c82d202926d165cf4f637

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:d1:c3:ee:f7:3b:ab:10:8c:85:9b:7e:f5:9c:b5:58:4d:c7:da:a8
Signer

Actual PE Digest

77:d1:c3:ee:f7:3b:ab:10:8c:85:9b:7e:f5:9c:b5:58:4d:c7:da:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\gve\tags\20150508\bin\x64\Release_sign\AVEI.pdb

Imports

kernel32

LeaveCriticalSection
CreateFileW
EnterCriticalSection
DeviceIoControl
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetProcAddress
GetModuleFileNameW
CloseHandle
GetModuleHandleW
GetLastError
MultiByteToWideChar
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFilePointerEx
ReadFile
GetFileSizeEx
OutputDebugStringW
FormatMessageW
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
WaitForSingleObject
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
FindAtomW
DeleteAtom
TlsFree
IsBadReadPtr
FreeLibrary

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

Exports

Exports

AveQueryResult
CloseScanner
CreateScanner
CreateScannerEx
Scan
ScanFileEnum
ScanFileEnumW
ScanIStream
ScanMem
ScanProc
ScanW
SetScannerConfig

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AVEngine.dll
.dll windows:5 windows x64 arch:x64

2365941aab9e1a5107ec1a5de48ad6f5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:11:8b:28:d2:71:59:07:a2:e7:7b:4b:6b:1a:ba:ed:26:af:ea:16:54:8a:a3:40:97:78:10:ce:2b:f9:f8:7c
Signer

Actual PE Digest

6f:11:8b:28:d2:71:59:07:a2:e7:7b:4b:6b:1a:ba:ed:26:af:ea:16:54:8a:a3:40:97:78:10:ce:2b:f9:f8:7c

Digest Algorithm

sha256

PE Digest Matches

true

35:da:ad:45:c5:ae:93:66:bf:7c:96:8b:59:0a:14:c2:a2:87:26:42
Signer

Actual PE Digest

35:da:ad:45:c5:ae:93:66:bf:7c:96:8b:59:0a:14:c2:a2:87:26:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\gve\tags\20160704\bin\x64\Release_sign\360ave.pdb

Imports

kernel32

RemoveDirectoryW
CreateFileA
CreateFileW
CloseHandle
ReadFile
WriteFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetFileSize
GetFileType
GetFileTime
SetFileTime
CopyFileA
CopyFileW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
RemoveDirectoryA
GetTempPathA
GetWindowsDirectoryA
GetTempPathW
GetWindowsDirectoryW
GetFileInformationByHandle
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
SetLastError
LoadLibraryW
Sleep
GetModuleHandleW
GetModuleFileNameW
DeviceIoControl
GetCurrentProcessId
CreateDirectoryW
GetLastError
CreateDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
TlsFree
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
SetFileAttributesW
GetModuleFileNameA
HeapFree
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
FlsAlloc
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
WaitForSingleObject
TlsSetValue
GetAtomNameW
OpenThread

oleaut32

VariantClear

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

Exports

Exports

BAPIInitialize
ClearEnviroment
CreateEnviroment
GetClassObject

Sections

.text
Size: 1015KB - Virtual size: 1014KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashReport.dll
.dll windows:5 windows x64 arch:x64

b8e850231a6969b88e2d435b05685e70

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:11:03:9a:79:95:19:a1:b4:c9:94:9c:8c:2a:cc:21:af:79:bc:03
Signer

Actual PE Digest

c1:11:03:9a:79:95:19:a1:b4:c9:94:9c:8c:2a:cc:21:af:79:bc:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueW
SHGetValueW
PathFileExistsW

kernel32

GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
LocalFileTimeToFileTime
GetFileSizeEx
RtlLookupFunctionEntry
RtlUnwindEx
FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
RtlPcToFileHeader
HeapReAlloc
HeapQueryInformation
HeapSize
Sleep
ExitProcess
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetFilePointerEx
OutputDebugStringW
GetSystemTime
CreateMutexW
GetProcessHeap
OpenThread
AddAtomW
FindAtomW
DeleteAtom
FlushFileBuffers
WriteFile
GlobalAddAtomW
GlobalFlags
lstrcmpW
WaitForSingleObject
SystemTimeToFileTime
lstrlenA
lstrcmpA
GetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
SetLastError
RaiseException
LoadLibraryA
LocalFree
LocalAlloc
SetUnhandledExceptionFilter
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTickCount
MultiByteToWideChar
CreateMutexA
GetLastError
ReleaseMutex
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetModuleHandleW
LoadLibraryW
DeviceIoControl
ReadFile
SetFilePointer
GetModuleFileNameW
GetEnvironmentVariableW
GetWindowsDirectoryW
CreateDirectoryW
GetVersionExW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
IsDebuggerPresent

advapi32

RegEnumKeyExW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA

user32

DestroyMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
PostQuitMessage
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
EnableMenuItem
CheckMenuItem
SetWindowPos
IsWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
GetMenuState
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongW
SendMessageW
GetWindowThreadProcessId
UnhookWindowsHookEx
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorW
GetWindowTextW
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
ModifyMenuW

gdi32

GetStockObject
DeleteDC
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
DeleteObject
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetMapMode

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

?RaiseException@@YAXXZ
AutoSend
Initialize
OnExiting

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FsrMgr.dll
.dll windows:5 windows x64 arch:x64

77a7c0ab96ec13605abcd0505834d803

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:eb:18:40:31:7e:5a:09:e2:80:72:2a:9e:dc:90:69:d0:72:3e:99:2a:82:ff:d2:16:27:05:c1:8d:e2:2c:45
Signer

Actual PE Digest

a3:eb:18:40:31:7e:5a:09:e2:80:72:2a:9e:dc:90:69:d0:72:3e:99:2a:82:ff:d2:16:27:05:c1:8d:e2:2c:45

Digest Algorithm

sha256

PE Digest Matches

true

a3:bb:21:b4:6d:9c:b0:d4:88:f8:78:15:49:f9:a1:e2:2a:bf:b2:19
Signer

Actual PE Digest

a3:bb:21:b4:6d:9c:b0:d4:88:f8:78:15:49:f9:a1:e2:2a:bf:b2:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\119933\out\Release\FsrMgr64.pdb

Imports

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

kernel32

WideCharToMultiByte
GetCurrentProcessId
GetTickCount
FreeLibrary
TlsFree
TlsGetValue
TlsSetValue
Sleep
ReleaseMutex
CreateMutexA
GetLastError
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetLogicalDriveStringsW
QueryDosDeviceW
LoadLibraryA
MultiByteToWideChar
GetACP
ProcessIdToSessionId
OpenThread
WaitForSingleObject
CreateMutexW
SystemTimeToFileTime
TerminateProcess
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeviceIoControl
InitializeCriticalSection
GetSystemDirectoryW
DeleteAtom
FindAtomW
AddAtomW
GetAtomNameW
GetSystemTime
LocalFree
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameW
GetWindowsDirectoryW
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetVersion
GetVersionExW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
FlushFileBuffers
CreateFileA
HeapSetInformation
GetModuleFileNameA
GetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
FlsAlloc
ExitProcess
GetCPInfo
GetEnvironmentStringsW

advapi32

GetTokenInformation
ConvertSidToStringSidW
DuplicateTokenEx
RegOpenKeyW
RegEnumKeyExW
GetUserNameW
RegQueryValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysFreeString

shlwapi

SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathCombineW
StrCmpNIW

Exports

Exports

CreateObject
ReleaseObject

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GetSvcName64.exe
.exe windows:5 windows x64 arch:x64

06ba6062627adfdf1244fe55920d977c

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:52:64:5a:9c:99:fd:fb:95:ce:c5:46:2b:36:59:fa:ca:ed:bc:bb
Signer

Actual PE Digest

27:52:64:5a:9c:99:fd:fb:95:ce:c5:46:2b:36:59:fa:ca:ed:bc:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\building\360project\360sd\branches\360QMachine\build\x86\GetSvcName64.pdb

Imports

kernel32

GetNativeSystemInfo
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetFilePointer
GetCommandLineW
LocalFree
CloseHandle
OpenThread
OpenProcess
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStringTypeA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
RtlUnwindEx
RtlPcToFileHeader
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeValueW

shell32

CommandLineToArgvW

shlwapi

PathAppendA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MenuEx.dll
.dll regsvr32 windows:5 windows x64 arch:x64

ae87516e43424aaa0d52d055d9b5460b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:8e:a9:47:aa:5a:5c:67:5f:e5:11:7a:c2:4e:e7:aa:82:52:4a:68:50:c9:88:c6:09:c2:dd:ca:f8:be:4f:0f
Signer

Actual PE Digest

8c:8e:a9:47:aa:5a:5c:67:5f:e5:11:7a:c2:4e:e7:aa:82:52:4a:68:50:c9:88:c6:09:c2:dd:ca:f8:be:4f:0f

Digest Algorithm

sha256

PE Digest Matches

true

e4:af:49:53:7f:00:f0:9b:cc:7d:fd:d3:6d:09:a9:bd:2e:0b:22:84
Signer

Actual PE Digest

e4:af:49:53:7f:00:f0:9b:cc:7d:fd:d3:6d:09:a9:bd:2e:0b:22:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\110435\out\Release\MenuEx.pdb

Imports

kernel32

WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
CreateFileW
ReleaseMutex
CreateMutexA
Sleep
ResetEvent
DeleteFileW
WaitForSingleObject
OpenEventW
lstrcpynA
lstrcpynW
CreateProcessW
lstrcmpW
CreateDirectoryW
GetWindowsDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTickCount
GetPrivateProfileSectionW
CreateThread
FlushFileBuffers
WriteFile
GetTempFileNameW
GetTempPathW
GlobalUnlock
GlobalLock
UnmapViewOfFile
FileTimeToSystemTime
SystemTimeToFileTime
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
QueryPerformanceCounter
WritePrivateProfileSectionW
SetFileAttributesW
OpenMutexW
GetStringTypeExW
GetThreadLocale
GetDriveTypeW
lstrlenA
DebugBreak
OutputDebugStringW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
TlsFree
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
ProcessIdToSessionId
GetCurrentProcessId
Thread32Next
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
ResumeThread
GlobalMemoryStatus
SetEnvironmentVariableW
OpenProcess
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
QueryDosDeviceW
AreFileApisANSI
ReadProcessMemory
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CopyFileW
TlsSetValue
TlsGetValue
GetLongPathNameW
GetACP
GetExitCodeProcess
RemoveDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
CreateMutexW
TerminateProcess
MoveFileW
MoveFileExW
GetTimeZoneInformation
DeviceIoControl
LocalAlloc
LocalFree
DeleteAtom
FindAtomW
AddAtomW
LoadLibraryW
GetProcessHeap
GetSystemTime
GetLocalTime
FormatMessageW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
IsValidLocale
GetVersionExW
GetVersion
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
lstrcmpiW
GetLastError
RaiseException
lstrlenW
GetFileAttributesExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileIntW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
FatalAppExitA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
HeapReAlloc
HeapDestroy
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
FlsAlloc
GetCurrentThread
SetLastError
FlsFree
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
FlsSetValue
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlPcToFileHeader
GetAtomNameW
GetVolumeInformationW
GetModuleFileNameW

user32

DrawTextW
GetDC
LoadImageW
SystemParametersInfoW
WindowFromPoint
ReleaseDC
LoadStringW
GetSystemMetrics
CharNextW
SetMenuItemBitmaps
InsertMenuW
wvsprintfW
CharLowerW
WaitForInputIdle
InsertMenuItemW
CharLowerBuffW
EnumThreadWindows
ShowWindow
FindWindowW
SendMessageTimeoutW
GetWindowRect
BringWindowToTop
SetForegroundWindow
SwitchToThisWindow
SetWindowPos
GetSysColor

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExA
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
SHChangeNotify
ShellExecuteExW
DragQueryFileW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
ReleaseStgMedium
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi

shlwapi

SHGetValueW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW
SHDeleteKeyW
StrStrIW
PathFileExistsW
PathSkipRootW
PathIsNetworkPathW
StrCmpNIW
SHSetValueW
StrCmpNW
SHDeleteValueW
PathAddBackslashW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MethodMsgBox.dll
.dll windows:5 windows x64 arch:x64

f6180fb3baa7ac2c1a0538d40b62ac0c

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:c7:f4:39:60:8f:11:7f:5b:dc:ce:91:31:39:9d:fc:63:0f:0d:35
Signer

Actual PE Digest

f6:c7:f4:39:60:8f:11:7f:5b:dc:ce:91:31:39:9d:fc:63:0f:0d:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\MethodMsgBox.pdb

Imports

kernel32

GetCurrentDirectoryA
GetDriveTypeA
GlobalDeleteAtom
GlobalAddAtomA
FreeResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
SetFilePointer
lstrlenW
TerminateProcess
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
CreateMutexW
CreateProcessW
WaitForSingleObject
OpenThread
GetACP
MultiByteToWideChar
LoadLibraryA
lstrcmpW
GetCurrentProcess
GetLastError
ReleaseMutex
SetLastError
GetVersionExA
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
MulDiv
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
TlsAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
GlobalFlags
GetAtomNameW
lstrlenA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileSizeEx
GetFileTime
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetProcessHeap
lstrcpynW
GetTempFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetFilePointerEx
OutputDebugStringW
GetSystemTime
AddAtomW
FindAtomW
DeleteAtom
GetFileAttributesW
Sleep
TlsSetValue
TlsGetValue
TlsFree
FreeLibrary
LoadLibraryW
GetCurrentProcessId
WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
SizeofResource
WriteFile
GetPrivateProfileSectionW
GetVersion
GetWindowsDirectoryW
CloseHandle
GetProcAddress
CreateFileW
ReadFile
GetVersionExW
GetTickCount
GetModuleHandleW
CreateDirectoryW
GetFileSize
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource

user32

CharUpperW
InvalidateRect
SetTimer
KillTimer
IsRectEmpty
IsZoomed
GetUpdateRgn
EnumChildWindows
SetWindowRgn
GetMonitorInfoW
MonitorFromWindow
CopyImage
FrameRect
LoadImageW
DrawIcon
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
UpdateWindow
PostMessageW
GetSubMenu
GetMenuItemID
CheckMenuItem
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
GetDlgCtrlID
DefWindowProcW
CopyRect
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
EnableWindow
GetParent
DrawIconEx
SetForegroundWindow
LoadCursorW
GetSysColorBrush
DestroyMenu
UnregisterClassW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowThreadProcessId
MoveWindow
SetWindowTextW
IsDialogMessageW
ShowWindow
GetSystemMetrics
WindowFromPoint
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetWindowLongPtrW
CallWindowProcW
SetPropA
SetWindowLongPtrW
SendMessageW
GetPropA
UpdateLayeredWindow
IsWindowVisible
SetActiveWindow
SystemParametersInfoW
GetActiveWindow
IsWindowEnabled
GetWindow
GetWindowLongW
SetWindowLongW
GetClientRect
ReleaseDC
GetDC
GetWindowRect
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CreateWindowExW
EnableMenuItem
SetWindowPos
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuState
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMenuItemCount
UnhookWindowsHookEx
GetSysColor

gdi32

BitBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
SetRectRgn
CombineRgn
CreateCompatibleBitmap
SetMapMode
SetStretchBltMode
SelectClipRgn
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
SetDIBits
GetCurrentObject
GetTextColor
GetBkMode
GetBitmapBits
ExtCreateRegion
GetDIBits
CreateDIBSection
StretchBlt
GetObjectW
SelectObject
CreateCompatibleDC
DeleteDC
SetBkColor
SetTextColor
GetClipBox

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegQueryValueExA
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VariantCopy
SysStringByteLen
VariantInit
VariantChangeType
VariantClear
OleLoadPicture
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString

shlwapi

PathIsDirectoryW
PathFileExistsW
StrStrIW
StrCmpW
SHGetValueW
PathAddBackslashW
StrCmpNIW
PathAppendW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

GetFileTitleW

msimg32

AlphaBlend
TransparentBlt

comctl32

_TrackMouseEvent

Exports

Exports

AutoRun_Enable
BOSD_DisDrv
BOSD_OpenUrl
BOSD_TIP
BOSD_Upld
IEERR_Proc
SyncTime_AutoRun

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MsgCenter64.dll
.dll windows:5 windows x64 arch:x64

80e43715fdf09e6e38cc76621b1aeba6

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f2:76:20:3e:a1:71:b5:30:3b:9e:35:2e:f8:d9:f6:a9:95:c0:38:f9
Signer

Actual PE Digest

f2:76:20:3e:a1:71:b5:30:3b:9e:35:2e:f8:d9:f6:a9:95:c0:38:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\MsgCenter64.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
WriteConsoleW
GetConsoleOutputCP
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetLastError
HeapFree
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
HeapAlloc
Sleep
HeapSize
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
FreeLibrary
GetProcessHeap
GetModuleFileNameW
VirtualQuery
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
HeapReAlloc
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadFile
SetFilePointer
CloseHandle
CreateFileA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetEndOfFile
WriteConsoleA
InitializeCriticalSection

oleaut32

SysFreeString

Exports

Exports

<
MC_Add
MC_Clear
MC_Combine
MC_DelById
MC_DelViceFile
MC_GetByIndex
MC_GetMainFilename
MC_GetViceFilename
MC_Load
MC_Save
MC_SetMainFilename
MC_SetViceFilename
MC_Size

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QEX.dll
.dll windows:5 windows x64 arch:x64

72c9f820894ace37d1495a96ffac5174

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:2e:b5:b1:41:64:98:7c:f9:5a:84:00:ad:a8:64:d7:25:55:50:ed:0d:cd:5a:8e:a2:bc:a0:48:10:b3:11:f5
Signer

Actual PE Digest

0e:2e:b5:b1:41:64:98:7c:f9:5a:84:00:ad:a8:64:d7:25:55:50:ed:0d:cd:5a:8e:a2:bc:a0:48:10:b3:11:f5

Digest Algorithm

sha256

PE Digest Matches

true

82:bd:d9:aa:b1:4c:82:e3:31:89:92:55:00:e1:2d:d0:40:61:f8:44
Signer

Actual PE Digest

82:bd:d9:aa:b1:4c:82:e3:31:89:92:55:00:e1:2d:d0:40:61:f8:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\128845\out\Release\qex.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
GetCurrentProcessId
DeviceIoControl
CloseHandle
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
CreateFileW
WriteFile
CreateDirectoryW
GetFileAttributesW
MultiByteToWideChar
lstrcmpW
WideCharToMultiByte
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
lstrcmpiA
GetCurrentThreadId
GetFileSize
ReadFile
SetFilePointer
GetModuleFileNameA
GetEnvironmentVariableW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
GetTickCount
GetLastError
GetFileType
SetFileTime
SetFileAttributesW
GetFullPathNameW
Sleep
OutputDebugStringW
CreateThread
CreateMutexW
ReleaseMutex
SetLastError
FindClose
GetFileSizeEx
SetEndOfFile
FileTimeToSystemTime
GetStdHandle
LoadLibraryExW
GetCurrentProcess
HeapAlloc
HeapFree
lstrlenA
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
LocalFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
lstrcmpA
FormatMessageW
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
ReadConsoleW
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
HeapSize
SetFilePointerEx
lstrlenW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
EncodePointer
DecodePointer
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
HeapReAlloc
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ExitThread
GetCommandLineA
InitializeCriticalSectionAndSpinCount
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW

user32

CharLowerW
CharUpperW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyW
RegCloseKey

oleaut32

VariantClear
VariantCopy
SysAllocString
VariantInit

shlwapi

StrStrIA
StrToIntA
PathFileExistsW
StrStrIW
StrCmpNIW
StrStrNIW
SHGetValueW
StrCmpNW
StrStrW
StrCmpNA
StrCmpNIA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

inet_addr

Exports

Exports

CreateInstance
QEXCreateInstance

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 574KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QTQuart64.dll
.dll windows:5 windows x64 arch:x64

341a3015a07b21b01968a60a5af1bcbe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:c2:da:a6:87:14:60:7d:c9:0c:de:13:6e:1c:3f:34:61:db:98:17:39:51:13:94:d1:d0:c9:86:9a:78:ce:d6
Signer

Actual PE Digest

31:c2:da:a6:87:14:60:7d:c9:0c:de:13:6e:1c:3f:34:61:db:98:17:39:51:13:94:d1:d0:c9:86:9a:78:ce:d6

Digest Algorithm

sha256

PE Digest Matches

true

a9:38:86:a0:63:e6:ce:6b:1f:29:9e:8a:06:33:fc:a0:5d:f1:ef:ff
Signer

Actual PE Digest

a9:38:86:a0:63:e6:ce:6b:1f:29:9e:8a:06:33:fc:a0:5d:f1:ef:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\104086\out\Release\QTQuart64.pdb

Imports

kernel32

GetFullPathNameW
GetShortPathNameW
FileTimeToLocalFileTime
CompareStringA
LoadLibraryExW
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
SetThreadPriority
SetEvent
CreateEventW
GlobalAddAtomW
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
LocalFileTimeToFileTime
GetFileSizeEx
GetFileTime
GetCurrentDirectoryW
GlobalFlags
GetVersionExA
GlobalFindAtomW
FreeResource
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapSize
HeapQueryInformation
HeapSetInformation
GetVolumeInformationW
HeapDestroy
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCurrentDirectoryA
SetCurrentDirectoryA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetFullPathNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
DuplicateHandle
DeleteAtom
FindAtomW
AddAtomW
GetSystemTime
OutputDebugStringW
SetFilePointerEx
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
GetProcessHeap
HeapFree
lstrlenA
OutputDebugStringA
GetLocalTime
GetTempFileNameW
SetFileTime
SetEndOfFile
GetSystemWindowsDirectoryW
SetLastError
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
GetTimeZoneInformation
GetPrivateProfileSectionW
MoveFileExW
MoveFileW
TerminateProcess
CreateMutexW
SetFileAttributesW
RemoveDirectoryW
GetACP
lstrcmpW
GetModuleFileNameW
GetTempPathW
GetLongPathNameW
ExpandEnvironmentStringsW
GetFileAttributesExW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
DeleteFileW
TlsGetValue
TlsSetValue
GetCommandLineW
CopyFileW
CreateDirectoryW
FindNextFileW
GetPrivateProfileIntW
WriteFile
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
ReadProcessMemory
AreFileApisANSI
WideCharToMultiByte
QueryDosDeviceW
GetDriveTypeW
GetDiskFreeSpaceExW
GetPrivateProfileStringW
WritePrivateProfileSectionW
WritePrivateProfileStringW
OpenProcess
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToFileTime
GlobalMemoryStatus
ResumeThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
Thread32Next
FindFirstFileW
FindClose
GetTickCount
GetCurrentProcessId
ProcessIdToSessionId
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
CreateMutexA
ReleaseMutex
FreeLibrary
SizeofResource
TlsFree
GetFileSize
ReadFile
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetLogicalDriveStringsW
lstrlenW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
LoadLibraryW
MultiByteToWideChar
CreateFileA
GetLastError
GetDriveTypeA
QueryDosDeviceA
Sleep
CreateFileW
DeviceIoControl
CloseHandle
FindResourceW
LoadResource
LockResource
HeapCreate

user32

AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDesktopWindow
GetWindow
GetDlgCtrlID
GetClassNameW
PtInRect
SetWindowTextW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
DeleteMenu
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
RegisterClassW
IsWindowEnabled
EnableWindow
GetPropW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
WaitForInputIdle
WindowFromPoint
GetSystemMetrics
GetClientRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
CharUpperW
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
SendMessageW
EnumThreadWindows
CharLowerBuffW
ShowWindow
FindWindowW
SendMessageTimeoutW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
UpdateWindow
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
SetFocus
IsWindow
GetLastActivePopup
RemovePropW
SystemParametersInfoW
SetWindowPos
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
GetWindowRect
SetCapture
LockWindowUpdate
GetDCEx
UnionRect
GetSystemMenu
SetParent
IsRectEmpty
MapVirtualKeyW
GetKeyNameTextW
KillTimer
SetTimer
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuW
GetMenuBarInfo
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
GetDialogBaseUnits
InvalidateRect
SetRectEmpty
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
DestroyMenu
GetMenuItemInfoW
InflateRect
DestroyIcon
ScrollWindowEx
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassLongPtrW
MessageBoxW
SetPropW

gdi32

CreateRectRgn
SelectClipPath
GetObjectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
SetArcDirection
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
GetClipRgn
GetDCOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsW
GetBkColor
SelectClipRgn
DeleteObject
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
CreateHatchBrush
SetColorAdjustment
DeleteDC
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegSetValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegDeleteValueW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteW
SHChangeNotify
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
ShellExecuteExW

shlwapi

SHDeleteValueW
StrCmpNW
SHDeleteKeyW
StrStrIW
PathAppendW
SHGetValueW
StrCmpNIW
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
SHSetValueW
PathRemoveExtensionW

ole32

ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
CreateBindCtx
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
StringFromGUID2
CLSIDFromString
CoInitializeEx

oleaut32

SysAllocStringLen
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
VariantClear
GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
SystemTimeToVariantTime

