0dbb38c7f8145f76365385a9faf1d3a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dbb38c7f8145f76365385a9faf1d3a4_JaffaCakes118
Size

6.0MB
MD5

0dbb38c7f8145f76365385a9faf1d3a4
SHA1

8a3553e5cbeb08afaa8ce0794fec2cdeead70f31
SHA256

abfca6441f5efc9310a8e60eacb846247537374f42e1feb9c137b62954e39759
SHA512

536ddc951e22c8d1be4d6e0160205d356d79178764534b47814115fa15d17f0117e055d0688a72cadd766cdb9e1121d19e275ccbc2136b0073ae2cbcf63f14a2
SSDEEP

98304:p/qr5ExYJijNz/ZczJeWrpX4yYUGq4FKRXNQmZc6+/3s5/wtsxMslRV:p/qNEP5z/ZczJdI29EKRXN/eX/3m/wtI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

Files

0dbb38c7f8145f76365385a9faf1d3a4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:bc:d7:58:1f:ef:26:59:2e:ab:58:46:eb:58:8f:d1:48:8a:3d:b6
Signer

Actual PE Digest

44:bc:d7:58:1f:ef:26:59:2e:ab:58:46:eb:58:8f:d1:48:8a:3d:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupHelper.dll
.dll windows:4 windows x86 arch:x86

d9997cc22607493388b309294c30bacc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22
Signer

Actual PE Digest

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\jenkins\workspace\CEN_MainLine_Build\qqpcmgr_proj\Source\Setup\SetupScript\plugin\SetupHelper.pdb

Imports

kernel32

InterlockedIncrement
GlobalGetAtomNameW
GetAtomNameW
GetThreadLocale
SystemTimeToFileTime
GlobalFlags
GetPrivateProfileStringW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileTime
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetDriveTypeW
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
TlsFree
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
GetModuleFileNameA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
SetStdHandle
GetConsoleCP
GetConsoleMode
CreateFileA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
GetFullPathNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
InterlockedCompareExchange
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetStdHandle
CreatePipe
DuplicateHandle
DebugBreak
MoveFileW
GetBinaryTypeW
IsDBCSLeadByte
GetCPInfo
GetLocalTime
WritePrivateProfileStringW
GetDiskFreeSpaceExW
GetProcessHeap
HeapAlloc
HeapFree
GetPrivateProfileIntW
InterlockedDecrement
ReadFile
SetFilePointer
GetTempPathW
GetFileSize
SetLastError
LocalAlloc
DeviceIoControl
GetCurrentProcessId
QueryDosDeviceW
Module32FirstW
Module32NextW
TerminateProcess
GetUserDefaultUILanguage
GetLocaleInfoW
CreateEventW
SetEvent
ExpandEnvironmentStringsW
GetCurrentDirectoryW
IsBadReadPtr
IsBadWritePtr
GetSystemDefaultLangID
GetVersion
MultiByteToWideChar
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetFileAttributesA
CreateFileW
WriteFile
FormatMessageW
FormatMessageA
lstrlenA
OutputDebugStringA
LocalFree
ReleaseMutex
CreateMutexW
GetModuleFileNameW
GetSystemInfo
LoadLibraryW
FreeLibrary
SetErrorMode
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GlobalAlloc
lstrcpynW
GlobalFree
GetWindowsDirectoryW
OutputDebugStringW
GetSystemDirectoryW
GetLastError
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CopyFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose
GetTickCount
GetVersionExW
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
lstrlenW
VirtualFreeEx
GetTempPathA
Sleep
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
FindResourceW
LoadResource
LockResource
SizeofResource
IsValidCodePage
WideCharToMultiByte

user32

FillRect
ScrollWindowEx
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SendMessageTimeoutW
InvalidateRect
UnregisterClassA
SendMessageW
GetClientRect
FindWindowExW
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
TabbedTextOutW
DestroyIcon
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetDlgCtrlID
GetWindowLongW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
LoadBitmapW
LoadIconW
CharNextW
CharPrevW
GetCursorPos
LoadCursorW
SetCursor
GetDesktopWindow
ReleaseDC
GetDC
PtInRect
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
PostQuitMessage
CheckMenuItem
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
GetKeyNameTextW
MapVirtualKeyW
InflateRect
UnregisterClassW
GetSysColorBrush
GetMenuItemInfoW
DestroyMenu
GetDialogBaseUnits
GetKeyState
DeleteMenu
FindWindowW
GetParent
CharUpperW
SetScrollRange
ScreenToClient
ClientToScreen
GetWindowThreadProcessId
GetWindowTextW
EndPaint
BeginPaint
CallWindowProcW
SetWindowLongW
GetWindowRect
SetFocus
KillTimer
ShowWindow
IsWindowVisible
SetTimer
MoveWindow
OffsetRect
IsWindow
SetWindowTextW
IsWindowEnabled
UpdateWindow
CreateWindowExW
GetDlgItem
LoadImageW
RegisterWindowMessageW
MessageBoxW
LoadStringW
SystemParametersInfoW
SetWindowPos
GetSystemMenu
EnableMenuItem
RedrawWindow
GetDlgItemTextW
EndDialog
DefWindowProcW
PostMessageW
GetClassNameW
EnableWindow
GetWindow
FindWindowA
BeginDeferWindowPos