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
CM_Request_Device_EjectW
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

Exports

Exports

QT_AddRecord
QT_CloseFindItemHandle
QT_CreateFind
QT_FindNextItem
QT_FindNextItemForCount
QT_GetItemCount
QT_GetQuartFileInfo
QT_QuartFile
QT_QuartFile_New
QT_QuartFile_New2
QT_RemoveAllItems
QT_RemoveItem
QT_RestoreFile
QT_Section_Close
QT_Section_Open

Sections

.text
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/AdPopWnd.dll
.dll windows:5 windows x64 arch:x64

998400e7066196172633b20bc7b83176

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:42:73:d7:64:19:14:43:33:b9:9f:4b:15:d6:a3:17:86:39:c7:0e:1d:96:7b:7f:3f:2b:64:c6:49:0b:40:f8
Signer

Actual PE Digest

de:42:73:d7:64:19:14:43:33:b9:9f:4b:15:d6:a3:17:86:39:c7:0e:1d:96:7b:7f:3f:2b:64:c6:49:0b:40:f8

Digest Algorithm

sha256

PE Digest Matches

true

7b:92:d6:34:f5:ce:8c:43:0e:b1:90:25:57:5c:1d:fc:62:7c:e3:62
Signer

Actual PE Digest

7b:92:d6:34:f5:ce:8c:43:0e:b1:90:25:57:5c:1d:fc:62:7c:e3:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\107706\out\Release\AdPopWnd.pdb

Imports

kernel32

GlobalAddAtomW
GetCurrentThreadId
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetAtomNameW
lstrcmpA
LocalFileTimeToFileTime
GlobalFlags
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
ExitThread
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
FlsSetValue
GetCommandLineA
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapSize
HeapQueryInformation
ExitProcess
EncodePointer
GlobalFindAtomW
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetProcessHeap
GlobalDeleteAtom
GetVersionExA
DeleteAtom
FindAtomW
AddAtomW
SetFilePointerEx
FlushFileBuffers
FormatMessageW
LocalFree
GetFileSizeEx
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
GetCurrentThread
SetErrorMode
DeviceIoControl
ExpandEnvironmentStringsW
lstrlenW
TerminateProcess
CreateMutexW
ReadProcessMemory
CreateProcessW
ResumeThread
OpenThread
GetCurrentProcessId
GetACP
QueryDosDeviceW
GetLogicalDriveStringsW
lstrcmpW
GetCurrentProcess
GetModuleHandleA
ReleaseMutex
MoveFileExW
TlsAlloc
SetLastError
TlsGetValue
TlsSetValue
TlsFree
GetLocalTime
SystemTimeToFileTime
GetSystemTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FindNextFileW
MulDiv
LoadLibraryA
Sleep
CreateThread
CreateEventW
WaitForSingleObject
FindClose
FindFirstFileW
GetSystemDirectoryW
GetModuleHandleW
GetVersion
SetEvent
GetTickCount
GetPrivateProfileSectionW
GetFileSize
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetLastError
GetLongPathNameW
SetFileAttributesW
GetTempPathW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
OpenProcess
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcAddress
LoadLibraryW
WideCharToMultiByte
FreeLibrary
CreateDirectoryW
DeleteFileW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetModuleFileNameW
OutputDebugStringW
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
SetFilePointer
CloseHandle
ReadFile
DecodePointer
CreateFileW

user32

SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
IsWindowEnabled
LoadCursorW
GetSysColorBrush
UnregisterClassW
ValidateRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
SetWindowTextW
GetMessagePos
GetKeyState
SetMenu
GetDesktopWindow
FindWindowW
SendMessageTimeoutW
GetSystemMetrics
EnableWindow
GetClientRect
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DefWindowProcW
DispatchMessageW
TranslateMessage
DestroyMenu
PostQuitMessage
GetMessageTime
WindowFromPoint
GetWindowTextW
GetWindowThreadProcessId
GetClassNameW
GetWindow
MapWindowPoints
GetWindowRect
SystemParametersInfoW
SendMessageW
GetMenuInfo
GetWindowLongW
GetCursorPos
IsWindowVisible
PeekMessageW
DestroyWindow
SetParent
CreateWindowExW
RegisterClassExW
EnumDisplaySettingsW
GetMonitorInfoW
MonitorFromPoint
mouse_event
MoveWindow
SetWindowPos
ShowWindow
SetForegroundWindow
GetWindowDC
IsWindow
ReleaseDC
GetDC
ClientToScreen
EqualRect
ChildWindowFromPoint
PtInRect
GetParent
PostMessageW

gdi32

GetStockObject
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
SetBrushOrgEx
SetDIBColorTable
StretchBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC
GetDeviceCaps
GetDIBits
PtVisible
SetStretchBltMode
GetObjectW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyExW
OpenThreadToken
RegQueryValueExA
LookupPrivilegeValueW
RegQueryInfoKeyW
AdjustTokenPrivileges
OpenProcessToken
RegEnumValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ord165

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
StrCmpNIW
StrStrIW
PathAppendW
StrCmpIW
PathFileExistsW
PathRemoveBackslashW
PathFindFileNameW
PathFindExtensionW
SHGetValueW

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit

setupapi

SetupIterateCabinetW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdiplusShutdown
GdiplusStartup
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette

Exports

Exports

QueryInterface

Sections

.text
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/AntiDel.dll
.dll windows:5 windows x64 arch:x64

271d724543087a8708db20361c168010

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:35:08:ed:d5:82:64:f7:9c:6d:98:36:d1:c9:aa:7d:5e:7d:62:78
Signer

Actual PE Digest

b7:35:08:ed:d5:82:64:f7:9c:6d:98:36:d1:c9:aa:7d:5e:7d:62:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\37032\out\Release\AntiDel64.pdb

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
RegNotifyChangeKeyValue
SetEntriesInAclW

kernel32

SystemTimeToFileTime
MapViewOfFile
GetLastError
CreateFileMappingW
OpenFileMappingW
QueryPerformanceCounter
WritePrivateProfileSectionW
SetFileAttributesW
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateMutexW
ReleaseMutex
CreateMutexA
OpenMutexA
ProcessIdToSessionId
SetEvent
MoveFileExW
DeleteFileW
WaitForSingleObject
GetWindowsDirectoryW
WaitForMultipleObjects
CreateEventW
GetProcAddress
GetModuleHandleW
ReadFile
MultiByteToWideChar
TlsFree
FreeLibrary
GetCurrentProcess
LoadLibraryA
GetCurrentProcessId
GetTickCount
CreateToolhelp32Snapshot
ResumeThread
WideCharToMultiByte
Module32NextW
Module32FirstW
CloseHandle
Process32FirstW
WriteFile
Sleep
FileTimeToSystemTime
GetACP
TerminateProcess
SetFilePointer
SetNamedPipeHandleState
CreateFileA
TerminateThread
GetExitCodeThread
ReleaseSemaphore
SetThreadPriority
ReadFileEx
OutputDebugStringA
WaitForSingleObjectEx
CreateSemaphoreW
ResetEvent
ConnectNamedPipe
CreateNamedPipeA
GetOverlappedResult
DisconnectNamedPipe
IsBadReadPtr
LocalAlloc
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FindAtomW
AddAtomW
GetAtomNameW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapSetInformation
UnmapViewOfFile
GetFileAttributesExW
GetPrivateProfileSectionW
Process32NextW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
ExitProcess
DeleteAtom

user32

PostMessageW

shlwapi

PathAppendW
SHGetValueW
PathFindExtensionW
PathIsDirectoryW
SHSetValueW
PathCombineW
PathFileExistsW
StrCmpIW
StrCmpNIW

Exports

Exports

?StartListen2@Communicator@@YAPEAXPEBD@Z
?StartListen3@Communicator@@YAPEAXPEBDI@Z
?StartListen@Communicator@@YAHPEBD@Z
?StopListen2@Communicator@@YAXPEAX@Z
?StopListen@Communicator@@YAHXZ
CreateConfig
CreateException
QueryInterface

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/BlackDns.dll
.dll windows:5 windows x64 arch:x64

f37ea8745af287b9a54b78ed328bc4c4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:e6:e4:93:07:4e:08:57:c6:f4:d1:73:3c:02:a4:86:3f:91:cc:27
Signer

Actual PE Digest

c9:e6:e4:93:07:4e:08:57:c6:f4:d1:73:3c:02:a4:86:3f:91:cc:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\SDPlugin\BlackDns.pdb

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
DeviceIoControl
GetCurrentProcessId
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
LockResource
LeaveCriticalSection
CreateEventW
WaitForSingleObject
SetEvent
SizeofResource
GetModuleFileNameW
SetFilePointer
ReadFile
CloseHandle
TlsFree
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
EnterCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetLastError
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
TlsSetValue
CreateFileW

advapi32

RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

oleaut32

VariantClear
VariantInit

shlwapi

PathFileExistsW

Exports

Exports

QueryInterface

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/BundSoft.dll
.dll windows:5 windows x64 arch:x64

f317a48c4263875cb83792d7a327e065

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:c7:a8:af:a9:77:0a:71:01:6d:84:32:80:56:27:fb:13:6b:2f:26
Signer

Actual PE Digest

f4:c7:a8:af:a9:77:0a:71:01:6d:84:32:80:56:27:fb:13:6b:2f:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\build\x64\SDPlugin\BundSoft.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
SetFilePointer
lstrlenW
TerminateProcess
SystemTimeToFileTime
CreateMutexW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
OpenThread
GetACP
MultiByteToWideChar
LoadLibraryA
lstrcmpW
GetCurrentProcess
GetLastError
ReleaseMutex
Sleep
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
LocalAlloc
TlsAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
GetAtomNameW
lstrcmpA
lstrlenA
GlobalFlags
FlushFileBuffers
LocalFileTimeToFileTime
GetFileSizeEx
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
HeapReAlloc
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapSize
HeapQueryInformation
ExitProcess
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetFilePointerEx
OutputDebugStringW
GetSystemTime
GetProcessHeap
AddAtomW
FindAtomW
DeleteAtom
TlsSetValue
TlsGetValue
TlsFree
GetTickCount
GetCurrentProcessId
WideCharToMultiByte
WriteFile
CloseHandle
ReadFile
CreateFileW
LoadLibraryW
GetModuleHandleW
GetVersion
GetVersionExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
FreeLibrary

user32

DestroyMenu
ClientToScreen
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
PostQuitMessage
ValidateRect
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetDlgItem
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
GetClientRect
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
GetDlgCtrlID
SendMessageW
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetForegroundWindow
GetSystemMetrics
SetWindowTextW
SetWindowPos
GetWindowRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
IsWindowEnabled
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
UnregisterClassW
GetTopWindow
GetMenu

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExA

shell32

ShellExecuteExW

oleaut32

VariantClear
VariantChangeType
VariantInit

shlwapi

PathFileExistsW
SHGetValueW
PathFindFileNameW
PathFindExtensionW

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

RectVisible
PtVisible
TextOutW
GetStockObject
SetMapMode
RestoreDC
DeleteDC
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
ExtTextOutW
DeleteObject
SaveDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
Escape

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Exports

Exports

QueryInterface

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/DisStartup.dll
.dll windows:5 windows x64 arch:x64

98faef9c3c3d0340824de4c4e1cae367

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a4:b0:e2:8f:9b:c9:57:41:3b:0c:51:94:ab:83:78:85:cf:3c:b6
Signer

Actual PE Digest

20:a4:b0:e2:8f:9b:c9:57:41:3b:0c:51:94:ab:83:78:85:cf:3c:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\building\360project\360sd\branches\beta\build\x64\SDPlugin\DisStartup.pdb

Imports

kernel32

GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
WriteFile
FlushFileBuffers
GetCurrentProcess
GetLocaleInfoW
LocalFileTimeToFileTime
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
FlsSetValue
GetCommandLineA
HeapAlloc
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
HeapSize
HeapQueryInformation
Sleep
ExitProcess
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetFilePointerEx
OutputDebugStringW
GetSystemTime
CreateMutexW
GetProcessHeap
OpenThread
AddAtomW
ReleaseMutex
FindAtomW
DeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
SystemTimeToFileTime
lstrlenA
lstrcmpA
GetAtomNameW
SetErrorMode
WaitForSingleObject
GetCurrentThreadId
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
DeviceIoControl
SetFilePointer
ReadFile
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileW
GetPrivateProfileStringW
ResetEvent
CreateEventW
GetProcessId
TerminateProcess
WaitForMultipleObjects
CreateProcessW
SetEvent
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
IsDebuggerPresent
ExpandEnvironmentStringsW

user32

DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassNameW
GetClassLongPtrW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
GetWindowThreadProcessId
GetWindowLongW
GetParent
GetLastActivePopup
RegisterClassExW
CreateWindowExW
SetPropW
PostMessageW
IsWindowEnabled
EnableWindow
MessageBoxW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
PostQuitMessage
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetPropW
DefWindowProcW
DestroyWindow
DestroyMenu
GrayStringW
GetSubMenu
SendMessageW
GetKeyState
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount

advapi32

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shlwapi

PathFindFileNameW
PathFileExistsW
SHGetValueW
PathFindExtensionW
PathRemoveFileSpecW
PathAppendW

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

GetStockObject
CreateBitmap
GetClipBox
SetTextColor
DeleteObject
SaveDC
DeleteDC
SelectObject
SetMapMode
SetBkColor
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
RestoreDC
GetDeviceCaps
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetViewportOrgEx

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

QueryInterface

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/DiskErr.dll
.dll windows:5 windows x64 arch:x64

ff48b3a719652643cefbfc423a5cbc56

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:1f:67:89:60:db:77:a0:3c:2f:db:31:cf:a6:91:f0:36:75:3d:36
Signer

Actual PE Digest

69:1f:67:89:60:db:77:a0:3c:2f:db:31:cf:a6:91:f0:36:75:3d:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\SDPlugin\DiskErr.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
SetFilePointer
lstrlenW
TerminateProcess
SystemTimeToFileTime
CreateMutexW
WaitForSingleObject
OpenThread
GetACP
MultiByteToWideChar
LoadLibraryA
lstrcmpW
GetCurrentProcess
ReleaseMutex
GetCurrentProcessId
WideCharToMultiByte
GlobalUnlock
GlobalLock
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetAtomNameW
lstrcmpA
lstrlenA
GlobalFlags
GlobalAddAtomW
FlushFileBuffers
GetCurrentThreadId
GlobalDeleteAtom
LocalFileTimeToFileTime
GetFileSizeEx
GetVersionExA
GlobalFindAtomW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapFree
FlsSetValue
GetCommandLineA
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
HeapQueryInformation
HeapSize
ExitProcess
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetFilePointerEx
OutputDebugStringW
GetSystemTime
GetProcessHeap
AddAtomW
FindAtomW
DeleteAtom
WriteFile
CloseHandle
ReadFile
CreateFileW
GetModuleHandleW
LocalFree
FormatMessageW
LoadLibraryExW
ExpandEnvironmentStringsW
GlobalFree
IsBadReadPtr
GlobalAlloc
GetLastError
GetTickCount
MoveFileW
GetFileAttributesExW
GetFileAttributesW
Sleep
TlsSetValue
TlsGetValue
TlsFree
FreeLibrary
TlsAlloc
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetWindowsDirectoryW
LoadLibraryW
GetProcAddress

user32

GetCapture
WinHelpW
LoadIconW
RegisterWindowMessageW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
DestroyMenu
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
IsIconic
PostMessageW
GetClassLongPtrW
GetDlgItem
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetClassNameW
PtInRect
SetWindowTextW
GetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxW
UnhookWindowsHookEx
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfW
SetForegroundWindow
GetSystemMetrics
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowPos
GetWindowRect
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
IsWindow
RegisterClassW
EnableWindow

advapi32

CloseEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
OpenEventLogW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExA

oleaut32

VariantClear
VariantChangeType
VariantInit

shlwapi

PathFileExistsW

gdi32

GetDeviceCaps
TextOutW
RectVisible
PtVisible
SetMapMode
GetStockObject
DeleteDC
ScaleWindowExtEx
DeleteObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

Exports

Exports

QueryInterface

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/QMachine.dll
.dll windows:5 windows x64 arch:x64

8583a002fecb0ad4681db2e3646b5128

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:aa:e7:79:e1:1d:2a:d2:25:ad:1b:37:a6:1b:88:a2:fc:cd:37:75
Signer

Actual PE Digest

26:aa:e7:79:e1:1d:2a:d2:25:ad:1b:37:a6:1b:88:a2:fc:cd:37:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\SDPlugin\QMachine.pdb

Imports

kernel32

WideCharToMultiByte
GetCurrentProcessId
GetTickCount
FreeLibrary
TlsFree
TlsGetValue
TlsSetValue
Sleep
ReleaseMutex
GetLastError
GetCurrentProcess
LoadLibraryA
MultiByteToWideChar
GetACP
OpenThread
WaitForSingleObject
CreateProcessW
CreateMutexW
SystemTimeToFileTime
TerminateProcess
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
SetFilePointer
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
DeleteAtom
FindAtomW
AddAtomW
GetSystemTime
LocalFree
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
WriteFile
CloseHandle
ReadFile
CreateFileW
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
LCMapStringW
FlsAlloc
SetLastError
FlsFree
FlsGetValue
TlsAlloc
DecodePointer
GetAtomNameW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
GetOEMCP
IsValidCodePage
EncodePointer

user32

IsWindowVisible
LoadStringW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
PostQuitMessage

advapi32

RegQueryValueExA
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shlwapi

PathFileExistsW

Exports

Exports

QueryInterface

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/SyncTime.dll
.dll windows:5 windows x64 arch:x64

295e0583fe55b18351d60ace30bb2648

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:00:86:92:91:b2:d3:21:9d:9b:55:f8:75:44:8b:c2:59:ed:b5:5b
Signer

Actual PE Digest

9f:00:86:92:91:b2:d3:21:9d:9b:55:f8:75:44:8b:c2:59:ed:b5:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\build\x64\SDPlugin\SyncTime.pdb

Imports

ws2_32

WSAGetLastError
WSALookupServiceEnd
WSANSPIoctl
WSACleanup
htons
WSALookupServiceBeginW
closesocket
ntohl
recvfrom
sendto
inet_addr
socket
gethostbyname
WSAStartup

kernel32

ExitThread
GetProcAddress
GetModuleHandleW
LoadLibraryW
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
GetSystemTime
SetSystemTime
SetEvent
GetPrivateProfileSectionNamesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
SetFilePointer
lstrlenW
TerminateProcess
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToFileTime
CreateMutexW
SizeofResource
LockResource
LoadResource
FindResourceW
CreateFileW
WaitForSingleObject
ResumeThread
OpenThread
GetACP
MultiByteToWideChar
AreFileApisANSI
LoadLibraryA
ReadFile
CloseHandle
WriteFile
GetPrivateProfileStringW
WritePrivateProfileStringW
FindFirstFileW
lstrcmpW
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
LocalAlloc
TlsAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
GetAtomNameW
lstrcmpA
lstrlenA
GlobalFlags
GetLocaleInfoW
FlushFileBuffers
LocalFileTimeToFileTime
GetFileSizeEx
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetUserDefaultLCID
CreateThread
HeapReAlloc
FlsSetValue
GetCommandLineA
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapSize
HeapQueryInformation
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringW
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
FindNextFileW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetFilePointerEx
OutputDebugStringW
GetProcessHeap
AddAtomW
FindAtomW
DeleteAtom
GetCurrentProcess
GetLastError
ReleaseMutex
Sleep
TlsSetValue
TlsGetValue
TlsFree
FreeLibrary
GetPrivateProfileSectionW
GetTickCount
GetCurrentProcessId
WideCharToMultiByte
FindClose

user32

GetWindowThreadProcessId
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetWindowTextW
DestroyMenu
ClientToScreen
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
PostQuitMessage
GetWindowTextW
GetForegroundWindow
IsWindowEnabled
DispatchMessageW
GetCapture
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
GetClientRect
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
GetDlgCtrlID
SendMessageW
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
GetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
UnregisterClassW
ValidateRect
RegisterWindowMessageW
LoadIconW
WinHelpW
GetLastActivePopup
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetWindowRect
SetWindowPos
GetFocus
IsWindow
GetSystemMetrics
SetForegroundWindow

advapi32

RegQueryValueExA
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

oleaut32

VariantClear
VariantChangeType
VariantInit

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathAppendW

gdi32

PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

Exports

Exports

EasyFixTime
GetQihooTime
IsAutoFix
IsLocalTimeRight
IsLocalTimeRight_Net
QueryInterface

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/SysDump.dll
.dll windows:5 windows x64 arch:x64

5ec0773aa75c08c3d438672a53e1ced3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:5f:ef:da:dc:4b:8a:1c:4e:90:8e:a7:81:b9:5a:0f:95:fd:dc:cd
Signer

Actual PE Digest

f4:5f:ef:da:dc:4b:8a:1c:4e:90:8e:a7:81:b9:5a:0f:95:fd:dc:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\SDPlugin\SysDump.pdb

Imports

kernel32

GetCurrentProcess
LocalFileTimeToFileTime
GetFileSizeEx
HeapAlloc
HeapFree
FlsSetValue
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetFilePointerEx
OutputDebugStringW
GetSystemTime
CreateMutexW
GetProcessHeap
OpenThread
AddAtomW
ReleaseMutex
FindAtomW
DeleteAtom
FlushFileBuffers
WriteFile
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
SystemTimeToFileTime
lstrlenA
lstrcmpA
GetAtomNameW
SetErrorMode
WaitForSingleObject
GetCurrentThreadId
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetCurrentProcessId
DeviceIoControl
SetFilePointer
ReadFile
CreateFileW
CreateProcessW
CloseHandle
ExpandEnvironmentStringsW
GetWindowsDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
ExitProcess
SetLastError

advapi32

RegEnumKeyExW
RegQueryValueExA
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

user32

TabbedTextOutW
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
PostQuitMessage
DestroyMenu
GetWindowThreadProcessId
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GrayStringW
DrawTextExW
DrawTextW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
PeekMessageW
GetKeyState
SendMessageW
GetSysColor
GetSysColorBrush
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
AdjustWindowRectEx

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
SaveDC
RectVisible
RestoreDC
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
GetDeviceCaps
PtVisible
SetMapMode
TextOutW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

QueryInterface

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/VolSpace.dll
.dll windows:5 windows x64 arch:x64

b12a6018a7e629f77677c7d700adfc90

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:93:0f:6c:5b:7e:74:56:9c:c2:0d:72:ba:33:4b:dd:9e:1b:b4:83
Signer

Actual PE Digest

41:93:0f:6c:5b:7e:74:56:9c:c2:0d:72:ba:33:4b:dd:9e:1b:b4:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\build\x64\SDPlugin\VolSpace.pdb

Imports

kernel32

CreateFileW
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
WriteFile
ReadFile
GetModuleHandleW
GetTickCount
TlsFree
TlsGetValue
TlsSetValue
Sleep
ReleaseMutex
GetLastError
GetCurrentProcess
LoadLibraryA
GetACP
GetCurrentProcessId
OpenThread
CreateMutexW
SystemTimeToFileTime
Process32NextW
SetFilePointer
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
GetProcessTimes
OpenProcess
DeleteAtom
FindAtomW
AddAtomW
GetAtomNameW
GetSystemTime
LocalFree
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
Process32FirstW
GetProcessId
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
TerminateProcess
WaitForSingleObject
CreateProcessW
SetEvent
ResetEvent
CreateEventW
CloseHandle
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
GetConsoleMode
GetConsoleCP
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
SizeofResource
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW

user32

TranslateMessage
PeekMessageW
DispatchMessageW
DestroyWindow
PostMessageW
SetPropW
CreateWindowExW
RegisterClassExW
MsgWaitForMultipleObjects
DefWindowProcW
GetPropW

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

shlwapi

PathFileExistsW

Exports

Exports

QueryInterface

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDVersion.dll
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:3b:c3:87:13:58:33:ee:4b:5d:6c:00:07:85:f8:8d:0e:8e:35:4d:c4:6f:b1:56:e0:33:ca:66:63:95:17:5c
Signer

Actual PE Digest

7f:3b:c3:87:13:58:33:ee:4b:5d:6c:00:07:85:f8:8d:0e:8e:35:4d:c4:6f:b1:56:e0:33:ca:66:63:95:17:5c

Digest Algorithm

sha256

PE Digest Matches

true

69:e9:b7:30:11:6e:de:78:3a:e5:ea:8d:30:4d:af:52:bb:6b:ab:3c
Signer

Actual PE Digest

69:e9:b7:30:11:6e:de:78:3a:e5:ea:8d:30:4d:af:52:bb:6b:ab:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\127865\out\Release\SDVersion64.pdb

Sections

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ShellIco.dll
.dll regsvr32 windows:5 windows x64 arch:x64

a19704bc91d9b2f27a6c623a15612deb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:15:c4:c6:5d:b1:ab:6c:23:f0:5e:a5:33:cc:55:23:a8:6c:5a:27
Signer

Actual PE Digest

ac:15:c4:c6:5d:b1:ab:6c:23:f0:5e:a5:33:cc:55:23:a8:6c:5a:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileSectionW
UnmapViewOfFile
FileTimeToSystemTime
SystemTimeToFileTime
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
QueryPerformanceCounter
WritePrivateProfileSectionW
SetFileAttributesW
LoadLibraryW
GetWindowsDirectoryW
ReadFile
TlsFree
ReleaseMutex
GetCurrentProcess
LoadLibraryA
OpenProcess
WideCharToMultiByte
WriteFile
Sleep
GetACP
WaitForSingleObject
CreateMutexW
TerminateProcess
DeleteAtom
LoadLibraryExW
AddAtomW
GetAtomNameW
GetProcessHeap
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetCurrentProcessId
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
lstrcmpiW
RaiseException
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetFileAttributesExW
LeaveCriticalSection
EnterCriticalSection
OpenMutexW
CloseHandle
GetLastError
GetPrivateProfileIntW
WriteConsoleA
GetModuleFileNameW
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
FlsAlloc
SetLastError
FlsFree
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
FindAtomW
FindResourceW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage

user32

CharNextW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoInitialize

oleaut32

VarUI4FromStr
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

shlwapi

SHGetValueW
PathAppendW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SiteUIProxy64.dll
.dll windows:5 windows x64 arch:x64

85dc94e0b4d11e6b444aee271b35d683

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:47:e3:1e:8c:f1:3c:db:6c:48:1c:15:9b:1f:d7:45:b9:9a:4d:48
Signer

Actual PE Digest

91:47:e3:1e:8c:f1:3c:db:6c:48:1c:15:9b:1f:d7:45:b9:9a:4d:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\build\SiteUIProxy\Release\SiteUIProxy64.pdb

Imports

kernel32

SetCurrentDirectoryW
GetLongPathNameW
GetFileSizeEx
MulDiv
GetVersionExW
DeleteFileW
GetTempFileNameW
GetTempPathW
SetFilePointerEx
SetEndOfFile
MultiByteToWideChar
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetLocaleInfoA
FlushInstructionCache
GetStringTypeA
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringW
HeapSize
GetModuleFileNameA
GetModuleFileNameW
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetCurrentProcess
SetLastError
lstrlenA
OutputDebugStringW
DebugBreak
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
DeviceIoControl
EnterCriticalSection
GetProcAddress
GetLastError
RaiseException
GetStringTypeW
lstrlenW
LeaveCriticalSection
SizeofResource
LoadLibraryW
InitializeCriticalSection
GetModuleHandleW
LoadLibraryExW
LoadResource
FreeLibrary
GetACP
GetCPInfo
HeapReAlloc
RtlPcToFileHeader
RtlUnwindEx
GetCommandLineA
FlsSetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
WideCharToMultiByte
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
ExitProcess
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
WaitForSingleObject
TlsGetValue
CreateMutexW
GetSystemTime
LocalFree
FormatMessageW
ReadFile
GetStdHandle
FindResourceW
InterlockedPushEntrySList
WriteFile

user32

DefWindowProcW
ReleaseDC
GetDC
GetClientRect
EndPaint
BeginPaint
GetWindowRect
IsWindow
UnregisterClassA
SetWindowPos
RegisterClassExW
CharNextW
CopyRect
CharUpperW
SetCursor
GetCursor
EqualRect
SendMessageW
InvalidateRect
PtInRect
DrawTextW
OffsetRect
DestroyWindow
PostMessageW
MessageBoxW
LoadStringW
DialogBoxParamW
EndDialog
SetWindowTextW
GetActiveWindow
BringWindowToTop
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetParent
MapWindowPoints
SetWindowLongW
GetWindowLongW
RegisterClassW
GetClassInfoW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
CreateWindowExW
LoadCursorW
GetClassInfoExW

gdi32

GetDeviceCaps
CreateFontIndirectW
SetTextColor
SetBkColor
SetBkMode
GetTextExtentPoint32W
SelectObject

advapi32

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExA

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysStringLen
VariantChangeType
DispCallFunc
VariantInit
SysFreeString
SysStringByteLen
VarUI4FromStr
SysAllocStringByteLen
VariantClear
SysAllocString

shlwapi

SHGetValueW
PathFindFileNameW
PathAppendW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathFindExtensionW
SHSetValueW
PathIsRelativeW

Exports

Exports

Get360Customizine
GetChangeSkinManager
GetMiniUICompatible
GetSiteUIProxy

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

shared
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftMgr/BlackCache64.dll
.dll windows:5 windows x64 arch:x64

2c88b73eef21479a3cf78fe6bcd7f351

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e0:f7:76:83:98:a5:b5:bc:36:45:cf:8b:9d:28:c9:89:05:b2:fe
Signer

Actual PE Digest

05:e0:f7:76:83:98:a5:b5:bc:36:45:cf:8b:9d:28:c9:89:05:b2:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\building\360project\Anti-Install\branches\FromTag_20140506_5.0.0.5052\Build\x64\BlackCache64.pdb

Imports

sqlite364

sqlite3_close
sqlite3_finalize
sqlite3_column_text16
sqlite3_column_int
sqlite3_step
sqlite3_prepare16
sqlite3_open16
sqlite3_config

kernel32

GetAtomNameW
TlsSetValue
GetProcessHeap
TlsGetValue
lstrlenW
DebugBreak
OutputDebugStringW
lstrlenA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetLastError
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
LoadLibraryExW
GetFileSizeEx
ReadFile
CloseHandle
GetWindowsDirectoryW
LoadLibraryA
WaitForSingleObject
GetModuleHandleA
GetCurrentProcess
WideCharToMultiByte
GetFileSize
SetFilePointer
DeviceIoControl
GetCurrentProcessId
GetModuleHandleW
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
OpenThread
FindFirstFileW
FindClose
GetSystemDirectoryW
SystemTimeToFileTime
CreateFileA
FlushFileBuffers
WriteConsoleW
AddAtomW
ReleaseMutex
FindAtomW
DeleteAtom
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateMutexW
GetSystemTime
LocalFree
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LocalFileTimeToFileTime
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FormatMessageW
SetFilePointerEx
TlsFree
RaiseException
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

user32

wvsprintfW
CharNextW
LoadStringW

advapi32

RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathFindFileNameW
StrCmpNIW
PathCombineW
StrCpyNW
PathAppendW
StrCmpIW
PathFindExtensionW
PathFileExistsW
StrToIntW
StrTrimW
PathStripToRootW
StrCmpNW
SHGetValueW
StrStrIW

Exports

Exports

CreateCacheObject
FreeCacheObject
GetResouceInfoObject

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftMgr/Module64.dll
.dll windows:5 windows x64 arch:x64

32b9fc56b0cf671bf54021154b9c4050

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

98:d3:78:fd:55:42:23:0a:0d:93:ef:3c:ad:c0:58:8f:f6:a3:73:2a
Signer

Actual PE Digest

98:d3:78:fd:55:42:23:0a:0d:93:ef:3c:ad:c0:58:8f:f6:a3:73:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\Anti-Install\trunk\Build\x64\Module64.pdb

Imports

sqlite364

sqlite3_malloc
sqlite3_last_insert_rowid
sqlite3_prepare16
sqlite3_free
sqlite3_exec
sqlite3_finalize
sqlite3_column_text16
sqlite3_column_int64
sqlite3_column_int
sqlite3_step
sqlite3_prepare
sqlite3_close
sqlite3_open16
sqlite3_config

kernel32

FlushFileBuffers
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetFileAttributesExW
GetLocalTime
CreateFileW
SetFilePointer
WriteFile
MultiByteToWideChar
DeleteFileW
GetLongPathNameW
CloseHandle
WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
Thread32Next
ResumeThread
CopyFileW
SetFileTime
WaitForMultipleObjects
GetPrivateProfileStringW
SearchPathW
GetFileAttributesW
GetFileSize
ReadFile
CreateEventW
GetLastError
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
RaiseException
GetCurrentThreadId
SetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FreeEnvironmentStringsA
GetConsoleMode
GetSystemTimeAsFileTime
LCMapStringA
GetStartupInfoA
GetConsoleCP
GetFileType
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
Sleep
ExitProcess
HeapSetInformation
HeapCreate
SetHandleCount
GetEnvironmentStrings

user32

UnregisterClassA

advapi32

RegOpenKeyExW
RegNotifyChangeKeyValue

oleaut32

SysAllocString

shlwapi

StrCmpIW
PathFileExistsW
PathUnExpandEnvStringsW
PathFindFileNameW

Exports

Exports

CloseUninstallRegNotify
CreateBlockLog
CreateLocalCache
CreateUninstallRegNotify
FillBlockRecord
FillCacheLog
FreeBlockLog
FreeLocalCache
GenExtInfo
GenExtInfoEx
GetSoftsCount
GetSoftsCountEx
GetSoftsCountEx2
HandleBlockRecord
HandleSoftAdd
MatchWatchDirectory
OutputCacheLog
OutputCacheLog2
QueryCreateProcessInfo
QueryLineRule
StartRegNotifyQuery
WaitRegNotifyResult

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftMgr/sqlite364.dll
.dll windows:5 windows x64 arch:x64

2463bf771f5ee24a08ba9c895f0c24f7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:82:60:9e:f7:49:fd:2e:ae:88:84:33:45:f1:1a:4d:48:a0:18:7a
Signer

Actual PE Digest

ce:82:60:9e:f7:49:fd:2e:ae:88:84:33:45:f1:1a:4d:48:a0:18:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\build\x64\sqlite364.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SomProxy64.dll
.dll windows:5 windows x64 arch:x64

6116c8d9cb84bbea2f6114313db19147

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:e8:13:94:3d:59:c8:6f:e5:21:46:c8:54:cd:64:7c:f8:39:9d:fb
Signer

Actual PE Digest

bd:e8:13:94:3d:59:c8:6f:e5:21:46:c8:54:cd:64:7c:f8:39:9d:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

P:\intermoutput\S_capital\Somproxy_1.0.0_capital\Release\SomProxy64.pdb

Imports

kernel32

GetLastError
CloseHandle
OpenProcess
TlsAlloc
TlsFree
FreeLibrary
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesExW
WideCharToMultiByte
GetPrivateProfileStringW
GetSystemDirectoryW
GetStartupInfoW
CreateProcessW
DeviceIoControl
CreateFileW
lstrlenA
MultiByteToWideChar
lstrcmpiW
GetPrivateProfileSectionW
LoadLibraryW
Sleep
FreeResource
LocalFree
ReadFile
GetFileSize
WriteFile
GetSystemTime
LoadLibraryExW
InitializeCriticalSection
RaiseException
DeleteCriticalSection
GetLongPathNameW
LocalAlloc
VirtualAlloc
lstrcpynW
lstrcmpA
CreateRemoteThread
WaitForSingleObject
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetCurrentProcess
CopyFileW
SetFileAttributesW
GetFileAttributesW
GetSystemInfo
GetProcAddress
GetModuleHandleW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FindNextFileW
lstrcpyW
FindFirstFileW
GetFullPathNameW
SetLastError
FindClose
lstrlenW
OutputDebugStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LoadLibraryA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapSetInformation
ExitProcess
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetModuleFileNameA
GetStdHandle
RtlPcToFileHeader
RtlUnwindEx
GetCommandLineA
FlsSetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsBadReadPtr
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentProcessId
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
FormatMessageW
GetCurrentThreadId
CreateMutexW
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
FindAtomW
DeleteAtom

user32

FindWindowExW
IsWindow
SendMessageTimeoutW
FindWindowW
PostMessageW
RegisterWindowMessageW
GetWindowThreadProcessId
CharNextW
GetWindowTextW

advapi32

RegQueryValueExA
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

SHGetValueW
StrCmpNIA
SHDeleteKeyW
StrCpyNW
SHDeleteValueW
StrChrW
PathFindFileNameW
StrChrNIW
StrCmpNIW
StrStrW
StrStrIW
StrCmpIW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
SHSetValueW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetCrackUrlW

netapi32

Netbios

psapi

GetModuleFileNameExW

Exports

Exports

AddSearch
ClearWDHistory
ClearWDHistoryDownloadItem
CreateKeepAlivePLugin
DeleteSearch
EnableUrlCloudSafe
FreeWDHistory
GetDGWndNoPEState
GetDGWndSafeState
GetDmgrTipSwitch
GetIMIDSafeStatus
GetIMWndNoPEState
GetIMWndSafeState
GetSearchBarV2Status
GetSearchProtect
GetSiteCardStatus
GetSuggestApkStatus
GetUserFileSafeInfo
GetWDDownloadFileNum
GetWDHistoryDownloadList
GetWDScanFileNum
HandlerChromePlug
Init360ualive
Install
IsDefaultSoSearch
IsLockSearch
IsLockSoSearch
IsNeedRepairChromePlugin
IsRepairLockDefaultSearch
IsSetHomePage
IsSetHomePageEx
IsSupportSuperBlank
IsUrlCloudSafeEnabled
IsWDSandBoxEnable
OnSetHomePage
PayGuardDisable
PayGuardEnable
PayGuardGetPNum
PayGuardIsEnable
PayGuardIsSupport
PayGuardView
RepairChromePlugin
RichTabEnable
RichTabIsEnable
RichTabIsInitial
RichTabIsSupport
SbbExecute
SbbGetPath
SetDGWndNoPEState
SetDGWndSafeState
SetDmgrTipSwitch
SetHomePage
SetIMIDSafeStatus
SetIMWndNoPEState
SetIMWndSafeState
SetSearchBarV2Status
SetSearchProtect
SetSiteCardStatus
SetSuggestApkStatus
SetWDSandBoxEnable
SiteUserDefImpport
URLIsUsual
UnInstall
WBGuardIsSupport
WDFuncDisable
WDFuncEnable
WDFuncGetPNum
WDFuncIsEnable

Sections

.text
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeedNpe.dll
.dll windows:5 windows x64 arch:x64

011061f144b699faa0c0f44514aebb83

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:90:d1:11:13:83:6d:9a:30:f7:3e:2e:e0:a0:06:f9:7c:6a:6b:b6
Signer

Actual PE Digest

04:90:d1:11:13:83:6d:9a:30:f7:3e:2e:e0:a0:06:f9:7c:6a:6b:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\SpeedNpe.dll.pdb

Imports

kernel32

SetEndOfFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
GetTimeZoneInformation
GetPrivateProfileSectionW
MoveFileExW
MoveFileW
TerminateProcess
CreateMutexW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetACP
lstrcmpW
GetModuleFileNameW
GetTempPathW
GetLongPathNameW
ExpandEnvironmentStringsW
GetCommandLineW
GetFileAttributesExW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
DeleteFileW
TlsGetValue
TlsSetValue
CopyFileW
CreateDirectoryW
Sleep
FindNextFileW
GetPrivateProfileIntW
WriteFile
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
ReadProcessMemory
AreFileApisANSI
WideCharToMultiByte
QueryDosDeviceW
GetLogicalDriveStringsW
MulDiv
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
LocalAlloc
TlsAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetThreadPriority
GetCurrentThreadId
SetEvent
CreateEventW
SetErrorMode
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
lstrcmpA
lstrlenA
GetThreadLocale
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GlobalFlags
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
GetCurrentDirectoryW
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
HeapSize
HeapQueryInformation
ExitProcess
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetFilePointerEx
OutputDebugStringW
GetLocalTime
GetSystemTime
GetProcessHeap
AddAtomW
FindAtomW
DeleteAtom
GetDriveTypeW
GetDiskFreeSpaceExW
lstrlenW
GetPrivateProfileStringW
WritePrivateProfileSectionW
WritePrivateProfileStringW
OpenProcess
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToFileTime
GlobalMemoryStatus
ResumeThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
Thread32Next
FindFirstFileW
FindClose
GetTickCount
GetCurrentProcessId
ProcessIdToSessionId
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
CreateMutexA
GetLastError
ReleaseMutex
FreeLibrary
TlsFree
MultiByteToWideChar
CreateFileW
GetFileSize
ReadFile
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetWindowsDirectoryW
LoadLibraryW
GetVersionExW
GetVersion
GetModuleHandleW
SetLastError
GetProcAddress

user32

ClientToScreen
GetDesktopWindow
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
DestroyIcon
CharUpperW
InflateRect
GetMenuItemInfoW
DestroyMenu
PostQuitMessage
SetRectEmpty
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
SetTimer
KillTimer
GetDialogBaseUnits
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
ScrollWindowEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnregisterClassW
SetWindowsHookExW
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
WaitForInputIdle
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW
SetWindowPos
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
GetWindowRect
SendMessageTimeoutW
FindWindowW
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
ShowWindow
CharLowerBuffW
EnumThreadWindows
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
EqualRect
BeginDeferWindowPos
CallNextHookEx

advapi32

AdjustTokenPrivileges
RegQueryValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
LookupPrivilegeValueW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegQueryValueExA
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyW
RegSetValueW
GetUserNameW

shell32

SHGetFileInfoW
DragFinish
DragQueryFileW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW
ExtractIconW

ole32

ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
CoTaskMemAlloc
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
OleRegGetUserType
CoInitializeEx

oleaut32

SysStringLen
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SysAllocString
SysFreeString
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
VariantInit

shlwapi

SHGetValueW
PathAppendW
StrStrIW
SHSetValueW
StrCmpNW
SHDeleteValueW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
SHDeleteKeyW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
StrCmpNIW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

gdi32

CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
CreateSolidBrush
CreatePen
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetBkColor
ExtTextOutW
PatBlt
ExtCreatePen
GetTextMetricsW
PlayMetaFile
DPtoLP
TextOutW
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
CopyMetaFileW
CreateDCW
CreateBitmap
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectW
DeleteObject
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
EnumMetaFile
GetDeviceCaps

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

comdlg32

GetFileTitleW

Exports

Exports

CreateSpeedNpeHandle

Sections

.text
Size: 802KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WhiteCache.dll
.dll windows:5 windows x64 arch:x64

ed3c220dde4408e987d4dc0191b03aea

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:24:25:c3:72:2a:3e:d5:d7:29:66:bd:4c:a1:0f:f8:4d:29:f5:15
Signer

Actual PE Digest

e8:24:25:c3:72:2a:3e:d5:d7:29:66:bd:4c:a1:0f:f8:4d:29:f5:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GlobalDeleteAtom
GlobalFindAtomW
CompareStringA
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetDriveTypeA
FindFirstFileA
FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
HeapQueryInformation
HeapSize
ExitProcess
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FindClose
GetCurrentProcess
GlobalAddAtomW
GlobalFlags
lstrcmpW
lstrlenA
lstrcmpA
CompareStringW
GetModuleHandleW
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GetModuleFileNameW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
SetLastError
CreateFileW
CreateFileA
GetSystemTimeAsFileTime
GetSystemTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryW
LoadLibraryA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameW
GetFullPathNameA
DeleteFileW
GetFileAttributesW
DeleteFileA
GetFileAttributesA
FormatMessageA
GetTempPathW
GetTempPathA
UnlockFile
LockFileEx
LockFile
GetFileSize
FlushFileBuffers
SetEndOfFile
WriteFile
SetFilePointer
GetLastError
ReadFile
Sleep
AreFileApisANSI
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
WaitForSingleObject
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

DestroyMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
PostQuitMessage
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowPos
IsWindow
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
SetWindowsHookExW
CallNextHookEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongW
SendMessageW
GetWindowThreadProcessId
UnhookWindowsHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush

gdi32

DeleteDC
RectVisible
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
CreateBitmap
GetClipBox
SetTextColor
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
GetDeviceCaps
PtVisible
SetMapMode
RestoreDC
SaveDC
SetBkColor
TextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