gdi32

GetTextMetricsW
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
PatBlt
GetWindowExtEx
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
StartDocW
SetROP2
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
DeleteObject
TextOutW
GetTextExtentPoint32W
SetBkMode
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetTextColor
BitBlt
GetDeviceCaps
CopyMetaFileW
CreateDCW
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetPolyFillMode
GetPixel

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
RegRestoreKeyW
RegEnumKeyExW
LookupAccountNameW
GetFileSecurityW
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
GetAclInformation
GetAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorControl
SetFileSecurityW
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
QueryServiceConfigW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegQueryInfoKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ChangeServiceConfigW
ChangeServiceConfig2W
DeleteService
ControlService
QueryServiceStatus
CreateServiceW
RegDeleteValueW
RegOpenKeyW
OpenSCManagerW
OpenServiceW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
CloseServiceHandle
StartServiceW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
ExtractIconW
SHGetFileInfoW
SHFileOperationW

shlwapi

PathFileExistsW
SHDeleteKeyW
PathIsDirectoryW
SHSetValueW
PathAppendW
PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
StgCreateDocfile
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
CoCreateGuid
CreateBindCtx
ReleaseStgMedium
SetConvertStg
StringFromCLSID
CoTreatAsClass
StgOpenStorage
StgIsStorageFile
CoInitialize
CoFreeUnusedLibrariesEx
ReadClassStg
CoTaskMemFree
CoCreateInstance
CoUninitialize
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc
WriteFmtUserTypeStg

oleaut32

VariantInit
VariantChangeType
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
VariantClear
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
SysStringLen
SysAllocString
SysFreeString
SafeArrayGetElement
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ws2_32

WSCDeinstallProvider
WSCEnumProtocols
htonl
htons

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
EnumProcessModules

imagehlp

UnMapAndLoad
MapAndLoad

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

Exports

Exports

AddToAllowList
ApiInstallFileMonDriver
ApiUninstallFileMonDriver
BackUpSetupPackage
CallOutTrayIcon
CallRegEnvironmentVar
CallRegUrlProtocol
CallRegUrlProtocol2
CallUnRegEnvironmentVar
CallUnRegUrlProtocol
CallUnShortCut
Check360
CheckAV
CheckCRunTime
CheckForQQSoftUninstall
CheckForSetup
CheckForUninstall
CheckInstallPath
CheckQQPCRtpNeedReboot
CleanTempFolder
CloseProcess
CreateBitmapCtrl
CreateShortCutInfo
DelService
DeleteCacheFolder
DeleteFileRecursively
DeleteRebootCopy
DeployFile
DisableFileRedirect
ExecuteShell
ExecuteShellNoWait
ExtendCommand
FinalizeReport
FindExistedRTP
GetFunctionRunTime
GetIntVersionFromString
GetMessageHandler
GetParentProcessName
GetQQReleatedPath
GetQQSoftInstallDir
GetShortCutInfo
GetSystemDriversPath
HookInstallButton
InitPenetration
InitializeReport
IsAcLayers
IsAdmin
IsChildProtectionRun
IsCompare
IsMainWndRun
IsNeedUpdate
IsPinQQPCMgrToStartMenu
IsPinUnsoftToStartMenu
IsQQDoctorExist
IsQQPCTrayExists
IsQQSoftExist
IsVista
IsWin7
IsWinXp
IsWindows64
IsWndEnable
IsWow64
LoadDriver
LoadQMDriver
LoadTSFltmgr
NotifyAction
NotifyProgress
NotifySetupStatus
OutputError
OutputInfo
ParseCmdLine
ParseUninstallCmdLine
PinQQPCMgrToStartMenu
PinUnsoftToStartMenu
PrepareConfig
ReadLastInstallTime
ReadLastUnInstallTime
RecoverCommand
RecoverProxy
RegisterSecurityCenterHelper
ReleaseRtpOptDlg
RemoveArpDriver
RemoveFromAllowList
RemoveQQPCMgrFromStartMenu
RemoveUnSoftFromStartMenu
RepairQQPCRtp
ReportInstallInfo
ReportUninstallInfo
RevertFileRedirect
SaveRtpState
SetExclusive
SetFunctionRunStartTime
SetInstallPath
SetInstallStartTime
SetInstallTime
SetRowSpace
SetSystemAccessControl
SetText
SetUnInstallPath
SetUnistallPara
ShowLoadDriverErrorDlg
ShowRtpOptDlg
UnHookInstallButton
UninitPenetration
UninstallLSP
UninstallQQDoctor
UninstallQQSoft
UpdateFIXService
UpdateProtectState
UpdateRTPService
UpdateRtpState
UpdateSetupInfo
UpdateTrayIcon
WaitBugReportExit
WaitForFixShutdown
WaitForProcessEndByName
WaitForRtpShutdown
WaitForUninstExit
WaitUninstallComplete
WriteLog
WriteTimer
free_instfilespage_bitmap
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer

Sections

.text
Size: 872KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWechatBackup/Plugins/WechatBackup/AndroidAssistHelper.dll
.dll windows:5 windows x86 arch:x86

a1fe0776271ee9dd31c5c9c658559244

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:59:d5:79:26:d7:50:73:4f:fb:40:26:a9:a1:dd:c0:20:dd:33:02
Signer

Actual PE Digest

20:59:d5:79:26:d7:50:73:4f:fb:40:26:a9:a1:dd:c0:20:dd:33:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\rdm\projects\4331\ConnectServiceSrc\Output\Pdb\AndroidAssistHelper.pdb

Imports

rpcrt4

RpcStringFreeA
UuidToStringA
UuidToStringW
UuidCreateSequential
RpcStringFreeW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetProcAddress
GetModuleHandleW
GetLastError
WriteFile
SetFilePointer
FlushFileBuffers
GetFileSize
DeleteFileW
MoveFileW
OpenFileMappingW
UnmapViewOfFile
WaitForSingleObject
CreateEventW
SetEvent
TlsGetValue
GetCurrentThreadId
WideCharToMultiByte
TlsSetValue
GetCurrentProcessId
TlsAlloc
TlsFree
InitializeCriticalSectionAndSpinCount
CreateMutexW
OpenMutexW
FindFirstFileW
FindNextFileW
FindClose
MapViewOfFile
GetVolumeInformationW
MultiByteToWideChar
lstrlenA
lstrlenW
ReadFile
ResumeThread
GetExitCodeThread
GetTempPathW
GetLongPathNameW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetTickCount
WaitForMultipleObjects
ReleaseMutex
LocalAlloc
LocalFree
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
IsBadReadPtr
SetFileAttributesW
RemoveDirectoryW
CopyFileW
DeviceIoControl
RaiseException
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GetStdHandle
CreatePipe
DuplicateHandle
GetCurrentProcess
CreateProcessW
GetWindowsDirectoryW
InterlockedIncrement
CreateFileW
GetCurrentThread
ResetEvent
InterlockedExchange
Sleep
SystemTimeToFileTime
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
SetLastError
HeapDestroy
HeapSize
SetEnvironmentVariableA
GetDriveTypeW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
FindResourceExW
FindResourceW
EncodePointer
LoadResource
LockResource
SizeofResource
GetLocalTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedCompareExchange
OutputDebugStringW
DecodePointer
GetStartupInfoW
SetHandleCount
CompareStringW
GetTimeZoneInformation
LCMapStringW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetSystemTimeAsFileTime
GetFileType
GetCommandLineA
ExitThread
CreateThread
GetDriveTypeA
FindFirstFileExA
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement

user32

PeekMessageW
PostQuitMessage
TranslateMessage
SetTimer
IsWindow
PostMessageW
CreateWindowExW
SetWindowLongW
GetMessageW
DestroyWindow
GetWindowLongW
DispatchMessageW
CallWindowProcW

advapi32

FreeSid
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
GetUserNameW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
RegSetValueExW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegCloseKey

ole32

CoFreeLibrary
CoTaskMemFree
CreateStreamOnHGlobal
CoLoadLibrary

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW

shlwapi

PathIsDirectoryW
PathAppendW
PathFindFileNameW
PathFileExistsW
wnsprintfW
PathRemoveFileSpecW

ws2_32

setsockopt
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
htonl
ntohl
ntohs
htons
getsockopt
send
closesocket
WSASetLastError
__WSAFDIsSet
freeaddrinfo
socket
bind
recv
WSACleanup
getpeername
ioctlsocket
connect

netapi32

Netbios

imagehlp

MapAndLoad
UnMapAndLoad

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpOpen
WinHttpConnect
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpAddRequestHeaders

Exports

Exports

CreateAndroidAssist
CreateAndroidAssistAsync
CreateAndroidAssistAsyncEx
GetRunningAndroidServerVersion
InstallAndroidAssist
InstallAndroidAssistAsync
RepairAndroidAssist
StopAndroidAssistCreate
StopAndroidAssistInstall