CreateCacheObject

Sections

.text
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/360Quarant64.dll
.dll windows:5 windows x64 arch:x64

f6dbbf58b4e21322876358a2a6bc1144

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:60:a4:b8:52:72:5e:ee:a8:17:4a:0b:13:d5:fd:ba:1c:3e:e2:e0:19:48:5a:e0:91:bd:97:b1:1d:dc:23:c1
Signer

Actual PE Digest

3f:60:a4:b8:52:72:5e:ee:a8:17:4a:0b:13:d5:fd:ba:1c:3e:e2:e0:19:48:5a:e0:91:bd:97:b1:1d:dc:23:c1

Digest Algorithm

sha256

PE Digest Matches

true

90:17:24:03:25:5a:f8:5f:d7:ea:ff:d2:14:f2:c8:da:a7:82:a1:ef
Signer

Actual PE Digest

90:17:24:03:25:5a:f8:5f:d7:ea:ff:d2:14:f2:c8:da:a7:82:a1:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\119973\out\Release\360Quarant64.pdb

Imports

kernel32

GetTickCount
GetSystemDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
CreateDirectoryW
RaiseException
GetFileSize
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetDiskFreeSpaceExW
GetVersionExW
SetFilePointer
OutputDebugStringW
GetPrivateProfileStringW
FileTimeToSystemTime
WritePrivateProfileStringW
GetDriveTypeW
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
SetFileTime
GetFileAttributesExW
DeleteFileW
MoveFileExW
SetFilePointerEx
WriteFile
ReadFile
GetFileSizeEx
FindNextFileW
FindFirstFileW
FindClose
GetCurrentProcessId
CloseHandle
DeviceIoControl
CreateFileW
GetModuleHandleW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
GetLocalTime
SetFileAttributesW
GetFileAttributesW
lstrlenA
MultiByteToWideChar
GetLastError
GetSystemWindowsDirectoryW
GetLongPathNameW
WideCharToMultiByte
FindResourceExW
lstrlenW
RemoveDirectoryW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
GetProcAddress
SetLastError
FlushFileBuffers
WriteConsoleW
GetModuleFileNameW
Sleep
GetCurrentThread
FreeLibrary
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
lstrcmpiA
lstrcmpA
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
HeapReAlloc
HeapSize
CreateFileA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
FormatMessageW
GetCurrentThreadId
GetSystemTime
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
ExitProcess
HeapSetInformation
HeapCreate
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
SetThreadToken
ImpersonateSelf
OpenThreadToken
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
FreeSid
ConvertStringSidToSidW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
OpenProcessToken
GetUserNameW
GetAce
GetAclInformation
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
DeleteAce
GetExplicitEntriesFromAclW
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW

ole32

WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
OleLoadFromStream

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VariantChangeType

shlwapi

StrStrIW
StrCmpIW
PathFileExistsW
SHGetValueW
PathFindFileNameW
PathRemoveBackslashW
PathIsDirectoryW
PathAppendW
StrChrW
StrStrW
StrRChrW
SHSetValueA
SHGetValueA
PathRemoveFileSpecW
PathCombineW

version

VerQueryValueW

userenv

UnloadUserProfile

netapi32

Netbios

Exports

Exports

CreateQuarantObject
GetSectionItemCount
Uninstall360SafeQuarant
UninstallQuarantItem

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/360QuarantPlugin64.dll
.dll windows:5 windows x64 arch:x64

4e8104f6a180fe0ab8f8f94f529cc5a7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:01:83:96:d1:94:28:60:96:db:ce:7b:be:1f:c6:05:d3:42:5a:dd
Signer

Actual PE Digest

b3:01:83:96:d1:94:28:60:96:db:ce:7b:be:1f:c6:05:d3:42:5a:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\build\360QuarantPlugin\360QuartPlugin\Release\360QuarantPlugin64.pdb

Imports

kernel32

GetCurrentThread
lstrlenW
lstrlenA
MultiByteToWideChar
GetVersionExW
ReleaseMutex
OutputDebugStringW
WaitForSingleObject
CreateMutexW
WriteFile
ReadFile
GetFileSizeEx
GetTickCount
HeapFree
GetProcessHeap
HeapAlloc
RaiseException
LocalFree
GetCurrentProcess
GetCurrentProcessId
CloseHandle
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
CreateFileW
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetLastError
LoadLibraryW
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
SetLastError
GetModuleFileNameW
Sleep
SetFilePointer
FreeLibrary
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetFileType
SetHandleCount
HeapDestroy
HeapReAlloc
HeapSize
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
FormatMessageW
GetCurrentThreadId
GetSystemTime
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
ExitProcess
HeapSetInformation
HeapCreate
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

RegQueryValueExA
SetThreadToken
ImpersonateSelf
OpenThreadToken
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetUserNameW
GetAce
GetAclInformation
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
DeleteAce
GetExplicitEntriesFromAclW
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
FreeSid
SetEntriesInAclW
ConvertStringSidToSidW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

ole32

WriteClassStm
OleSaveToStream
CoUninitialize
CoCreateInstance
CoInitialize
OleLoadFromStream

oleaut32

VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantChangeType

shlwapi

StrCmpIW
PathFileExistsW
SHGetValueW
StrStrIW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

UnloadUserProfile

Exports

Exports

CreateQuarantObject
CreateQuarantObjectFactory

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/360netcfg64.exe
.exe windows:5 windows x64 arch:x64

5429b5785a236aa620471186ccb0758d

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:c1:ab:94:bb:28:f8:92:93:e4:bc:c3:7b:62:a6:fc:4b:5e:be:8c
Signer

Actual PE Digest

70:c1:ab:94:bb:28:f8:92:93:e4:bc:c3:7b:62:a6:fc:4b:5e:be:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\build\360netcfg\Release\360netcfg64.pdb

Imports

kernel32

LocalFree
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
SetFilePointer
LoadLibraryA
WaitForMultipleObjects
CreateEventW
FlushFileBuffers
WriteConsoleW
Sleep
DeviceIoControl
GetVersionExW
GetCurrentProcessId
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
SetUnhandledExceptionFilter
GetCommandLineW
CreateFileW
GetFileSize
ReadFile
WriteFile
WritePrivateProfileSectionW
MoveFileW
GetModuleFileNameW
DeleteFileW
GetPrivateProfileStringW
FindFirstFileW
CopyFileW
WritePrivateProfileStringW
FindNextFileW
FindClose
SetCurrentDirectoryW
lstrlenA
OutputDebugStringW
DebugBreak
OpenEventW
SetEvent
CloseHandle
GetLastError
lstrlenW
ExitProcess
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
MultiByteToWideChar
GetCurrentThreadId
GetSystemTime
CreateMutexW
TlsGetValue
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue

user32

wvsprintfW
LoadStringW
CharNextW

advapi32

RegSetValueW
RegQueryValueW
RegQueryValueA
RegOpenKeyW
RegOpenKeyA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegSetValueA

shell32

CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

shlwapi

PathCombineW
StrRChrW
StrStrIW
StrCmpIW
PathRemoveFileSpecW
SHDeleteKeyW
SHGetValueW
PathFileExistsW
PathAddBackslashW
PathAppendW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

setupapi

SetupCopyOEMInfW

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
deepscan/BAPI64.DLL
.dll regsvr32 windows:5 windows x64 arch:x64

c39e362306b93ebe9622d91383f9947f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:cb:7d:e6:4c:e4:e1:71:ba:94:ac:3e:6a:10:0c:93:63:f8:4f:ae:49:40:ef:50:bb:aa:b0:0a:04:92:ed:3a
Signer

Actual PE Digest

33:cb:7d:e6:4c:e4:e1:71:ba:94:ac:3e:6a:10:0c:93:63:f8:4f:ae:49:40:ef:50:bb:aa:b0:0a:04:92:ed:3a

Digest Algorithm

sha256

PE Digest Matches

true

ec:76:10:5b:29:22:52:89:2a:0d:83:57:e8:8b:db:5a:36:b5:07:6f
Signer

Actual PE Digest

ec:76:10:5b:29:22:52:89:2a:0d:83:57:e8:8b:db:5a:36:b5:07:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\vmagent_new\bin\joblist\101984\out\Release\BAPI64.pdb

Imports

kernel32

GetModuleHandleA
WaitForSingleObject
GetTickCount
TerminateThread
ExitThread
ReleaseMutex
CreateThread
FreeLibrary
MoveFileExW
OpenProcess
LoadLibraryW
CopyFileW
GetFileAttributesW
DefineDosDeviceW
DeviceIoControl
DeleteFileW
GetCurrentProcessId
SetFileAttributesW
GetCurrentProcess
VirtualFreeEx
VirtualAllocEx
UnlockFile
LockFile
LocalFree
GetShortPathNameW
GetLongPathNameW
GetCurrentDirectoryW
GetLastError
MultiByteToWideChar
GetModuleFileNameW
IsDBCSLeadByte
WideCharToMultiByte
GetSystemDirectoryW
GetSystemWindowsDirectoryW
SetErrorMode
GetEnvironmentVariableW
GetFullPathNameW
TlsFree
GetWindowsDirectoryW
CloseHandle
TlsAlloc
DeleteCriticalSection
RtlCompareMemory
GetProcAddress
SetLastError
RtlMoveMemory
CreateFileW
TlsSetValue
InitializeCriticalSection
GetProcessHeap
GetCurrentThread
GetModuleHandleW
TlsGetValue
DeleteAtom
EnterCriticalSection
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
ReadFile
SetFilePointerEx
LocalFileTimeToFileTime
SystemTimeToFileTime
FlushFileBuffers
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateMutexW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RtlPcToFileHeader
RaiseException
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
FindAtomW
LeaveCriticalSection
RtlUnwindEx
HeapSize
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc

advapi32

RegEnumKeyExW
RegQueryValueExA
BuildExplicitAccessWithNameW
RevertToSelf
SetEntriesInAclW
GetNamedSecurityInfoW
ImpersonateLoggedOnUser
SetNamedSecurityInfoW
LookupAccountNameW
AccessCheck
GetExplicitEntriesFromAclW
DeleteAce
GetUserNameW
OpenThreadToken
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
RegDeleteValueW
StartServiceW
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle
CreateServiceW

oleaut32

SysFreeString
SysAllocString

ntdll

RtlInitString
_vsnwprintf
_snwprintf
_wcsicmp
RtlCompareString
RtlFreeAnsiString
RtlNtStatusToDosError
wcsncpy
RtlDosPathNameToNtPathName_U
RtlInitializeCriticalSection
RtlUpcaseUnicodeChar
wcsncmp
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlAllocateHeap
RtlPrefixUnicodeString
RtlOemStringToUnicodeString
RtlFreeUnicodeString
NtWaitForSingleObject
RtlEqualUnicodeString
RtlUnicodeStringToOemString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
NtFsControlFile
RtlInitUnicodeString
RtlFreeHeap
NtDeviceIoControlFile
RtlAnsiStringToUnicodeString
RtlEnterCriticalSection
RtlIsDosDeviceName_U
wcsrchr
wcschr
_wcsnicmp
_vsnprintf

shlwapi

StrRChrW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathIsRootW
PathAppendW
PathCombineW
SHDeleteKeyW
StrCmpIW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

netapi32

NetShareGetInfo

Exports

Exports

BRegCloseKey
BRegCreateKey
BRegCreateKeyEx
BRegCreateKeyExW
BRegCreateKeyW
BRegDeleteKey
BRegDeleteKeyEx
BRegDeleteKeyExW
BRegDeleteKeyW
BRegDeleteValue
BRegDeleteValueW
BRegEnumKey
BRegEnumKeyEx
BRegEnumKeyExW
BRegEnumKeyW
BRegEnumValue
BRegEnumValueW
BRegOpenKey
BRegOpenKeyEx
BRegOpenKeyExW
BRegOpenKeyW
BRegQueryValueEx
BRegQueryValueExW
BRegSetValueEx
BRegSetValueExW
BfsSetFileApisToANSI
BfsSetFileApisToOEM
DllRegisterServer
DriverVersion
DsFileUnlock
DsGetFileLockType
DsSetTargetAccess
FSCloseHandle
FSCopyFile
FSCopyFileW
FSCreateFile
FSCreateFileW
FSDeleteFile
FSDeleteFileW
FSFindClose
FSFindFirstFile
FSFindFirstFileW
FSFindNextFile
FSFindNextFileW
FSGetFileAttributes
FSGetFileAttributesEx
FSGetFileAttributesExW
FSGetFileAttributesW
FSGetFileSize
FSGetFileSizeEx
FSGetLongPathName
FSGetLongPathNameW
FSGetShortPathName
FSGetShortPathNameW
FSMoveFileA
FSMoveFileExA
FSMoveFileExW
FSMoveFileW
FSPathFileExists
FSPathFileExistsW
FSPathIsDirectory
FSPathIsDirectoryW
FSReadFile
FSRemoveDirectory
FSRemoveDirectoryW
FSSearchPath
FSSearchPathW
FSSetFileAttributes
FSSetFileAttributesW
FSSetFilePointer
FSSetFilePointerEx
FSUnlockAll
FSWriteFile
FsForceKill
FsSearchPathExW
InitEngine
InitRegEngine
Install
JudgeVersion
SetBapiWorkingMode
SetDllBase
SetupInstall
UninitEngine
UninitRegEngine
Uninstall

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/BAPIDRV64.sys
.sys windows:6 windows x64 arch:x64

19ff51d8e586b280123454b7d2643b12

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:f4:17:cd:d0:cc:cc:41:2b:db:97:be:83:73:82:c0
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/02/2016, 00:00

Not After

03/02/2019, 23:59

Subject

SERIALNUMBER=110101011890260,CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:d4:ee:1f:e8:bb:c2:b6:28:18:76:7e:cc:ee:41:ea:09:c6:3b:17:43:59:b4:2a:78:cc:3c:e6:8f:a9:cb:17
Signer

Actual PE Digest

4d:d4:ee:1f:e8:bb:c2:b6:28:18:76:7e:cc:ee:41:ea:09:c6:3b:17:43:59:b4:2a:78:cc:3c:e6:8f:a9:cb:17

Digest Algorithm

sha256

PE Digest Matches

true

56:b1:32:38:53:48:ef:fd:de:af:af:e1:40:2c:9c:5c:50:1d:1a:f1
Signer

Actual PE Digest

56:b1:32:38:53:48:ef:fd:de:af:af:e1:40:2c:9c:5c:50:1d:1a:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\vmagent_new\bin\joblist\117003\src\b_capital\bapi_sys_x64\objfre_win7_amd64\amd64\BAPIDRV64.pdb

Imports

ntoskrnl.exe

ExAcquireRundownProtection
ExAcquireResourceExclusiveLite
SeTokenIsAdmin
ExAllocatePoolWithTag
ProbeForRead
PsProcessType
ZwCreateEvent
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoGetBaseFileSystemDeviceObject
KeLeaveCriticalRegion
RtlAnsiStringToUnicodeString
IoGetAttachedDevice
PsLookupProcessByProcessId
ZwQuerySymbolicLinkObject
ZwReadFile
IoGetRelatedDeviceObject
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
ExGetPreviousMode
ProbeForWrite
MmGetSystemRoutineAddress
IoCreateFile
KeInitializeEvent
RtlInitAnsiString
IoIs32bitProcess
ZwQuerySystemInformation
ExReleaseRundownProtection
KeAcquireQueuedSpinLock
KeReleaseQueuedSpinLock
RtlEqualUnicodeString
ZwOpenSymbolicLinkObject
IoFreeMdl
KeUnstackDetachProcess
KeEnterCriticalRegion
ZwSetInformationFile
SeReleaseSubjectContext
RtlFreeUnicodeString
ObQueryNameString
IoFileObjectType
ZwWaitForSingleObject
IoDriverObjectType
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
ExAllocatePool
SeCaptureSubjectContext
ZwQueryDirectoryFile
ExAcquireResourceSharedLite
IoGetCurrentProcess
_vsnwprintf
ExReleaseResourceLite
RtlPrefixUnicodeString
NtClose
ZwClose
RtlAppendUnicodeStringToString
IofCompleteRequest
PsGetProcessSessionId
ObReferenceObjectByHandle
KeWaitForSingleObject
ZwDuplicateObject
IoFreeIrp
MmProbeAndLockPages
PsGetVersion
RtlCompareUnicodeString
IoAllocateIrp
ZwOpenProcess
CmRegisterCallback
MmUnlockPages
ExDeleteResourceLite
ZwQueryInformationProcess
IoCreateSymbolicLink
PsGetCurrentProcessId
RtlCopyUnicodeString
MmIsAddressValid
ObfDereferenceObject
ZwSetInformationObject
ObReferenceObjectByName
IoCreateDevice
ExInitializeResourceLite
ZwOpenFile
CmUnRegisterCallback
ZwQueryInformationFile
ZwWriteFile
ObOpenObjectByPointer
DbgPrint
KeStackAttachProcess
IoAllocateMdl
IofCallDriver
ZwOpenKey
ObOpenObjectByName
SeDeleteObjectAuditAlarm
MmUserProbeAddress
ExAllocatePoolWithQuotaTag
_stricmp
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwCreateSection
strncmp
KeBugCheckEx
KeClearEvent
PsGetCurrentProcessWow64Process
ExRaiseStatus
ExReleaseFastMutex
KeReadStateEvent
ExAcquireFastMutex
NtBuildNumber
ObCreateObject
SeAppendPrivileges
IoEnqueueIrp
IoQueryFileInformation
IoCheckEaBufferValidity
IoCancelIrp
KeDelayExecutionThread
RtlMapGenericMask
ExAllocatePoolWithQuota
SeExports
SeSetAccessStateGenericMapping
ObfReferenceObject
SePrivilegeCheck
ExQueueWorkItem
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
SeCreateAccessState
ObInsertObject
ZwOpenDirectoryObject
SeCaptureSecurityDescriptor
SeDeleteAccessState
IoDeviceObjectType
ObReferenceObjectByPointer
__C_specific_handler
__chkstk

Exports

Exports

distorm_version

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/BAPIDRV64_win10.sys
.sys windows:6 windows x64 arch:x64

19ff51d8e586b280123454b7d2643b12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\vmagent_new\bin\joblist\117003\src\b_capital\bapi_sys_x64\objfre_win7_amd64\amd64\BAPIDRV64.pdb

Imports

ntoskrnl.exe

ExAcquireRundownProtection
ExAcquireResourceExclusiveLite
SeTokenIsAdmin
ExAllocatePoolWithTag
ProbeForRead
PsProcessType
ZwCreateEvent
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
IoGetBaseFileSystemDeviceObject
KeLeaveCriticalRegion
RtlAnsiStringToUnicodeString
IoGetAttachedDevice
PsLookupProcessByProcessId
ZwQuerySymbolicLinkObject
ZwReadFile
IoGetRelatedDeviceObject
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
ExGetPreviousMode
ProbeForWrite
MmGetSystemRoutineAddress
IoCreateFile
KeInitializeEvent
RtlInitAnsiString
IoIs32bitProcess
ZwQuerySystemInformation
ExReleaseRundownProtection
KeAcquireQueuedSpinLock
KeReleaseQueuedSpinLock
RtlEqualUnicodeString
ZwOpenSymbolicLinkObject
IoFreeMdl
KeUnstackDetachProcess
KeEnterCriticalRegion
ZwSetInformationFile
SeReleaseSubjectContext
RtlFreeUnicodeString
ObQueryNameString
IoFileObjectType
ZwWaitForSingleObject
IoDriverObjectType
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
ExAllocatePool
SeCaptureSubjectContext
ZwQueryDirectoryFile
ExAcquireResourceSharedLite
IoGetCurrentProcess
_vsnwprintf
ExReleaseResourceLite
RtlPrefixUnicodeString
NtClose
ZwClose
RtlAppendUnicodeStringToString
IofCompleteRequest
PsGetProcessSessionId
ObReferenceObjectByHandle
KeWaitForSingleObject
ZwDuplicateObject
IoFreeIrp
MmProbeAndLockPages
PsGetVersion
RtlCompareUnicodeString
IoAllocateIrp
ZwOpenProcess
CmRegisterCallback
MmUnlockPages
ExDeleteResourceLite
ZwQueryInformationProcess
IoCreateSymbolicLink
PsGetCurrentProcessId
RtlCopyUnicodeString
MmIsAddressValid
ObfDereferenceObject
ZwSetInformationObject
ObReferenceObjectByName
IoCreateDevice
ExInitializeResourceLite
ZwOpenFile
CmUnRegisterCallback
ZwQueryInformationFile
ZwWriteFile
ObOpenObjectByPointer
DbgPrint
KeStackAttachProcess
IoAllocateMdl
IofCallDriver
ZwOpenKey
ObOpenObjectByName
SeDeleteObjectAuditAlarm
MmUserProbeAddress
ExAllocatePoolWithQuotaTag
_stricmp
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwCreateSection
strncmp
KeBugCheckEx
KeClearEvent
PsGetCurrentProcessWow64Process
ExRaiseStatus
ExReleaseFastMutex
KeReadStateEvent
ExAcquireFastMutex
NtBuildNumber
ObCreateObject
SeAppendPrivileges
IoEnqueueIrp
IoQueryFileInformation
IoCheckEaBufferValidity
IoCancelIrp
KeDelayExecutionThread
RtlMapGenericMask
ExAllocatePoolWithQuota
SeExports
SeSetAccessStateGenericMapping
ObfReferenceObject
SePrivilegeCheck
ExQueueWorkItem
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
SeCreateAccessState
ObInsertObject
ZwOpenDirectoryObject
SeCaptureSecurityDescriptor
SeDeleteAccessState
IoDeviceObjectType
ObReferenceObjectByPointer
__C_specific_handler
__chkstk

Exports

Exports

distorm_version

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/CQhCltHttpW64.dll
.dll windows:5 windows x64 arch:x64

694c3c7fdf4c0996808211a354edeaaf

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:7c:ff:77:48:44:1f:d8:ba:21:7e:c1:43:8f:85:3a:bf:5b:47:33:5a:ed:09:a1:4f:a4:36:e9:90:62:25:bf
Signer

Actual PE Digest

46:7c:ff:77:48:44:1f:d8:ba:21:7e:c1:43:8f:85:3a:bf:5b:47:33:5a:ed:09:a1:4f:a4:36:e9:90:62:25:bf

Digest Algorithm

sha256

PE Digest Matches

true

c9:16:5e:49:ed:5d:e0:6b:fd:2f:a6:bb:ab:13:81:39:7a:b2:5b:3e
Signer

Actual PE Digest

c9:16:5e:49:ed:5d:e0:6b:fd:2f:a6:bb:ab:13:81:39:7a:b2:5b:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\68871\out\Release\lib\CQhCltHttpW64.pdb

Imports

kernel32

GetModuleHandleW
GetProcAddress
Sleep
FindClose
SuspendThread
FreeLibraryAndExitThread
GetLastError
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateSemaphoreW
CreateMutexW
SetWaitableTimer
CreateWaitableTimerW
DeviceIoControl
GetTickCount
FreeLibrary
CreateThread
GetFileAttributesExW
MoveFileExW
CopyFileW
CloseHandle
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetCurrentProcessId
SetEvent
CreateFileW
InitializeCriticalSection
SetLastError
IsBadReadPtr
CreateMutexA
GetVersionExA
GetCurrentThreadId
GlobalFree
GlobalAlloc
GetModuleHandleA
GetCurrentProcess
GetSystemTimeAsFileTime
SystemTimeToFileTime
ResetEvent
CompareFileTime
GetSystemTime
MultiByteToWideChar
IsBadWritePtr
lstrlenA
ReadFile
WriteFile
GetFileAttributesW
GetFileSize
DeleteFileW
FindFirstFileW
RemoveDirectoryW
lstrlenW
lstrcpynA
GetVersionExW
FileTimeToSystemTime
LocalFileTimeToFileTime
GetACP
GetSystemWindowsDirectoryW
CreateFileA
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
LocalFree
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
SetFilePointer
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsSetValue
GetCommandLineA
ExitThread
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WideCharToMultiByte

shlwapi

PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathAppendW
StrStrIA
PathIsDirectoryW
StrStrA
StrChrIA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetNetworkParams

winmm

timeGetTime

advapi32

RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExW
RegCloseKey

ws2_32

select

Exports

Exports

Init
UnInit
cancel_cqhcltdns_req
cancel_cqhclthttp_req
close_cqhcltdns_object
close_cqhclthttp_object
cqhcltdns_AsyncGetHostByName
cqhcltdns_QueryHostByName
cqhcltdns_SyncGetHostByName
cqhcltdns_SyncGetHostByNameEx
cqhclthttp_GetErrorMsg
cqhclthttp_GetErrorNo
cqhclthttp_GetOpt
cqhclthttp_GetToBuffer
cqhclthttp_GetToBuffer2
cqhclthttp_GetToFile
cqhclthttp_GetToFile2
cqhclthttp_IsNoContentLen
cqhclthttp_PostToBuffer
cqhclthttp_PostToBuffer2
cqhclthttp_PostToFile
cqhclthttp_PostToFile2
cqhclthttp_SetOpt
cqhclthttp_get_head_info
cqhclthttp_setLogParam
cqhclthttp_set_head_info
cqhclthttp_set_limit_byte
cqhclthttp_uploadlog
cqhctlhttp_GetCurrentMode
cqhctlhttp_GetIP
create_cqhcltdns_SetOpt
create_cqhcltdns_object
create_cqhclthttp_object
is_support_afd
set_cqhclthttp_mode
set_retry_count

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/Cloudsec364.dll
.dll windows:5 windows x64 arch:x64

a92ef8dc0cde49f5e704f48e2c36410b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:b7:41:5f:46:5a:42:8f:48:d2:a7:c9:27:4f:a6:54:01:1d:78:a4:e9:7d:41:de:93:cb:48:47:c8:5c:7b:ef
Signer

Actual PE Digest

a4:b7:41:5f:46:5a:42:8f:48:d2:a7:c9:27:4f:a6:54:01:1d:78:a4:e9:7d:41:de:93:cb:48:47:c8:5c:7b:ef

Digest Algorithm

sha256

PE Digest Matches

true

d0:f0:36:e8:fd:7a:5e:4a:48:2f:69:1e:74:42:84:81:f1:06:64:7f
Signer

Actual PE Digest

d0:f0:36:e8:fd:7a:5e:4a:48:2f:69:1e:74:42:84:81:f1:06:64:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\125594\out\Release\Cloudsec364.pdb

Imports

kernel32

GetCurrentProcess
OpenProcess
SetLastError
FreeResource
LoadLibraryExW
GetVersionExW
CreateDirectoryW
ReadFile
GetFileAttributesW
FindFirstFileW
FindClose
SearchPathW
LocalAlloc
LocalFree
GetWindowsDirectoryW
GetEnvironmentVariableW
GetShortPathNameW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempPathW
GetSystemDirectoryW
GetSystemDefaultUILanguage
GetModuleHandleExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
SetThreadPriority
GetThreadPriority
GetCurrentThread
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiW
CreateEventW
GetFullPathNameW
GetDriveTypeW
GetLogicalDrives
FlushFileBuffers
WriteFile
GetSystemTimeAsFileTime
SetFilePointer
GetCurrentThreadId
GetFileSize
ResetEvent
SetEvent
IsBadReadPtr
IsBadWritePtr
DeleteFileW
OpenThread
SetFileAttributesW
ReleaseMutex
WaitForMultipleObjects
CreateMutexW
RemoveDirectoryW
QueryDosDeviceW
lstrlenA
TlsAlloc
TlsGetValue
TlsSetValue
WritePrivateProfileStringW
GetVolumeInformationW
CreateProcessW
ResumeThread
GetCurrentProcessId
GetFileAttributesExW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
CreateThread
WaitForSingleObject
GetExitCodeThread
LoadLibraryW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetLongPathNameW
CreateFileW
DeviceIoControl
CloseHandle
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
LCMapStringA
HeapCreate
HeapSetInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetCommandLineA
FlsSetValue
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
HeapDestroy
RaiseException
TlsFree
DeleteAtom
FindAtomW
AddAtomW
GetAtomNameW
GetSystemTime
FormatMessageW
OutputDebugStringW
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocalTime
SystemTimeToFileTime
GetTickCount
GetLastError
GetModuleFileNameW
lstrlenW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LockResource
SizeofResource
WideCharToMultiByte
Sleep
GetProcAddress
FreeLibrary
CreateFileA
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetEnvironmentStrings

user32

LoadStringW
SendMessageTimeoutW
FindWindowW

advapi32

RegQueryValueExA
RegEnumValueW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptAcquireContextW
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
CryptReleaseContext
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CLSIDFromString

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysStringLen

shlwapi

PathAppendW
PathFileExistsW
StrChrW
SHGetValueW
SHSetValueW
StrCmpW
PathIsDirectoryW
StrRChrW
StrDupW
PathRemoveFileSpecW
StrCmpNW
SHCreateStreamOnFileW
StrToIntW
PathFindExtensionW
StrCmpIW
PathFindFileNameW
PathCombineW
StrStrIW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

gethostbyname
inet_ntoa
inet_addr

mpr

WNetGetConnectionW

wintrust

CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext

crypt32

CertGetNameStringW
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToDecode
CertOpenStore
CryptSIPRetrieveSubjectGuidForCatalogFile

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

iphlpapi

GetIpForwardTable
DeleteIPAddress
GetAdaptersInfo
GetIpAddrTable
DeleteIpForwardEntry

Exports

Exports

Create360Object
DSEngLib_Init
EngCreateObject
EngFrontFix
GetModErrCode
IsSupportFeature

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/DSFScan64.dll
.dll windows:5 windows x64 arch:x64

60f99d7e81616b4ef73d06f6d00ca8a3

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:07:4d:a8:22:3a:c6:db:d7:f3:33:5f:55:13:1b:2f:4a:68:ec:da
Signer

Actual PE Digest

26:07:4d:a8:22:3a:c6:db:d7:f3:33:5f:55:13:1b:2f:4a:68:ec:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\54824\out\Release\DSFScan64.pdb

Imports

ws2_32

WSACleanup
htons
gethostbyname
inet_ntoa
inet_addr
WSAStartup
ntohl

kernel32

GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
WaitForSingleObject
MultiByteToWideChar
GetVersionExW
lstrlenW
CreateDirectoryW
Sleep
DeleteFileW
FindClose
CloseHandle
GetExitCodeThread
CreateThread
GetSystemWindowsDirectoryW
DeviceIoControl
CreateFileW
GetCurrentProcessId
FreeResource
LoadLibraryExW
FindFirstFileW
SetLastError
IsBadReadPtr
WriteFile
GetTickCount
GetSystemDirectoryW
GetLastError
GetModuleHandleW
ReadFile
SetFilePointer
GetFileSize
ExpandEnvironmentStringsW
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
LCMapStringW
LoadLibraryA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
GetCurrentThreadId
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
GetVersionExA
GlobalFree
GlobalAlloc
GetModuleHandleA
CreateMutexA
WaitForMultipleObjects
CreateEventW
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsSetValue
GetCommandLineA
LCMapStringA

advapi32

RegEnumKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemFree
CLSIDFromString
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
SysFreeString

shlwapi

StrCmpIW
PathFileExistsW
PathCombineW
PathFindFileNameW
PathIsDirectoryW
StrStrIW
StrChrW
SHGetValueW
PathAppendW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetNetworkParams
GetIpAddrTable

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupGetStringFieldW
SetupFindNextLine
SetupGetIntField
SetupFindNextMatchLineW
SetupGetFieldCount
SetupFindFirstLineW

Exports

Exports

DSFCreate
DSFCreateNetEnvObj
DSFDestory
DSFDestoryNetEnvObj
DSFNetEnvCancel
DSFNetEnvCheck
DSFNetEnvErrCode
DSFNetEnvIsExistBlackNDIS
DSFNetEnvRmBlackNDIS
DSFRedirect
DSFStartScan
DSFStopScan
FixImageAndHostDeep

Sections

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/DsSysRepair64.dll
.dll windows:5 windows x64 arch:x64

e901a426acaf1b676403e57948ccee92

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e7:71:6b:38:ab:bc:15:40:9d:f4:ee:c7:ae:2b:de:29:20:4c:3c
Signer

Actual PE Digest

5c:e7:71:6b:38:ab:bc:15:40:9d:f4:ee:c7:ae:2b:de:29:20:4c:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\24909\out\Release\DsSysRepair64.pdb

Imports

kernel32

SearchPathW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
lstrcmpiW
DeleteFileW
HeapDestroy
HeapReAlloc
HeapSize
DeleteCriticalSection
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
HeapCreate
HeapSetInformation
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
FlsFree
GetCurrentThreadId
DecodePointer
EncodePointer
GetCommandLineA
FlsSetValue
ExitProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
MoveFileW
GetFileAttributesW
SetFileAttributesW
MultiByteToWideChar
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
SetLastError
CloseHandle
Sleep
GetProcAddress
LoadLibraryW
GetCurrentProcessId
FreeLibrary
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
CreateMutexW
GetSystemTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
InitializeCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
WaitForSingleObject
RaiseException
DeviceIoControl
GetModuleHandleW
CreateDirectoryW
GetSystemDefaultLangID
LocalFree
GetCurrentProcess
FlsGetValue
GetLongPathNameW

user32

MessageBoxW
GetActiveWindow
UnregisterClassA
FindWindowW
PostMessageW

advapi32

GetUserNameW
RegQueryValueExA
RegEnumKeyExW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
DeleteAce
LookupAccountNameW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
OpenProcessToken
SetNamedSecurityInfoW
RegEnumKeyW
GetTokenInformation
GetLengthSid
CopySid
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

shell32

SHGetSpecialFolderPathW
ShellExecuteW

oleaut32

SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantChangeType
SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

PathCombineW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
SHGetValueW
PathIsDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

CreateExaminPlugin
DsCreateObject
DsCreateObject2

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/ImAVEng64.dll
.dll windows:5 windows x64 arch:x64

76b6b406a9bc2300f76eccf6d89f1657

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:70:08:c5:ab:c7:69:1c:4c:d2:a0:fd:47:fb:3d:1e:81:68:75:d8
Signer

Actual PE Digest

1c:70:08:c5:ab:c7:69:1c:4c:d2:a0:fd:47:fb:3d:1e:81:68:75:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\32099\out\Release\ImAVEng64.pdb

Imports

kernel32

SetEvent
GetProcAddress
FreeLibrary
CreateEventW
GetModuleHandleExW
CreateThread
FreeLibraryAndExitThread
Sleep
GetFileAttributesExW
CreateFileW
MoveFileExW
DeleteFileW
SetUnhandledExceptionFilter
GetLastError
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
DeleteCriticalSection
WriteFile
SetFilePointerEx
GetFileAttributesW
GetFileSizeEx
MoveFileW
FlushFileBuffers
SetFileAttributesW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
DeviceIoControl
GetCurrentProcessId
InitializeCriticalSection
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
LeaveCriticalSection
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
OutputDebugStringW
FormatMessageW
MultiByteToWideChar
GetCurrentThreadId
LocalFree
GetSystemTime
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
EnterCriticalSection

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
ImpersonateLoggedOnUser
RevertToSelf
RegQueryValueExA

oleaut32

SysAllocString
SysFreeString

shlwapi

PathAppendW
SHGetValueW
StrCmpIW
StrStrIW
PathFileExistsW
StrToIntW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

Create360Object

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/PopSoftEng64.dll
.dll windows:5 windows x64 arch:x64

981a87b232f61fc0f8079912642c4646

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:e6:49:dc:44:52:32:6f:84:f5:6a:68:dd:30:2d:b7:65:47:82:dc:83:7f:48:8f:2b:98:a7:af:80:d8:2f:fb
Signer

Actual PE Digest

0c:e6:49:dc:44:52:32:6f:84:f5:6a:68:dd:30:2d:b7:65:47:82:dc:83:7f:48:8f:2b:98:a7:af:80:d8:2f:fb

Digest Algorithm

sha256

PE Digest Matches

true

41:63:d6:40:4d:c6:a1:bd:59:92:4b:a6:da:fc:76:03:7a:f6:69:07
Signer

Actual PE Digest

41:63:d6:40:4d:c6:a1:bd:59:92:4b:a6:da:fc:76:03:7a:f6:69:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\93608\out\Release\PopSoftEng64.pdb

Imports

kernel32

FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
GetCurrentProcessId
CloseHandle
DeviceIoControl
CreateFileW
SetLastError
GetCurrentProcess
GetSystemDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
GetFileAttributesExW
MultiByteToWideChar
GetEnvironmentVariableW
CreateDirectoryW
WideCharToMultiByte
SearchPathW
GetFileAttributesW
LocalFree
LocalAlloc
LoadLibraryExW
lstrlenW
FindResourceExW
GetCurrentThreadId
WritePrivateProfileStringW
GetPrivateProfileIntW
ReadFile
SetFilePointer
GetFileSizeEx
FindFirstFileW
FindClose
GetTickCount
FindNextFileW
GetDriveTypeW
GetLastError
DeleteFileW
CopyFileW
SetFileAttributesW
MoveFileExW
lstrcpyW
RemoveDirectoryW
GetStdHandle
ExitProcess
GetVersionExW
GetModuleHandleW
GetSystemWindowsDirectoryW
GetProcAddress
LoadLibraryW
Sleep
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
GetLongPathNameW
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapSetInformation
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
WriteFile
OutputDebugStringW
FormatMessageW
GetSystemTime
CreateMutexW
TlsGetValue
WaitForSingleObject
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetModuleFileNameA

user32

LoadStringW

advapi32

RegQueryValueExA
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ord25
SHGetFileInfoW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetDesktopFolder
ord18
ord155
SHGetFolderPathW
SHGetPathFromIDListW
ord190

ole32

CoTaskMemAlloc
CoTaskMemFree
IIDFromString
StringFromGUID2

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

StrStrIW
StrDupW
StrCmpIW
StrChrW
PathCombineW
SHGetValueW
PathFileExistsW
PathAppendW
PathIsDirectoryW
StrCpyNW
StrCmpNIW
StrRetToBufW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathCombineA
PathFindExtensionW
StrToIntW
StrRChrW
PathFindFileNameW

version

VerQueryValueW

setupapi

SetupIterateCabinetW

Exports

Exports

Create360Object

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/WiFiSafe64.dll
.dll windows:5 windows x64 arch:x64

97d80d592df934affa002cbff3341a50

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:be:f1:07:13:fb:ba:70:bd:3a:89:1d:b5:df:c6:ba:bd:b1:76:25:37:63:19:83:ea:e3:af:85:3f:6d:66:4d
Signer

Actual PE Digest

ad:be:f1:07:13:fb:ba:70:bd:3a:89:1d:b5:df:c6:ba:bd:b1:76:25:37:63:19:83:ea:e3:af:85:3f:6d:66:4d

Digest Algorithm

sha256

PE Digest Matches

true

24:4d:56:6e:5b:90:6d:28:66:8d:29:d2:51:0c:00:21:b4:77:6b:25
Signer

Actual PE Digest

24:4d:56:6e:5b:90:6d:28:66:8d:29:d2:51:0c:00:21:b4:77:6b:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\84403\out\Release\WiFiSafe64.pdb

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
SetLastError
GetFileSize
CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetCurrentProcessId
DeviceIoControl
CreateDirectoryW
WaitForSingleObject
ResumeThread
CreateProcessW
GetVersionExW
FreeResource
LoadLibraryExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
lstrcmpiW
LocalFree
OpenProcess
IsBadReadPtr
GetProcAddress
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
LoadLibraryW
MultiByteToWideChar
GetLastError
lstrlenW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEnvironmentVariableA
GetProcessHeap
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
FreeLibrary
Sleep
lstrlenA
ExpandEnvironmentStringsW
GetStringTypeA
FatalAppExitA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapCreate
InitializeCriticalSection
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
GetCurrentThread
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetModuleFileNameA
HeapAlloc
HeapReAlloc
CompareStringW
HeapFree
HeapDestroy
HeapSize
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
GetLocalTime
GetCurrentThreadId
GetSystemTime
CreateMutexW
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle

advapi32

RegEnumKeyExW
RegQueryValueExA
ImpersonateLoggedOnUser
RevertToSelf
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW

ole32

StringFromGUID2

oleaut32

VariantClear
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantChangeType
SysStringByteLen
VarBstrCmp

shlwapi

StrStrIW
StrChrW
PathCombineW
PathFileExistsW
SHGetValueW
PathAppendW
StrCmpIW
PathRemoveFileSpecW
StrStrIA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetIpNetTable
GetAdaptersInfo
GetIpAddrTable

ws2_32

WSAStartup
WSACleanup
inet_ntoa
gethostbyname
gethostname
inet_addr
WSASetEvent
WSACloseEvent
closesocket
sendto
htons
htonl
ntohs
recvfrom
WSAWaitForMultipleEvents
WSAEventSelect
socket
WSACreateEvent

crypt32

CryptStringToBinaryW
CryptUnprotectData
CryptBinaryToStringW

Exports

Exports

CreateObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/cloudcom264.dll
.dll windows:5 windows x64 arch:x64

74a3ce59cf3a4be5b9da8a745b296016

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:ed:e0:cc:79:db:ea:6d:a5:4d:d5:01:1b:39:08:b4:b4:b1:ed:a3:ce:91:9a:77:62:4a:b2:af:a8:ee:6a:a6
Signer

Actual PE Digest

e5:ed:e0:cc:79:db:ea:6d:a5:4d:d5:01:1b:39:08:b4:b4:b1:ed:a3:ce:91:9a:77:62:4a:b2:af:a8:ee:6a:a6

Digest Algorithm

sha256

PE Digest Matches

true

87:05:e4:d2:97:bd:99:10:cd:95:eb:8d:af:d5:8a:8f:82:35:25:3f
Signer

Actual PE Digest

87:05:e4:d2:97:bd:99:10:cd:95:eb:8d:af:d5:8a:8f:82:35:25:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\122960\out\Release\cloudcom264.pdb

Imports

ws2_32

WSACreateEvent
gethostbyname
WSAGetLastError
WSAStartup
WSACleanup
htons
WSARecvFrom
WSAEnumNetworkEvents
WSASend
WSARecv
bind
WSAGetOverlappedResult
shutdown
WSAIoctl
setsockopt
WSASocketW
recvfrom
WSACloseEvent
inet_addr
ntohl
htonl
ntohs
socket
sendto
closesocket
WSAEventSelect
inet_ntoa
WSAWaitForMultipleEvents

user32

CharNextW
LookupIconIdFromDirectoryEx

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SafeArrayCreate
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayPutElement
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysAllocString

kernel32

HeapCreate
HeapSetInformation
GetConsoleMode
GetConsoleCP
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetModuleFileNameA
GetStdHandle
GetCommandLineA
FlsSetValue
RtlPcToFileHeader
RtlCaptureContext
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
CloseHandle
DeviceIoControl
CreateFileW
GetCurrentProcessId
GetTickCount
FreeLibrary
GetProcAddress
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateMutexW
ReleaseMutex
SetEvent
Sleep
GetOverlappedResult
WaitForMultipleObjects
ResetEvent
CreateEventW
GetModuleHandleExW
FreeLibraryAndExitThread
CreateThread
ResumeThread
GetLastError
OpenEventW
FindClose
FindFirstFileW
HeapFree
HeapAlloc
GetProcessHeap
SetErrorMode
SetLastError
LoadLibraryW
LocalFree
GetModuleHandleW
FreeResource
LoadLibraryExW
GetFileAttributesExW
GetSystemWindowsDirectoryW
GetVersionExW
FormatMessageW
GetLongPathNameW
ExpandEnvironmentStringsW
GetExitCodeThread
ReadFile
SetFilePointer
GetFileSize
DeleteTimerQueueEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
LCMapStringA
RaiseException
lstrcmpiW
MapViewOfFile
CreateFileMappingW
WriteFile
CreateProcessW
GetDiskFreeSpaceExW
CreateDirectoryW
VirtualProtect
GetCurrentProcess
GetFileType
DuplicateHandle
UnmapViewOfFile
FileTimeToSystemTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetLocalTime
GetSystemTime
GetFileInformationByHandle
GetSystemDefaultUILanguage
SetFileAttributesW
GetFileAttributesW
MoveFileExW
GetVolumeInformationW
DeleteFileW
lstrlenA
GetEnvironmentVariableW
GetCurrentThread
GetShortPathNameW
IsBadReadPtr
MapViewOfFileEx
GetFileTime
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
CancelIo
CreateSemaphoreW
VirtualAlloc
VirtualFree
GetCurrentThreadId
EnumResourceNamesW
GetVersion
GetFileSizeEx
HeapDestroy
HeapReAlloc
HeapSize
GetTimeZoneInformation
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwindEx
RtlLookupFunctionEntry
CreateMutexA
GetModuleHandleA
GlobalAlloc
GlobalFree
GetVersionExA
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
SetFilePointerEx
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
SetEnvironmentVariableA
GetSystemDirectoryW
OutputDebugStringW

advapi32

RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
QueryServiceStatus
CloseServiceHandle
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegEnumKeyW
RegNotifyChangeKeyValue
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyW
OpenSCManagerW
OpenServiceW

shell32

SHGetSpecialFolderPathW

shlwapi

StrCmpNIA
PathAddBackslashW
PathFindFileNameW
StrCmpNW
SHDeleteValueW
StrStrIW
SHGetValueW
SHSetValueW
PathIsDirectoryW
StrRChrW
StrCmpW
StrCmpIW
PathFileExistsW
StrRStrIW
StrChrW
PathCombineW
PathAppendW
StrStrW
StrStrIA
PathRemoveFileSpecW

iphlpapi

GetBestRoute
GetFriendlyIfIndex
GetAdaptersInfo
NotifyAddrChange
GetNetworkParams

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

Exports

Exports

AVCacheClose
AVCacheCreate
AVCacheQuery
AVDeleteWhite
AVInsertWhite
AVNetQuery
AVNetQueryCancel
CacheClearOldData
CacheIsNeedClearOldData
CheckCloudServerState
CheckStreamTrust
Create360CommXClient
CreateObject
GetBest360Dns
GetDwordValue
GetFileTrustState
GetFileTrustStateEx
GetFileTrustStateEx2
GetFileTrustStateWithHandle
GetIspDns
GetStringValue
IsCahceTruested
MisKillCheckDangerFileSignWhitList
MisKillClose
MisKillCreate
MisKillGetIsSystemFileName
MisKillJudgeWhite
MisKillJudgeWhiteEx
MisKillJudgeWhiteOnlyFile
QueryFileCancel
QueryFileClose
QueryFileCreate
QueryFilesEx
QueryFilesEx2
QueryFilesGetError
QueryFilesIsFileInXD
QueryFilesIsFileMD5InXD
QuerySetOption
RestoreDns
SetComOption
SetDns
SetVerifyFilePath
SigDestroy
SigInit
SigMatch
SigMatchCert
SmartAddRestoreFile
SmartCacheClearFileCache
SmartCacheClearOldData
SmartCacheClose
SmartCacheCreate
SmartCacheDelFiles
SmartCacheFileMonCallBack
SmartCacheFileMonCallBackEx
SmartCacheGetFLNPNumber
SmartCacheInsert
SmartCachePETime
SmartCacheQuery
SmartCacheQueryHips
SmartDomainHijackQuery
SmartForcePrintLog
SmartGetCloudServerTime
SmartGetProxyInfo
SmartIsFileInXD
SmartIsMD5FileInXD
SmartIsMD5InXD
SmartNetAddrQuery
SmartNetQuery
SmartNetQueryCancel
SmartNetQueryEx
SmartNetQueryEx2
SmartQueryPreExitDll
SmartSetOption
SmartUploadCancel
SmartUploadClose
SmartUploadCreate
SmartUploadGetError
SmartUploadSetNetTimeout
SmartUploadSetOption
SmartUploadWithExtInfo
UninitCheckCloudServerState
VMDetector_IsInsideVM
XDAddRecords
XDAddRecordsEx
XDClose
XDDeleteRecords
XDGetCounts
XDGetFirst
XDGetLastFlag
XDGetNext
XDOpen

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tszTrus
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/deepscan64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

ab47233897c1e3fd7033f31d82155820

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:9b:fa:27:12:03:60:c6:55:64:c4:73:80:14:a3:36:2a:d7:8e:d4:31:81:81:6f:81:ed:66:66:c8:8f:1c:20
Signer

Actual PE Digest

72:9b:fa:27:12:03:60:c6:55:64:c4:73:80:14:a3:36:2a:d7:8e:d4:31:81:81:6f:81:ed:66:66:c8:8f:1c:20

Digest Algorithm

sha256

PE Digest Matches

true

c0:9a:02:36:1f:1b:7b:4d:21:7f:3e:48:24:56:30:bb:81:60:51:e2
Signer

Actual PE Digest

c0:9a:02:36:1f:1b:7b:4d:21:7f:3e:48:24:56:30:bb:81:60:51:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\120038\out\Release\deepscan64.pdb

Imports

kernel32

SearchPathW
OpenProcess
GetTickCount
GetStartupInfoW
PeekNamedPipe
CreateProcessA
CreatePipe
ExpandEnvironmentStringsA
GetFullPathNameW
TerminateProcess
MoveFileExW
GetEnvironmentVariableW
HeapFree
HeapAlloc
GetProcessHeap
GetFileSize
GetACP
CreateMutexW
lstrcmpiW
GetExitCodeThread
ResumeThread
CreateThread
FormatMessageW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDBCSLeadByte
lstrcpyW
GetFileSizeEx
SetEnvironmentVariableW
WritePrivateProfileSectionW
CreateEventW
GetDriveTypeW
FreeLibraryAndExitThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLogicalDrives
lstrlenA
RaiseException
GetCurrentThreadId
SetEvent
ResetEvent
Thread32Next
OpenThread
Thread32First
ReadProcessMemory
SetErrorMode
VirtualQueryEx
Module32NextW
Module32FirstW
SetFilePointerEx
LoadLibraryA
GetSystemDefaultLangID
GetVolumeInformationW
GetSystemInfo
GlobalMemoryStatus
GetDiskFreeSpaceExW
SetEndOfFile
GetStdHandle
SetFileTime
MoveFileW
VirtualAlloc
VirtualFree
FindFirstFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
GetLongPathNameW
ExpandEnvironmentStringsW
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindClose
LocalFree
GetCurrentProcess
CreateDirectoryW
LoadLibraryW
GetPrivateProfileStringW
CopyFileW
GetFileAttributesW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
QueryDosDeviceW
GetWindowsDirectoryW
GetSystemDefaultUILanguage
SetLastError
WritePrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
GetSystemDirectoryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
ReadFile
GetVersionExW
GetLastError
LoadLibraryExW
FreeResource
GetModuleHandleW
GetCurrentProcessId
DeviceIoControl
LocalAlloc
OutputDebugStringW
GetPrivateProfileSectionW
GetSystemWindowsDirectoryW
GetModuleFileNameW
SetFilePointer
CloseHandle
DeleteFileW
InitializeCriticalSection
WriteFile
CreateFileW
Sleep
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapCreate
HeapSetInformation
GetModuleFileNameA
IsValidCodePage
GetOEMCP
ExitProcess
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
FlsSetValue
VirtualQuery
VirtualProtect
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
HeapSize
HeapReAlloc
HeapDestroy
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
GetShortPathNameW
FindNextFileW
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RemoveDirectoryW
GetProcAddress
FreeLibrary

user32

MessageBoxA
GetWindowThreadProcessId
FindWindowExW
GetWindowTextW
IsWindow
SendMessageTimeoutW
FindWindowW
LoadStringW
CharNextW
CharUpperW

winspool.drv

GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryW

advapi32

GetTokenInformation
CloseServiceHandle
OpenServiceW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceStatus
ControlService
StartServiceW
ChangeServiceConfigW
RegOpenKeyExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
ImpersonateLoggedOnUser
RevertToSelf
LookupAccountSidW
RegSetValueA
RegSetValueW
RegQueryValueW
RegQueryValueA
RegOpenKeyA
RegCreateKeyA
RegFlushKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
EnumServicesStatusW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegCloseKey
OpenSCManagerW

shell32

SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
ord155
SHGetMalloc
CommandLineToArgvW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CoTaskMemRealloc
CoSetProxyBlanket
CoInitializeSecurity
StringFromGUID2
StgCreateDocfileOnILockBytes
StgCreateStorageEx

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
VariantCopy
SysAllocStringByteLen
SysStringByteLen
VarCmp
VarUI4FromStr
VarBstrCat

shlwapi

PathRenameExtensionW
StrCmpW
StrRChrW
PathFindExtensionW
StrDupW
StrCmpNIW
PathAppendW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathIsRelativeW
UrlUnescapeW
StrCmpNW
StrStrIW
SHCreateStreamOnFileW
StrToIntW
StrChrW
StrStrW
PathMatchSpecW
PathFindFileNameW
SHGetValueW
StrCmpIW

version

VerQueryValueW

crypt32

CertOpenStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertGetCertificateContextProperty
CertCloseStore
CryptMsgClose
CertFreeCertificateContext

setupapi

SetupIterateCabinetW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupFindNextLine
SetupGetIntField
SetupFindNextMatchLineW
SetupGetFieldCount
SetupCloseFileQueue
SetupOpenFileQueue
SetupGetStringFieldW

ws2_32

inet_addr
WSACleanup
inet_ntoa
gethostname
WSAStartup

psapi

GetProcessMemoryInfo
GetModuleInformation
EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW
EnumDeviceDrivers
GetDeviceDriverBaseNameW

mpr

WNetGetConnectionW

iphlpapi

GetIpAddrTable

netapi32

NetApiBufferFree
NetShareGetInfo

Exports

Exports

Create360Object
CreateQuarantObject
CreateQuarantObjectFactory
DllRegisterServer
DllUnregisterServer
DsEmpEnum
DsEmpGetState
DsEmpIsSupported
DsEmpOpen
DsEmpRule
DsGetSetSuperKillerSuccFlag
DsSetScanItemSortList
EngLib_Init
EngSectionRestore
GetModErrCode
IsSupportFeature

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/heavygate64.dll
.dll windows:5 windows x64 arch:x64

170b85acc1dc0f50a34b42b1f71701ea

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:aa:e9:ab:da:05:dd:84:32:6d:13:6e:7a:37:a2:ee:1a:dc:5c:06
Signer

Actual PE Digest

8f:aa:e9:ab:da:05:dd:84:32:6d:13:6e:7a:37:a2:ee:1a:dc:5c:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\49692\out\Release\heavygate64.pdb

Imports

kernel32

FlushViewOfFile
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WaitForSingleObject
WriteFile
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
Sleep
SetFilePointer
SetEndOfFile
ReadFile
QueryPerformanceCounter
MultiByteToWideChar
MapViewOfFile
LockFileEx
LockFile
LocalFree
LoadLibraryW
LoadLibraryA
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetProcAddress
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
CloseHandle
AreFileApisANSI
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTimeZoneInformation
HeapSetInformation
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/jcloudscan64.dll
.dll windows:5 windows x64 arch:x64

0add5c6c920eacd792fd05d512425635

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:9b:08:0d:71:af:b9:2a:93:c4:c1:53:b7:18:3e:3a:15:c9:c0:55
Signer

Actual PE Digest

bd:9b:08:0d:71:af:b9:2a:93:c4:c1:53:b7:18:3e:3a:15:c9:c0:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\60108\out\Release\jCloudScan64.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetLastError
CreateFileA
SetFilePointer
WriteFile
ReadFile
FileTimeToDosDateTime
lstrlenA
lstrlenW
FindFirstFileA
FindClose
FileTimeToLocalFileTime
DeleteFileA
LockResource
MultiByteToWideChar
SizeofResource
SetConsoleMode
ReadConsoleInputA
WideCharToMultiByte
GetTickCount
LoadResource
FindResourceW
FindResourceExW
GetCurrentProcessId
CloseHandle
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
GetProcAddress
CreateFileW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
SystemTimeToFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
SetLastError
GetCurrentThreadId
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
WaitForSingleObject
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
GetModuleFileNameW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FileTimeToSystemTime
GetDriveTypeA
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
LCMapStringA
LCMapStringW
GetCPInfo
HeapSetInformation
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersion
GlobalMemoryStatus
GetVersionExW
FlushConsoleInputBuffer
LeaveCriticalSection
Sleep
LoadLibraryW
InitializeCriticalSection
GetModuleHandleW
ReleaseMutex
FreeLibrary

advapi32

RegQueryValueExA
CryptReleaseContext
CryptGenRandom
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW

oleaut32

SysAllocString
SysFreeString

shlwapi

PathMatchSpecA
PathAppendW
SHGetValueW
PathFileExistsW
StrCmpIW
StrStrIW

ws2_32

htons
ntohs
ntohl
htonl

user32

GetUserObjectInformationW
MessageBoxW
GetDesktopWindow
GetProcessWindowStation

Exports

Exports

ApkFreeData
ApkGetApkAndroidManifestData
CloudQueryAppendItemArray
CloudQueryCalcBufferMfSha1AndFingerprint
CloudQueryCalcFileMfSha1AndFingerprintW
CloudQueryCancel
CloudQueryCreate
CloudQueryCreateItemArray
CloudQueryCreateQueryItem
CloudQueryDestroy
CloudQueryDestroyItemArray
CloudQueryDestroyQueryItem
CloudQueryGetItemArraySize
CloudQueryGetItemFileInfoApkInfoDownID
CloudQueryGetItemFileInfoApkInfoUploadFlag
CloudQueryGetItemFileInfoCanDelete
CloudQueryGetItemFileInfoCanReplace
CloudQueryGetItemFileInfoDesc
CloudQueryGetItemFileInfoExtInfo
CloudQueryGetItemFileInfoNetLevel
CloudQueryGetItemFileInfoQvmInfoDownID
CloudQueryGetItemFileInfoQvmInfoDownProperty
CloudQueryGetItemFileInfoQvmInfoLevel
CloudQueryGetItemFileInfoQvmInfoScore
CloudQueryGetItemFileInfoSoftClass
CloudQueryGetItemFileInfoTrojanName
CloudQueryGetItemFileNameAndSize
CloudQueryGetItemHandleFromItemArray
CloudQueryGetQueryError
CloudQueryNetQuery
CloudQuerySetCloudServer
CloudQuerySetItemCustomSha1AndCustomFingerPrint
CloudQuerySetItemCustomSha1WhenUseMemFile
CloudQuerySetItemFileInfoApkInfo
CloudQuerySetItemFileInfoApkInfoExtString
CloudQuerySetItemFileInfoApkInfoFileType
CloudQuerySetItemFileInfoApkInfoID
CloudQuerySetItemFileInfoFilePathAndSize
CloudQuerySetItemFileInfoQueryFlags
CloudQuerySetItemFileInfoQvmInfo
CloudQuerySetItemFileInfoQvmInfoBoleBuf
CloudQuerySetItemFileInfoQvmInfoExtString
CloudQuerySetItemFileInfoQvmInfoID
CloudQuerySetItemFileInfoReallocApkInfoOrQvmInfo
CloudQuerySetItemFileInfoScanType
CloudQuerySetItemQueryFlag
CloudQuerySetItemQueryType
CloudQuerySetItemUseFileOrMem
CloudQuerySetRequestHeaderOption
GetOrSetCurrentBaseUrl
Init360NetBaseDll
SoUploadCancel
SoUploadCreate
SoUploadDestroy
SoUploadDoUpload
SoUploadGetErrorCode
SoUploadSetOption
SoUploadSetPath
SoUploadSetTokenServer
SoUploadSetTokenUploadApkUrl
SoUploadSetUsingMemFileAlias
SoUploadSetUsingMemoryBuffer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/sdcsp64.dat
deepscan/sysfilerepS64.dll
.dll windows:5 windows x64 arch:x64

c5e939db74ede6b52f3e010d41a65e29

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:5e:9c:51:fa:88:18:3e:cf:ee:18:16:a2:7d:c5:e1:0f:97:a4:18:9e:9a:f3:aa:84:32:15:25:7c:41:53:90
Signer

Actual PE Digest

81:5e:9c:51:fa:88:18:3e:cf:ee:18:16:a2:7d:c5:e1:0f:97:a4:18:9e:9a:f3:aa:84:32:15:25:7c:41:53:90

Digest Algorithm

sha256

PE Digest Matches

true

12:7d:aa:85:a1:b0:47:58:54:e7:b1:7f:a4:04:08:9e:b1:55:de:c3
Signer

Actual PE Digest

12:7d:aa:85:a1:b0:47:58:54:e7:b1:7f:a4:04:08:9e:b1:55:de:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\87826\out\Release\sysfilerepS64.pdb

Imports

kernel32

GetSystemWindowsDirectoryW
GetLongPathNameW
Sleep
GetFileAttributesW
FindFirstFileW
FindClose
GetTempPathW
CreateDirectoryW
FreeResource
LoadLibraryExW
CloseHandle
DeviceIoControl
CreateFileW
GetCurrentProcessId
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
lstrlenW
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
InitializeCriticalSection
WaitForSingleObject
ResumeThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetVersionExW
DeleteFileW
MoveFileExW
GetWindowsDirectoryW
GetTickCount
CopyFileW
GetLastError
SetFileAttributesW
GetCurrentThreadId
LocalFree
LocalAlloc
RemoveDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetEnvironmentVariableW
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesExW
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
GetSystemDefaultUILanguage
GetSystemDirectoryW
DeleteCriticalSection
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
FlsAlloc
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapFree
GetProcessHeap
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
CreateFileA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
GetFileSizeEx
OutputDebugStringW
FormatMessageW
GetLocalTime
GetSystemTime
CreateMutexW
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsSetValue
GetCommandLineA
HeapSetInformation
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
GetCurrentThread
SetConsoleCtrlHandler

advapi32

RegQueryValueExA
GetUserNameW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
OpenProcessToken
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
DeleteAce
LookupAccountNameW
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
GetErrorInfo
VariantChangeType
VariantClear
VariantInit
SetErrorInfo
CreateErrorInfo

shlwapi

SHGetValueW
StrStrIW
PathRemoveFileSpecW
PathIsDirectoryW
StrStrW
PathFindFileNameW
PathCombineW
StrCmpIW
StrCmpW
StrCmpNW
StrRChrW
PathAppendW
StrChrW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime

setupapi

SetupIterateCabinetW

Exports

Exports

GetModErrCode
WinsxsFix
cancel_sysfilerep_req
close_sysfilerep_object
create_sysfilerep_object
fix_ie_kb_fix
judgeif_sys_file
judgeif_sys_file_a
judgeif_sys_file_w
replace_all_sys_file
replace_all_sys_file_a
replace_all_sys_file_w
replace_file_w
replace_get_http_count
replace_set_http_mode
replace_set_product_a
replace_set_product_w
replace_sys_file
replace_sys_file_a
replace_sys_file_w
scan_ie_kb_fix
set_download_callback
set_option
set_sysfilerep_timeout

Sections

.text
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dsplugins.dll
.dll windows:5 windows x64 arch:x64

b15efa132ae8b25962c07efc06407aac

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:fb:c6:07:2d:34:9c:02:47:e9:8e:5c:2f:c3:ae:e4:2a:c1:1e:61
Signer

Actual PE Digest

8b:fb:c6:07:2d:34:9c:02:47:e9:8e:5c:2f:c3:ae:e4:2a:c1:1e:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\dsplugins.pdb

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetFileAttributesW
SetFileAttributesW
GetLastError
Sleep
CreateEventW
ResetEvent
SetEvent
WaitForSingleObject
SetFilePointer
InitializeCriticalSection
GetCurrentProcessId
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
TlsFree
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
CreateMutexW
GetSystemTime
LocalFree
LockResource
DeviceIoControl
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
SizeofResource

advapi32

RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW

oleaut32

SysFreeString
SysAllocString
VariantClear

shlwapi

PathFileExistsW
PathFindFileNameW
StrStrIW
StrCmpIW

Exports

Exports

Create360Object
Set360Object

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dynlenv64.dll
.dll windows:5 windows x64 arch:x64

62fe567625498705b3fed601f41f9425

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:12:53:9c:97:a2:e1:12:e1:26:78:78:b8:27:26:ae:f9:b6:4b:09
Signer

Actual PE Digest

c9:12:53:9c:97:a2:e1:12:e1:26:78:78:b8:27:26:ae:f9:b6:4b:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

P:\intermoutput\L_capital\Lua_dlls_capital\Release\dynlenv64.pdb

Imports

kernel32

GetPrivateProfileIntW
GetLastError
EnterCriticalSection
DeleteCriticalSection
TlsAlloc
CloseHandle
TlsFree
TlsGetValue
GetFileSize
GetFullPathNameW
TlsSetValue
GetModuleHandleW
LoadLibraryW
FreeLibrary
GetProcAddress
CreateFileW
DeviceIoControl
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
FormatMessageA
LoadLibraryA
GetModuleFileNameA
GetModuleFileNameW
ReadFile
LeaveCriticalSection
InitializeCriticalSection
WriteFile
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
OutputDebugStringW
GetCurrentProcessId
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
FormatMessageW
SetLastError
GetCurrentThreadId
LocalFree
GetSystemTime
CreateMutexW
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
FindAtomW
DeleteAtom
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
ExitProcess
FlsSetValue
GetCommandLineA
HeapReAlloc
RtlUnwindEx
CreateProcessA
DuplicateHandle
MoveFileA
DeleteFileA
GetDateFormatA
GetTimeFormatA
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringW
HeapSize
GetStdHandle
InitializeCriticalSectionAndSpinCount
LCMapStringA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetFileAttributesA
CreatePipe
GetExitCodeProcess
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetFilePointer

user32

GetActiveWindow
MessageBoxW

shell32

ShellExecuteW

shlwapi

PathAppendW
PathFindFileNameW

advapi32

RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

Exports

Exports

get_lua_env_dispatch
get_lua_raw_dispatch

Sections

.text
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
firstaid/Fix/AntiWriteBack64.dll
.dll windows:5 windows x64 arch:x64

d83a3fc94754a5139dccf5e9b4d5905a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:36:3a:69:68:de:2e:b4:b0:4d:25:0e:0f:64:ec:26:9a:01:80:a9:38:af:cb:d6:e8:41:f4:d2:b6:64:4b:c1
Signer

Actual PE Digest

9f:36:3a:69:68:de:2e:b4:b0:4d:25:0e:0f:64:ec:26:9a:01:80:a9:38:af:cb:d6:e8:41:f4:d2:b6:64:4b:c1

Digest Algorithm

sha256

PE Digest Matches

true

37:05:7c:e1:7e:22:01:32:ec:5f:58:78:1d:dd:08:ca:06:b2:ce:75
Signer

Actual PE Digest

37:05:7c:e1:7e:22:01:32:ec:5f:58:78:1d:dd:08:ca:06:b2:ce:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\build\SysRepairDLL\trunk\AntiWriteBack\Release64\AntiWriteBack64.pdb

Imports

kernel32

GetCurrentProcessId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
GetVersionExW
Sleep
FlushFileBuffers
GetModuleHandleW
GetProcAddress
FindResourceW
GetLastError
LoadResource
LockResource
SizeofResource
WriteFile
MoveFileExW
GetCurrentProcess
GetTempFileNameW
DeviceIoControl
CloseHandle
CreateFileW
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
DeleteCriticalSection
GetTickCount
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
GetLocaleInfoA
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapSetInformation
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

GetSystemMetrics
wsprintfW

advapi32

QueryServiceStatus
StartServiceW
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCreateKeyW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegDeleteValueW
RegCloseKey

shlwapi

PathAppendW
StrRChrW
StrCmpIW
StrRStrIW
wnsprintfW
SHDeleteKeyW
PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

AddFileToAntiWList
AddPathToAntiWList
DYD_BelongCN
DelRegValueKeyNormal
DisableDelReg
DisableRegProtect
DisableTCP_SET_INFORMATION_EX
EnableDelReg
EnableRegProtect
EnableTCP_SET_INFORMATION_EX
EreaseDisableRegProtect
ForbidShutDown
Init
PathFileAntiProctected
PostCmCallBack
PreCmCallBack
ProtectRegKeyNative
ProtectRegKeyNativeDel
ProtectRegKeyNormal
RebootByKB
RestTCPDispatch
RestrictNetWork
SetMsgHandler
SetPassbyPid
SetRandomName
SetRegPassbyPid
SpKillerInit
TestCheck
TestCheck_1
Uninit

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
firstaid/Fix/BFsAndReg64.dll
.dll windows:5 windows x64 arch:x64

4ad3c0697fcf32ad01175f6a83f861ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:b6:21:b1:ef:4b:1e:f5:1c:0c:ed:0b:76:38:7b:71:99:2a:53:89:44:49:cf:4c:06:b1:62:fa:85:a7:e2:3f
Signer

Actual PE Digest

12:b6:21:b1:ef:4b:1e:f5:1c:0c:ed:0b:76:38:7b:71:99:2a:53:89:44:49:cf:4c:06:b1:62:fa:85:a7:e2:3f

Digest Algorithm

sha256

PE Digest Matches

true

06:6f:13:dd:53:79:c1:50:ff:0c:36:a5:87:b3:6b:7a:d9:b8:df:15
Signer

Actual PE Digest

06:6f:13:dd:53:79:c1:50:ff:0c:36:a5:87:b3:6b:7a:d9:b8:df:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\build\ShareCode\trunk\BFsAndRegWithBap\Release64\BFsAndReg64.pdb

Imports

ntdll

RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
memset
_vsnprintf
RtlCaptureContext
RtlPcToFileHeader
wcscpy
strcpy
memcmp
wcslen
strlen
_stricmp
RtlInitUnicodeString
LdrGetDllHandle
RtlInitAnsiString
LdrGetProcedureAddress
atoi
memcpy
_wcsicmp

kernel32

GetLastError
FindResourceA
GetTickCount
DeviceIoControl
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
SetFilePointer
SetFilePointerEx
ReadFile
GetFileSize
SetFileAttributesW
CopyFileA
LoadResource
MoveFileA
MoveFileW
MoveFileExW
GetSystemDirectoryA
LoadLibraryA
GetModuleFileNameA
LocalAlloc
LocalFree
FreeLibrary
GetVersionExA
LoadLibraryW
FlushInstructionCache
VirtualProtect
IsBadCodePtr
LCMapStringA
HeapSize
LockResource
SizeofResource
SetFileAttributesA
CreateFileA
WriteFile
CloseHandle
DeleteFileA
MoveFileExA
GetCurrentProcess
lstrcmpiA
GetTempFileNameA
EnterCriticalSection
LeaveCriticalSection
CreateFileW
InitializeCriticalSection
LCMapStringW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
GetStdHandle
ExitProcess
Sleep
GetModuleHandleW
HeapDestroy
HeapCreate
HeapSetInformation
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

RegQueryValueExA
RegDeleteValueW
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegOpenKeyW
RegDeleteValueA
RegCloseKey

ole32

CoCreateInstanceEx

shlwapi

wnsprintfA
PathAppendA
StrRChrA
PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

??4CBFsAndRegWithBap@@QEAAAEAV0@AEBV0@@Z
Init
MyBFsSetFlag
MyBFsWriteSetFlag
MyBRegSetFlag
SetByPassBapi
StartHook
UnHook

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 703KB - Virtual size: 703KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
firstaid/Fix/CQhCltHttpW64.dll
.dll windows:5 windows x64 arch:x64

694c3c7fdf4c0996808211a354edeaaf

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:7c:ff:77:48:44:1f:d8:ba:21:7e:c1:43:8f:85:3a:bf:5b:47:33:5a:ed:09:a1:4f:a4:36:e9:90:62:25:bf
Signer

Actual PE Digest

46:7c:ff:77:48:44:1f:d8:ba:21:7e:c1:43:8f:85:3a:bf:5b:47:33:5a:ed:09:a1:4f:a4:36:e9:90:62:25:bf

Digest Algorithm

sha256

PE Digest Matches

true

c9:16:5e:49:ed:5d:e0:6b:fd:2f:a6:bb:ab:13:81:39:7a:b2:5b:3e
Signer

Actual PE Digest

c9:16:5e:49:ed:5d:e0:6b:fd:2f:a6:bb:ab:13:81:39:7a:b2:5b:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\68871\out\Release\lib\CQhCltHttpW64.pdb

Imports

kernel32

GetModuleHandleW
GetProcAddress
Sleep
FindClose
SuspendThread
FreeLibraryAndExitThread
GetLastError
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateSemaphoreW
CreateMutexW
SetWaitableTimer
CreateWaitableTimerW
DeviceIoControl
GetTickCount
FreeLibrary
CreateThread
GetFileAttributesExW
MoveFileExW
CopyFileW
CloseHandle
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetCurrentProcessId
SetEvent
CreateFileW
InitializeCriticalSection
SetLastError
IsBadReadPtr
CreateMutexA
GetVersionExA
GetCurrentThreadId
GlobalFree
GlobalAlloc
GetModuleHandleA
GetCurrentProcess
GetSystemTimeAsFileTime
SystemTimeToFileTime
ResetEvent
CompareFileTime
GetSystemTime
MultiByteToWideChar
IsBadWritePtr
lstrlenA
ReadFile
WriteFile
GetFileAttributesW
GetFileSize
DeleteFileW
FindFirstFileW
RemoveDirectoryW
lstrlenW
lstrcpynA
GetVersionExW
FileTimeToSystemTime
LocalFileTimeToFileTime
GetACP
GetSystemWindowsDirectoryW
CreateFileA
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
LocalFree
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
SetFilePointer
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsSetValue
GetCommandLineA
ExitThread
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WideCharToMultiByte

shlwapi

PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathAppendW
StrStrIA
PathIsDirectoryW
StrStrA
StrChrIA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetNetworkParams

winmm

timeGetTime

advapi32

RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExW
RegCloseKey

ws2_32

select

Exports

Exports

Init
UnInit
cancel_cqhcltdns_req
cancel_cqhclthttp_req
close_cqhcltdns_object
close_cqhclthttp_object
cqhcltdns_AsyncGetHostByName
cqhcltdns_QueryHostByName
cqhcltdns_SyncGetHostByName
cqhcltdns_SyncGetHostByNameEx
cqhclthttp_GetErrorMsg
cqhclthttp_GetErrorNo
cqhclthttp_GetOpt
cqhclthttp_GetToBuffer
cqhclthttp_GetToBuffer2
cqhclthttp_GetToFile
cqhclthttp_GetToFile2
cqhclthttp_IsNoContentLen
cqhclthttp_PostToBuffer
cqhclthttp_PostToBuffer2
cqhclthttp_PostToFile
cqhclthttp_PostToFile2
cqhclthttp_SetOpt
cqhclthttp_get_head_info
cqhclthttp_setLogParam
cqhclthttp_set_head_info
cqhclthttp_set_limit_byte
cqhclthttp_uploadlog
cqhctlhttp_GetCurrentMode
cqhctlhttp_GetIP
create_cqhcltdns_SetOpt
create_cqhcltdns_object
create_cqhclthttp_object
is_support_afd
set_cqhclthttp_mode
set_retry_count

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
firstaid/SuperKiller.exe
.exe windows:5 windows x64 arch:x64

7f6ffcca3abbdaf2a5813a80ccf6e39d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:06:87:b8:73:db:9f:8e:3a:1c:cd:7c:aa:70:10:b6:fd:65:40:f5:2c:8b:6a:73:a3:e8:ab:25:09:55:2b:71
Signer

Actual PE Digest

cc:06:87:b8:73:db:9f:8e:3a:1c:cd:7c:aa:70:10:b6:fd:65:40:f5:2c:8b:6a:73:a3:e8:ab:25:09:55:2b:71

Digest Algorithm

sha256

PE Digest Matches

true

d5:d8:b2:35:fc:e1:49:90:53:da:f3:b0:7a:36:5a:38:8d:a3:2d:38
Signer

Actual PE Digest

d5:d8:b2:35:fc:e1:49:90:53:da:f3:b0:7a:36:5a:38:8d:a3:2d:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\build\ShareCode\trunk\360SuperKiller\x64\Release\SuperKiller.pdb

Imports

ntdll

NtTerminateProcess
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
RtlCaptureContext
RtlPcToFileHeader
LdrGetProcedureAddress
RtlInitAnsiString
LdrGetDllHandle
LdrLoadDll
RtlInitUnicodeString

kernel32

Process32FirstW
GetCommandLineW
GetDiskFreeSpaceExW
lstrcpynW
OpenProcess
RemoveDirectoryW
CreatePipe
IsBadReadPtr
GetWindowsDirectoryW
GetFileSizeEx
OutputDebugStringA
SetFilePointer
CreateMutexW
ReleaseMutex
WaitForMultipleObjects
HeapFree
HeapAlloc
GetProcessHeap
GlobalDeleteAtom
GlobalFindAtomW
SystemTimeToFileTime
GetProcessTimes
GetFileAttributesExW
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
TerminateProcess
IsBadWritePtr
FlushFileBuffers
GetSystemDefaultUILanguage
UnmapViewOfFile
QueryDosDeviceW
GetLogicalDriveStringsW
MapViewOfFile
CreateFileMappingW
DuplicateHandle
GetExitCodeThread
PeekNamedPipe
CreateProcessA
ExpandEnvironmentStringsA
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
Process32NextW
LocalAlloc
TlsAlloc
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualProtect
IsBadCodePtr
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetVolumeInformationW
GetDriveTypeW
SetEvent
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Module32FirstW
GetACP
GetLongPathNameW
GlobalAddAtomW
GetFileAttributesW
GetSystemTime
WideCharToMultiByte
CreateFileW
DeviceIoControl
ResetEvent
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLogicalDrives
LoadLibraryW
lstrcmpiW
LoadLibraryExW
GlobalReAlloc
FindResourceExW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetShortPathNameW
InitializeCriticalSection
GetLocalTime
LocalFree
GetTempFileNameW
FreeResource
LockResource
SizeofResource
CreateEventW
FindResourceW
LoadResource
GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
DeleteCriticalSection
GetModuleFileNameW
GlobalAlloc
GlobalFree
GetFileSize
ReadFile
FileTimeToSystemTime
OutputDebugStringW
FreeLibrary
GetProcAddress
GetVersionExW
WriteFile
GetSystemWindowsDirectoryW
GetPrivateProfileIntW
GetCurrentProcessId
DecodePointer
Sleep
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetTempPathW
MoveFileExW
FindFirstFileW
FindNextFileW
LocalFileTimeToFileTime
SetFilePointerEx
FormatMessageW
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
FindClose
GetModuleHandleW
MultiByteToWideChar
lstrlenA
GetSystemDirectoryW
SearchPathW
CreateDirectoryW
ExpandEnvironmentStringsW
SetFileAttributesW
MoveFileW
CopyFileW
GetTickCount
TerminateThread
CreateThread
GetCurrentThreadId
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetLastError
CloseHandle
DeleteFileW
AddAtomW
FindAtomW
DeleteAtom
TlsFree
FileTimeToDosDateTime
GetFileInformationByHandle
DosDateTimeToFileTime
SetFileTime
EncodePointer

user32

ReleaseDC
GetDC
GetDlgCtrlID
DrawTextW
DrawIconEx
SetWindowRgn
SetWindowLongPtrW
GetSysColor
SystemParametersInfoW
GetKeyState
GetMessagePos
TrackMouseEvent
LoadIconW
OffsetRect
InvalidateRect
UpdateWindow
ReleaseCapture
GetCapture
SetCapture
WindowFromPoint
GetClassLongW
GetCursorPos
PtInRect
EndPaint
BeginPaint
EndDialog
CreateDialogIndirectParamW
CreateWindowExW
DestroyWindow
GetClassInfoW
RegisterClassW
DefWindowProcW
IntersectRect
PostQuitMessage
EnableWindow
GetWindowTextW
InflateRect
ScreenToClient
SetWindowLongW
IsWindow
wsprintfW
RedrawWindow
DestroyIcon
KillTimer
SetTimer
IsIconic
FillRect
LoadCursorW
SetCursor
PostMessageW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
CallWindowProcW
DialogBoxIndirectParamW
GetFocus
CopyRect
GetDlgItem
GetWindowLongPtrW
GetClassInfoExW
RegisterClassExW
CharNextW
GetDesktopWindow
ExitWindowsEx
SetForegroundWindow
FindWindowW
GetWindowThreadProcessId
SetWindowsHookExW
SetWindowTextW
GetWindowLongW
GetSystemMetrics
LoadImageW
AdjustWindowRectEx
IsDialogMessageW
wvsprintfW
DispatchMessageA
UnregisterClassA
ShowWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
SendMessageW
SetFocus

advapi32

BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
RegQueryValueExA
OpenServiceW
CloseServiceHandle
OpenSCManagerW
RegQueryValueExW
RegSaveKeyW
RegQueryInfoKeyW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyW
RegRestoreKeyW
RegCloseKey
GetNamedSecurityInfoW
GetUserNameW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DuplicateTokenEx
FreeSid
SetTokenInformation
GetLengthSid
AllocateAndInitializeSid
CreateRestrictedToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
EqualSid
RegSetValueExA
QueryServiceStatus
StartServiceW
ChangeServiceConfigW
RegSetValueExW
RegOpenKeyExW
ControlService
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
LookupAccountSidW
LookupAccountNameW
DeleteAce
GetExplicitEntriesFromAclW
QueryServiceConfigW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoCreateGuid
CLSIDFromString
StringFromCLSID
CoInitialize

shell32

SHGetFileInfoW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW

oleaut32

VariantChangeType
VarUI4FromStr
SysFreeString
SysAllocString
VariantClear
VariantInit

shlwapi

wnsprintfW
UrlUnescapeW
PathRenameExtensionW
PathIsDirectoryEmptyW
StrRStrIW
SHRegSetPathW
SHSetValueW
PathGetDriveNumberW
PathBuildRootW
SHDeleteValueW
StrCmpW
StrStrIA
PathFileExistsW
PathAppendW
StrCmpIW
StrStrIW
PathRemoveFileSpecW
PathFindFileNameW
StrRChrIW
StrRChrW
SHDeleteKeyW
PathFindExtensionW
PathCombineW
SHGetValueW
StrChrW
StrCmpNW
PathIsDirectoryW
StrStrW
StrCmpNIW

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_Remove
ImageList_Duplicate
ImageList_ReplaceIcon
ImageList_Create

gdi32

LineTo
ExtTextOutW
SetBkColor
ExcludeClipRect
BitBlt
OffsetViewportOrgEx
SetViewportOrgEx
IntersectClipRect
SelectObject
StretchBlt
SetStretchBltMode
GetObjectW
CreateDIBSection
DeleteObject
SetTextColor
MoveToEx
SetBkMode
TextOutW
CreateRoundRectRgn
DeleteDC
GetTextExtentPoint32W
CreateFontIndirectW
CreateRectRgn
CombineRgn
CreatePen
CreateSolidBrush
SaveDC
RestoreDC
RoundRect
CreateCompatibleDC
CreateCompatibleBitmap
GetTextColor
GetClipBox
GetStockObject

msimg32

GradientFill
AlphaBlend

wininet

InternetOpenW
InternetSetOptionW
InternetQueryOptionW
InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetOpenUrlW
InternetGetConnectedState
HttpAddRequestHeadersW
HttpQueryInfoW
InternetConnectW

iphlpapi

GetAdaptersInfo
DeleteIPAddress
GetIpForwardTable
DeleteIpForwardEntry
GetIpAddrTable

psapi

GetMappedFileNameW
EnumProcessModules
GetModuleFileNameExW

imm32

ImmDisableIME

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAStartup
gethostbyname
WSACleanup

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupIterateCabinetW
SetupCopyOEMInfW
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupFindNextLine
SetupFindNextMatchLineW
SetupGetFieldCount
SetupGetIntField

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immplugin/AntiInstall.dll
.dll windows:5 windows x64 arch:x64

036df225de923fafee13db47557f0189

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:58:c8:a8:b3:e2:a7:02:8b:f4:18:10:38:5f:50:ee:60:98:5a:ad:01:30:2b:fe:07:32:84:83:c6:62:35:b7
Signer

Actual PE Digest

f3:58:c8:a8:b3:e2:a7:02:8b:f4:18:10:38:5f:50:ee:60:98:5a:ad:01:30:2b:fe:07:32:84:83:c6:62:35:b7

Digest Algorithm

sha256

PE Digest Matches

true

da:1e:be:a4:a6:36:10:8d:2d:39:61:b3:82:de:25:1a:db:62:65:1e
Signer

Actual PE Digest

da:1e:be:a4:a6:36:10:8d:2d:39:61:b3:82:de:25:1a:db:62:65:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\123827\out\Release\AntiInstall.pdb

Imports

kernel32

HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
ExitThread
CreateThread
HeapSize
HeapQueryInformation
Sleep
ExitProcess
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FlsSetValue
GetSystemDirectoryW
GetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
GetModuleHandleA
CreateFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
GetStringTypeExW
DeleteFileW
MoveFileW
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryW
LoadLibraryA
lstrcmpW
GetVersionExA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
lstrlenA
lstrcmpA
GetAtomNameW
GlobalGetAtomNameW
CompareStringW
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
CloseHandle
MultiByteToWideChar
CopyFileW
GlobalSize
FormatMessageW
MulDiv
lstrlenW
WideCharToMultiByte
GetCurrentProcessId
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GetLastError
GetSystemTimeAsFileTime
SetLastError

user32

SetTimer
KillTimer
WindowFromPoint
GetDialogBaseUnits
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
GetNextDlgTabItem
EndDialog
DeleteMenu
ShowOwnedPopups
SetCursor
InvalidateRect
SetRectEmpty
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
DestroyIcon
GetDesktopWindow
ClientToScreen
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
SetRect
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
UnpackDDElParam
ReuseDDElParam
LoadMenuW
GetMenuBarInfo
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorW
GetPropW
CreateDialogIndirectParamW
GetLastActivePopup
GetParent
GetWindowLongW
SendMessageW
GetWindowThreadProcessId
RemoveMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
InsertMenuW
AppendMenuW
GetMenuStringW
GetMenuState
UnregisterClassW
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
EndDeferWindowPos

gdi32

ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
SetWindowExtEx
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetBkColor
GetTextMetricsW
SetWindowOrgEx
OffsetWindowOrgEx
GetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
StartDocW
CreatePen
GetDeviceCaps
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
CreateDCW
CopyMetaFileW
GetPixel

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegDeleteValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCreateKeyExW
RegSetValueW
RegCloseKey
RegQueryValueExW

shell32

ExtractIconW
DragFinish
DragQueryFileW
SHGetFileInfoW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathRemoveFileSpecW

ole32

StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitializeEx
CreateBindCtx

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
VariantInit

Exports

Exports

CreateObject

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immplugin/BrowserAdBlocker.dll
.dll windows:5 windows x64 arch:x64

8cf243e17be7c3034bd9b7d391ab8bc8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:d6:05:83:2d:6e:3a:f1:4a:f2:3b:21:74:b9:bd:f8:bb:87:f6:ae:2d:c4:ef:ba:af:ae:f7:0b:af:a0:9a:e8
Signer

Actual PE Digest

eb:d6:05:83:2d:6e:3a:f1:4a:f2:3b:21:74:b9:bd:f8:bb:87:f6:ae:2d:c4:ef:ba:af:ae:f7:0b:af:a0:9a:e8

Digest Algorithm

sha256

PE Digest Matches

true

9c:1c:b8:e9:d9:c1:05:31:12:c8:c7:85:df:7c:73:a3:2f:3c:a3:c3
Signer

Actual PE Digest

9c:1c:b8:e9:d9:c1:05:31:12:c8:c7:85:df:7c:73:a3:2f:3c:a3:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\92184\out\Release\BrowserAdBlocker.pdb

Imports

kernel32

GetPrivateProfileIntW
CreateDirectoryW
GetTickCount
FreeLibrary
TlsFree
TlsGetValue
TlsSetValue
Sleep
CopyFileW
ReleaseMutex
GetLastError
GetCurrentProcess
OpenProcess
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetCurrentProcessId
OpenThread
WaitForSingleObject
CreateProcessW
CreateMutexW
SystemTimeToFileTime
GetTimeZoneInformation
TerminateProcess
ExpandEnvironmentStringsW
SetFilePointer
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryW
CreateEventW
SetEvent
WaitForMultipleObjects
GetSystemTime
GetCurrentThread
SetLastError
GetLocalTime
GetPrivateProfileSectionNamesW
DeleteAtom
FindAtomW
AddAtomW
LocalFree
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTempPathW
WritePrivateProfileStringW
GetPrivateProfileStringW
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetFileAttributesExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLongPathNameW
GetModuleFileNameW
DeleteFileW
GetWindowsDirectoryW
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
FlsAlloc
GetAtomNameW
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree

user32

FindWindowW
GetSystemMetrics
PostMessageW
GetForegroundWindow
IsWindowVisible
GetWindowThreadProcessId
SendMessageTimeoutW
GetWindowRect

advapi32

RegQueryValueExA
OpenThreadToken
LookupPrivilegeValueW
RegEnumKeyExW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

StrStrIW
PathFileExistsW
PathAppendW
StrCmpIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CreateObject

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immplugin/Dllhijack.dll
.dll windows:5 windows x64 arch:x64

503384e2b10582d0334b6a73afaa34c9

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:1a:f2:d3:c5:a0:7f:c1:12:ac:ec:3a:66:7c:6a:5c:39:88:b7:1d
Signer

Actual PE Digest

56:1a:f2:d3:c5:a0:7f:c1:12:ac:ec:3a:66:7c:6a:5c:39:88:b7:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\immplugin\Dllhijack.pdb

Imports

kernel32

SetLastError
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
SetFilePointer
GetTimeZoneInformation
GetPrivateProfileSectionW
MoveFileExW
MoveFileW
TerminateProcess
CreateMutexW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetACP
lstrcmpW
GetModuleFileNameW
GetTempPathW
GetLongPathNameW
ExpandEnvironmentStringsW
GetCommandLineW
GetFileAttributesExW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
DeleteFileW
TlsGetValue
TlsSetValue
CopyFileW
CreateDirectoryW
Sleep
FindNextFileW
GetPrivateProfileIntW
WriteFile
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
ReadProcessMemory
AreFileApisANSI
WideCharToMultiByte
QueryDosDeviceW
GetLogicalDriveStringsW
MulDiv
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
lstrcmpA
lstrlenA
GetThreadLocale
SetThreadPriority
GetCurrentThreadId
SetEvent
CreateEventW
GlobalFlags
GlobalAddAtomW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
SetErrorMode
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
GetCurrentDirectoryW
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
HeapQueryInformation
HeapSize
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringW
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetFilePointerEx
OutputDebugStringW
GetLocalTime
GetSystemTime
GetProcessHeap
AddAtomW
FindAtomW
DeleteAtom
GetDriveTypeW
GetDiskFreeSpaceExW
lstrlenW
GetPrivateProfileStringW
WritePrivateProfileSectionW
WritePrivateProfileStringW
OpenProcess
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToFileTime
GlobalMemoryStatus
ResumeThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
Thread32Next
FindFirstFileW
FindClose
GetTickCount
GetCurrentProcessId
ProcessIdToSessionId
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
CreateMutexA
GetLastError
ReleaseMutex
FreeLibrary
TlsFree
MultiByteToWideChar
CreateFileW
GetFileSize
ReadFile
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetWindowsDirectoryW
LoadLibraryW
GetVersionExW
GetVersion
GetModuleHandleW
GetProcAddress

user32

WinHelpW
SendDlgItemMessageA
LoadIconW
RegisterWindowMessageW
PostQuitMessage
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
InflateRect
GetMenuItemInfoW
DestroyMenu
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
SetCursor
ShowOwnedPopups
DeleteMenu
SetRectEmpty
InvalidateRect
GetDialogBaseUnits
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
SetTimer
KillTimer
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
ScrollWindowEx
MoveWindow
IsChild
IsWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
CharUpperW
DestroyIcon
GetFocus
GetDesktopWindow
ClientToScreen
GetWindow
GetDlgCtrlID
GetClassNameW
PtInRect
SetWindowTextW
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
WaitForInputIdle
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW
SetWindowPos
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
GetWindowRect
SendMessageTimeoutW
FindWindowW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
ShowWindow
CharLowerBuffW
EnumThreadWindows
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClientRect
PostMessageW
SetWindowLongW
CreateWindowExW
ReleaseDC

advapi32

RegQueryValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueW
RegEnumKeyExW
RegQueryValueExA
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyW

shell32

SHGetFileInfoW
DragFinish
DragQueryFileW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW
ExtractIconW

ole32

ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
CoTaskMemAlloc
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
OleRegGetUserType
CoInitializeEx

oleaut32

SysStringLen
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SysAllocString
SysFreeString
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
VariantInit

shlwapi

SHGetValueW
PathAppendW
StrStrIW
SHSetValueW
StrCmpNW
SHDeleteValueW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
SHDeleteKeyW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
StrCmpNIW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

gdi32

CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsW
GetDeviceCaps
CreateSolidBrush
GetBkColor
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
TextOutW
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
CopyMetaFileW
CreateDCW
DeleteObject
CreateBitmap
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectW
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
ExtTextOutW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

comdlg32

GetFileTitleW

Exports

Exports

CreateObject

Sections

.text
Size: 726KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immplugin/OfficeMacro.dll
.dll windows:5 windows x64 arch:x64

59d62dfb4ad22492510b72c24fc88117

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:f2:de:7a:e7:f9:6d:ec:12:ad:71:e3:f6:bf:90:a4:3a:82:8b:7b
Signer

Actual PE Digest

84:f2:de:7a:e7:f9:6d:ec:12:ad:71:e3:f6:bf:90:a4:3a:82:8b:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\immplugin\OfficeMacro.pdb

Imports

kernel32

SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
DuplicateHandle
GetFileType
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
GetTimeZoneInformation
MoveFileExW
MoveFileW
TerminateProcess
CreateMutexW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetACP
lstrcmpW
GetTempPathW
GetLongPathNameW
ExpandEnvironmentStringsW
GetCommandLineW
GetFileAttributesExW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
DeleteFileW
TlsGetValue
TlsSetValue
CopyFileW
CreateDirectoryW
Sleep
WriteFile
Module32FirstW
Module32NextW
ReadProcessMemory
AreFileApisANSI
WideCharToMultiByte
QueryDosDeviceW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
lstrlenW
GetPrivateProfileStringW
WritePrivateProfileSectionW
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToFileTime
GlobalMemoryStatus
ResumeThread
SetLastError
MulDiv
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
LocalAlloc
TlsAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetThreadPriority
GetCurrentThreadId
SetEvent
CreateEventW
SetErrorMode
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
lstrcmpA
lstrlenA
GetThreadLocale
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GlobalFlags
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileSizeEx
GetFileTime
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
HeapSize
HeapQueryInformation
ExitProcess
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetFilePointerEx
OutputDebugStringW
GetLocalTime
GetSystemTime
GetProcessHeap
AddAtomW
FindAtomW
DeleteAtom
Thread32First
OpenThread
SuspendThread
Thread32Next
GetTickCount
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
FreeLibrary
TlsFree
MultiByteToWideChar
LoadLibraryW
FindFirstFileW
FindNextFileW
FindClose
GetPrivateProfileSectionW
CreateToolhelp32Snapshot
Process32FirstW
GetWindowsDirectoryW
Process32NextW
OpenProcess
GetCurrentProcessId
ProcessIdToSessionId
GetVersionExW
GetVersion
GetModuleHandleW
GetProcAddress
CreateMutexA
GetLastError
ReleaseMutex
GetFileSize
CreateFileW
ReadFile
SetFilePointer
CloseHandle
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

ScrollWindowEx
ClientToScreen
GetDesktopWindow
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
DestroyIcon
CharUpperW
InflateRect
GetMenuItemInfoW
DestroyMenu
PostQuitMessage
SetRectEmpty
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
SetTimer
KillTimer
GetDialogBaseUnits
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
MoveWindow
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
WaitForInputIdle
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW
SetWindowPos
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
GetWindowRect
SendMessageTimeoutW
FindWindowW
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
LoadIconW
ShowWindow
CharLowerBuffW
EnumThreadWindows
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
DeferWindowPos
GetTopWindow
DispatchMessageW

advapi32

FreeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
OpenProcessToken
DuplicateTokenEx
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EqualSid
IsValidSid
AllocateAndInitializeSid
GetTokenInformation
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExW
RegQueryValueExA
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyW
RegSetValueW

shell32

SHGetFileInfoW
DragFinish
DragQueryFileW
SHGetFolderPathW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW
ExtractIconW

ole32

ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
CoTaskMemAlloc
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
OleRegGetUserType
CoInitializeEx

oleaut32

SysStringLen
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SysAllocString
SysFreeString
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
VariantInit

shlwapi

StrStrIW
PathCombineW
PathFileExistsW
StrCmpNW
SHGetValueW
PathAppendW
PathAddBackslashW
StrCmpNIW
SHDeleteKeyW
SHDeleteValueW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
SHSetValueW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

gdi32

CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CreateHatchBrush
GetMapMode
PatBlt
ExtCreatePen
GetCharWidthW
CreateFontW
CombineRgn
CreateSolidBrush
StretchDIBits
CreateCompatibleBitmap
GetBkColor
GetTextMetricsW
DPtoLP
CreatePen
PlayMetaFile
EnumMetaFile
TextOutW
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
RectVisible
CreateCompatibleDC
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
CopyMetaFileW
CreateDCW
CreateBitmap
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectW
DeleteObject
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
PtVisible
GetDeviceCaps
ExtTextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW

Exports

Exports

CreateObject

Sections

.text
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immplugin/ProcTip.dll
.dll windows:5 windows x64 arch:x64

a96c67bdb7b3ae694048f3eb4813f0f0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:41:b8:bb:be:5c:09:41:9f:c9:bd:a7:64:d4:15:9f:d6:ec:d0:07
Signer

Actual PE Digest

91:41:b8:bb:be:5c:09:41:9f:c9:bd:a7:64:d4:15:9f:d6:ec:d0:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\immplugin\ProcTip.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetProcAddress
GetModuleHandleW
DeviceIoControl
GetVersion
GetVersionExW
TlsFree
FreeLibrary
ReleaseMutex
CreateMutexA
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
ProcessIdToSessionId
GetCurrentProcessId
GetTickCount
FindClose
FindFirstFileW
Thread32Next
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
ResumeThread
GlobalMemoryStatus
SystemTimeToFileTime
FileTimeToSystemTime
SetEnvironmentVariableW
OpenProcess
WritePrivateProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileStringW
lstrlenW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
WriteFile
GetPrivateProfileIntW
FindNextFileW
QueryDosDeviceW
WideCharToMultiByte
AreFileApisANSI
ReadProcessMemory
Sleep
CreateDirectoryW
CopyFileW
TlsSetValue
TlsGetValue
DeleteFileW
CreateProcessW
GetExitCodeProcess
GetFileAttributesExW
GetCommandLineW
ExpandEnvironmentStringsW
GetLongPathNameW
GetTempPathW
lstrcmpW
GetACP
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateMutexW
TerminateProcess
MoveFileW
MoveFileExW
GetPrivateProfileSectionW
GetTimeZoneInformation
SetEndOfFile
SetFilePointer
GetFileSizeEx
SetLastError
GetCurrentThread
DeleteAtom
LoadLibraryW
AddAtomW
GetAtomNameW
GetSystemTime
LocalFree
GetLocalTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
GetWindowsDirectoryW
OpenMutexW
CreateFileW
GetFileSize
ReadFile
GetModuleFileNameW
CloseHandle
WaitForSingleObject
GetCurrentThreadId
SetEvent
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FatalAppExitA
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
FlsAlloc
FlsFree
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetCPInfo
FindAtomW
CreateEventW
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
ExitThread
CreateThread
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
LCMapStringA
LCMapStringW

user32

FindWindowW
GetWindow
PostMessageW
SetWindowPos
GetWindowTextW
AttachThreadInput
ShowWindow
GetWindowThreadProcessId
GetForegroundWindow
EnumThreadWindows
CharLowerBuffW
GetWindowRect
BringWindowToTop
SwitchToThisWindow
GetSystemMetrics
WindowFromPoint
WaitForInputIdle
IsWindow
SendMessageTimeoutW
MessageBoxExW
SetForegroundWindow
SystemParametersInfoW

advapi32

RegCreateKeyExW
RegQueryValueExA
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
OpenThreadToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegDeleteValueW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
SHChangeNotify

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString

shlwapi

SHSetValueW
SHGetValueW
PathAppendW
StrStrIW
PathFileExistsW
StrStrW
StrCmpIW
StrCmpNW
SHDeleteValueW
SHDeleteKeyW
PathRemoveFileSpecW
PathAddBackslashW
StrCmpNIW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

Exports

Exports

CreateObject

Sections

.text
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pluginmgr.dll
.dll windows:5 windows x64 arch:x64

ccf6c9c87dee7e4cf2357d7b72fe66f6

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:e9:be:11:58:fc:94:5c:1f:55:7d:c2:93:af:2a:95:52:c5:1f:64
Signer

Actual PE Digest

88:e9:be:11:58:fc:94:5c:1f:55:7d:c2:93:af:2a:95:52:c5:1f:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\pluginmgr.pdb

Imports

kernel32

GetModuleHandleW
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
ReadFile
GetFileSize
CreateFileW
DeviceIoControl
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
WriteFile
WaitForMultipleObjects
QueryPerformanceCounter
SetNamedPipeHandleState
GetLastError
CreateFileA
GetModuleFileNameW
SetEvent
ReleaseSemaphore
SetThreadPriority
ReadFileEx
OutputDebugStringA
Sleep
WaitForSingleObjectEx
CreateEventW
CreateSemaphoreW
ResetEvent
ConnectNamedPipe
CreateNamedPipeA
GetOverlappedResult
DisconnectNamedPipe
ResumeThread
SuspendThread
WaitForSingleObject
TerminateThread
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
TlsFree
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
GetProcAddress
GetExitCodeThread
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlPcToFileHeader
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsSetValue
GetCommandLineA
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
GetTickCount
GetSystemTimeAsFileTime
FatalAppExitA
SetConsoleCtrlHandler
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
GetLocalTime
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
TlsSetValue
FreeLibrary

advapi32

RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExW
RegCloseKey

oleaut32

SysFreeString

shlwapi

PathFileExistsW
PathIsDirectoryW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

Exports

Exports

?StartListen2@Communicator@@YAPEAXPEBD@Z
?StartListen3@Communicator@@YAPEAXPEBDI@Z
?StartListen@Communicator@@YAHPEBD@Z
?StopListen2@Communicator@@YAXPEAX@Z
?StopListen@Communicator@@YAHXZ
CreateObject

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
savapi/AVPack.dll
.dll windows:4 windows x64 arch:x64

defcbb883bb44230e7c608b83cd5166c

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:dd:fd:db:fc:e0:1d:ae:aa:2b:7b:d9:73:41:50:b9:2b:41:e1:55
Signer

Actual PE Digest

18:dd:fd:db:fc:e0:1d:ae:aa:2b:7b:d9:73:41:50:b9:2b:41:e1:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetLastError
CreateDirectoryW
DeleteFileW
MoveFileA
MoveFileW
GetFileAttributesW
HeapAlloc
HeapFree
GetProcAddress
GetModuleHandleA
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
LCMapStringA
LCMapStringW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
LoadLibraryA
InitializeCriticalSection
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
CreateFileW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapSize
HeapReAlloc
SetEndOfFile
CreateDirectoryA
DeleteFileA
GetFileAttributesA

Exports

Exports

AVPackInit
AVPackUninit
ArchiveAddElementToUseList
ArchiveCloseW
ArchiveDoneUseList
ArchiveExtractFileW
ArchiveFindFirst
ArchiveFindNext
ArchiveGetErrorMessageW
ArchiveGetExpSize
ArchiveGetFileCount
ArchiveGetFileInfo
ArchiveGetSize
ArchiveGetSupportedList
ArchiveGetTypeW
ArchiveGetVersionInfo
ArchiveOpenW

Sections

.text
Size: 699KB - Virtual size: 699KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scanstg.dll
.dll windows:5 windows x64 arch:x64

4026bb2f4d0a7f35fceca827ffc7587b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:80:8e:15:8b:13:fc:aa:cb:89:f1:b3:04:9e:af:58:bd:c2:fc:2c
Signer

Actual PE Digest

91:80:8e:15:8b:13:fc:aa:cb:89:f1:b3:04:9e:af:58:bd:c2:fc:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x64\scanstg.pdb

Imports

kernel32

GetLastError
CloseHandle
CreateFileW
ReadFile
WriteFile
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
CreateDirectoryW
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
CompareStringW
CompareStringA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WideCharToMultiByte
Sleep
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleW
GetProcAddress
ExitProcess
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA
SetEnvironmentVariableA

Exports

Exports

CreateObject

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sites64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

954f92f42d48a3802f6784c30df5522b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a8:0c:80:4e:66:a7:70:98:2a:b3:2e:32:4e:30:22:c7:41:bd:15:ef
Signer

Actual PE Digest

a8:0c:80:4e:66:a7:70:98:2a:b3:2e:32:4e:30:22:c7:41:bd:15:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\build\sites\Release\sites64.pdb

Imports

gdiplus

GdipCreateSolidFill
GdipGetImageWidth
GdipCreatePen1
GdipCreateFromHDC
GdipDeletePen
GdipDeleteGraphics
GdipCreateLineBrushFromRect
GdipGetImageHeight
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipFillPath
GdipSetPixelOffsetMode
GdipCreateBitmapFromHBITMAP
GdipDrawImagePointsI
GdipReleaseDC
GdipGetDC
GdipCreateFontFromLogfontW
GdipMeasureString
GdipCreateRegionRectI
GdipFillRegion
GdipCombineRegionPath
GdipDeleteRegion
GdipSetLineWrapMode
GdipGetPixelOffsetMode
GdipDrawLineI
GdipAddPathLine2I
GdipSetPenColor
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetLineBlend
GdipRestoreGraphics
GdipSaveGraphics
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipSetPathGradientFocusScales
GdipCreatePen2
GdipCloneImage
GdipResetClip
GdipSetClipPath
GdipDrawImagePointRectI
GdipCreateHBITMAPFromBitmap
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipCreateLineBrushFromRectWithAngleI
GdipSetImageAttributesGamma
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipDisposeImage
GdipGetPathWorldBounds
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipSetLinePresetBlend
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdipDrawPath
GdipDeletePath
GdipCreatePath
GdipFillPolygonI
GdipCloneBrush
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillEllipseI
GdipFillRectangleI
GdipDrawEllipseI
GdipDrawRectangleI

imm32

ImmDisableIME
ImmReleaseContext

kernel32

UnhandledExceptionFilter
TerminateProcess
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
SetUnhandledExceptionFilter
CreateMutexW
GetSystemTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
HeapAlloc
IsDebuggerPresent
TlsGetValue
RtlVirtualUnwind
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleFileNameW
lstrlenA
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
MulDiv
LoadLibraryW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
GetCurrentProcessId
GetLongPathNameW
FindNextFileW
FindClose
GetVersionExW
GetFullPathNameW
FindFirstFileW
GetCurrentDirectoryW
GlobalFree
GlobalAlloc
CloseHandle
ReadFile
RtlCaptureContext
CreateFileW
GlobalUnlock
GlobalLock
FreeResource
LockResource
WideCharToMultiByte
GetTickCount
DeviceIoControl
SetThreadLocale
GetThreadLocale
WriteFile
TerminateThread
WaitForSingleObject
Sleep
FlushFileBuffers
LocalFree
GetFileTime
HeapFree
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
GetFileSizeEx
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
HeapDestroy
HeapCreate
HeapSetInformation
GetModuleFileNameA
ExitProcess
VirtualProtect
GetStdHandle
HeapReAlloc
GetStringTypeW
GetSystemInfo
VirtualQuery
InterlockedPushEntrySList
LCMapStringW
LCMapStringA
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
GetCPInfo

user32

wsprintfW
GetCursor
SendNotifyMessageW
GetDesktopWindow
SendMessageTimeoutW
SetWindowTextW
GetWindowTextW
EnumChildWindows
PrintWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
EnableWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
OpenClipboard
GetClipboardData
CloseClipboard
ScrollWindowEx
SetCaretPos
ShowCaret
HideCaret
CreateCaret
EnableScrollBar
GetDCEx
DestroyCursor
FrameRect
UpdateLayeredWindow
SetWindowRgn
RegisterWindowMessageW
UnionRect
IsIconic
GetSysColor
GetSystemMetrics
GetAsyncKeyState
RegisterClipboardFormatW
GetClassNameW
GetClassInfoW
GetKeyState
ReleaseCapture
CharUpperW
DrawFocusRect
FillRect
DrawIconEx
SystemParametersInfoW
FindWindowW
OffsetRect
SetRectEmpty
GetParent
GetWindowRgn
GetWindow
SetCapture
KillTimer
SetTimer
RedrawWindow
GetClientRect
MoveWindow
IsZoomed
PostMessageW
SendMessageW
GetFocus
SetLayeredWindowAttributes
EndPaint
BeginPaint
UpdateWindow
InvalidateRect
IntersectRect
EqualRect
SetWindowsHookExW
WindowFromPoint
GetCapture
GetWindowThreadProcessId
CallNextHookEx
RegisterClassExW
CreateWindowExW
SetFocus
GetClassInfoExW
GetWindowLongW
SetWindowLongW
IsWindowVisible
ShowWindow
ClientToScreen
GetWindowRect
SetWindowPos
DestroyWindow
GetActiveWindow
MessageBoxW
LoadCursorW
GetCursorPos
ScreenToClient
SetCursor
InflateRect
CopyRect
PtInRect
IsRectEmpty
IsWindow
DrawTextW
GetDC
ReleaseDC
CharLowerW
GetWindowLongPtrW
DefWindowProcW
SetWindowLongPtrW
CallWindowProcW
LoadStringW
SetRect
CharNextW
UnregisterClassA
UnhookWindowsHookEx

gdi32

BitBlt
CreateCompatibleBitmap
CreateRectRgn
GetRgnBox
SetWindowOrgEx
FrameRgn
Rectangle
CreateSolidBrush
GetStockObject
Polygon
CreateDIBSection
SelectClipRgn
OffsetClipRgn
CreateRectRgnIndirect
GetClipBox
ExtTextOutW
CreateFontW
EnumFontFamiliesW
CombineRgn
PatBlt
SetViewportOrgEx
CreatePatternBrush
CreateBitmap
CreateFontIndirectW
GetTextMetricsW
GetDIBits
GetCurrentObject
SetDIBits
GetTextExtentPoint32W
LineTo
MoveToEx
CreatePen
SetTextColor
SetBkMode
GetObjectW
GetDeviceCaps
DeleteDC
SelectObject
SetRectRgn
SetBkColor
CreateCompatibleDC
GetObjectA
DeleteObject

advapi32

RegQueryValueExW
RegQueryValueExA
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
ReleaseStgMedium
CoCreateInstance
CreateStreamOnHGlobal
IIDFromString
CLSIDFromString
RevokeDragDrop
DoDragDrop
OleDuplicateData
RegisterDragDrop
OleInitialize

oleaut32

SafeArrayCopy
VariantCopy
VarBstrCmp
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
SysFreeString
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
VariantChangeType
DispCallFunc
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate

shlwapi

StrToIntW
PathRelativePathToW
PathIsDirectoryW
SHGetValueW
StrStrIW
StrCmpIW
ColorRGBToHLS
PathRemoveBackslashW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathCombineW
PathIsRelativeW
PathFindFileNameW
ColorHLSToRGB

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeGetDevCaps

Exports

Exports

CreateMemoryFile
CreateShadowEdgeInstance
CreateXMLDOMDocument
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetFileDataFromStorage
GetFileLengthFromStorage
IsDesignerMode
SetDefaultResourceInfo
SetDesignerMode
SmartDisableIME

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools.dat
unrar.dll
.dll windows:5 windows x64 arch:x64

ca9cf21b4d31be6323dfa21b81f017d1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:65:f7:9e:66:92:82:9d:0a:e6:8c:da:1c:6e:9e:f5:53:bf:ce:88
Signer

Actual PE Digest

38:65:f7:9e:66:92:82:9d:0a:e6:8c:da:1c:6e:9e:f5:53:bf:ce:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

P:\intermoutput\u\unrar.dll\Release\unrar64.pdb

Imports

kernel32

SetFileTime
DeleteFileW
RemoveDirectoryW
DeviceIoControl
CreateDirectoryW
CreateFileW
MoveFileW
GetShortPathNameW
GetLongPathNameW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
FlushFileBuffers
GetFileAttributesW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
SetThreadPriority
CreateHardLinkW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
CreateFileA
GetCurrentProcess
CloseHandle
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetStdHandle
GetFileType
GetConsoleMode
GetStringTypeW
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
RaiseException
RtlPcToFileHeader
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
SetStdHandle
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetStringTypeA

user32

CharUpperW
CharLowerW
CharToOemBuffW
CharToOemA
OemToCharBuffA
OemToCharA

advapi32

SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed7fe213330d9e74bc70e81c5f5ed767

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

6b:40:b1:88:14:d5:1f:bf:93:aa:31:bf:38:cb:6d:f4:66:15:b4:27:e0:02:00:c1:7b:31:fd:13:d9:cb:1e:6bSigner

a8:8b:ae:9f:c1:8f:85:16:a6:a4:cc:e5:07:8f:0e:10:0d:33:0f:5fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

fltlib

shlwapi

ws2_32

iphlpapi

version

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 1024B - Virtual size: 45KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 512B - Virtual size: 36B

5b0a006a439beeb5f8d3c4bf7ff30e10

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

fltmgr.sys

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 12KB

.pdata Size: 1KB - Virtual size: 1KB

PAGE Size: 512B - Virtual size: 11B

INIT Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 512B - Virtual size: 396B

313213d252614730c105772a24a43049

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

6b:40:b1:88:14:d5:1f:bf:93:aa:31:bf:38:cb:6d:f4:66:15:b4:27:e0:02:00:c1:7b:31:fd:13:d9:cb:1e:6b
Signer

a8:8b:ae:9f:c1:8f:85:16:a6:a4:cc:e5:07:8f:0e:10:0d:33:0f:5f
Signer

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 1024B - Virtual size: 45KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 12KB

.pdata
Size: 1KB - Virtual size: 1KB

PAGE
Size: 512B - Virtual size: 11B

INIT
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 396B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

ff:1b:6d:bb:0c:3d:e1:ab:7c:1e:5f:b9:0c:00:91:34:20:b9:b1:b6:fa:0a:d6:e9:fb:fa:6c:36:33:92:aa:d5
Signer

98:b7:55:ff:e3:b9:1d:6a:76:0d:ed:67:37:23:55:5f:6c:34:e7:da
Signer

.text
Size: 716KB - Virtual size: 715KB

.rdata
Size: 258KB - Virtual size: 258KB

.data
Size: 80KB - Virtual size: 98KB

.pdata
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3d:7c:c1:09:ab:39:e9:51:a8:8e:d6:cb:dc:d1:88:c8:c7:dc:49:4d
Signer