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWechatBackup/Plugins/WechatBackup/ConnectService.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e3:66:61:09:d1:1b:a0:5b:ff:63:01:2b:f0:46:d7:95:59:bf:b7
Signer

Actual PE Digest

5c:e3:66:61:09:d1:1b:a0:5b:ff:63:01:2b:f0:46:d7:95:59:bf:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWechatBackup/Plugins/WechatBackup/PluginInfo.xml
CacheWechatBackup/Plugins/WechatBackup/WechatBackup.dat
CacheWechatBackup/Plugins/WechatBackup/WechatBackup.exe
.exe windows:4 windows x86 arch:x86

1d1c3301f65dea3f2ff328d0c37359db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bc:ad:8a:4f:86:2e:2a:e0:50:51:a1:0a:e9:80:f5:82:ae:7f:9b:8c
Signer

Actual PE Digest

bc:ad:8a:4f:86:2e:2a:e0:50:51:a1:0a:e9:80:f5:82:ae:7f:9b:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\11.2Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\WechatBackup.pdb

Imports

ximage

?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?GetWidth@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?Save@CxImage@@QAE_NPB_WK@Z
?Mix@CxImage@@QAEXAAV1@W4ImageOpType@1@JJ_N@Z
?Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z
?Load@CxImage@@QAE_NPB_WK@Z
??0CxImage@@QAE@K@Z
?Destroy@CxImage@@QAE_NXZ

ws2_32

inet_addr
ntohs
htonl
socket
bind
ntohl
inet_ntoa
select
htons
connect
__WSAFDIsSet
WSAIoctl
accept
gethostbyname
gethostname
listen
closesocket
WSACleanup
WSAGetLastError
WSAStartup
recv
send

common

?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z
?GetFileName@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
??M@YA_NABVCTXStringW@@0@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??BCTXBSTR@@QBEPA_WXZ
??0CTXBSTR@@QAE@PB_W@Z
??1CTXBSTR@@QAE@XZ
?GetBuffer@CTXStringW@@QAEPA_WXZ
??BCTXStringW@@QBEPB_WXZ
?Format@CTXStringW@@QAAXPB_WZZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@PB_W@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??0CTXStringW@@QAE@XZ
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
?IsEmpty@CTXBSTR@@QAEHXZ
??ICTXBSTR@@QAEPAPA_WXZ
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?NotifyIdle@TXTimer@@YAXXZ
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetPlatformTpc@CoreCenter@Util@@YAHPAPAUITXDataRead@@@Z
?GetPlatformCore@CoreCenter@Util@@YAHPAPAUITXPlatformCore@@@Z
??0CTXBSTR@@QAE@XZ
??8CTXBSTR@@QBE_NPB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
??0CTXStringW@@QAE@PA_W@Z
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?ClearDeadQueue@Misc@Util@@YAXXZ
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?TXAssert@@YAXPB_W0H@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?OnExitCoreCenter@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?GetLength@CTXStringW@@QBEHXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?GetLocalePath@TXI18N@@YA?AVCTXStringW@@PB_W@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
?Find@CTXStringW@@QBEHPB_WH@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?TrimLeft@CTXStringW@@QAEAAV1@PB_W@Z
?IsDirectoryExist@FS@@YAHPB_W@Z
?SplitQNC@FS@@YAHPB_WAAVCTXStringW@@1@Z

gf

?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z

kernel32

SwitchToThread
lstrlenA
WaitForSingleObject
GetCurrentProcessId
Sleep
SetLastError
GetCurrentThreadId
GetFileAttributesExW
InterlockedExchangeAdd
SetFilePointer
UnhandledExceptionFilter
GetSystemDirectoryW
lstrcmpiW
OpenProcess
VirtualQuery
GetFileAttributesW
GetDateFormatW
GetTimeFormatW
ExpandEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandle
MapViewOfFile
UnmapViewOfFile
GetModuleHandleExW
ProcessIdToSessionId
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
GetLocaleInfoA
OpenEventW
OpenFileMappingW
GetSystemInfo
GetSystemDefaultLangID
LoadLibraryA
ReleaseMutex
GetComputerNameW
WriteFile
GetFileSizeEx
ReadFile
SetFilePointerEx
FindFirstFileW
GetFullPathNameW
FindClose
CreateFileW
RemoveDirectoryW
GetTickCount
MultiByteToWideChar
GetTempPathW
GetLocalTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
FreeLibrary
GetModuleFileNameW
GetSystemTimeAsFileTime
FindResourceExW
GetCurrentProcess
LoadResource
LockResource
SizeofResource
GetDiskFreeSpaceExW
MoveFileExW
InterlockedExchange
CopyFileW
InterlockedCompareExchange
WaitForMultipleObjects
CreateEventW
SetEvent
FindResourceW
CreateMutexW
DeleteCriticalSection
DeleteFileW
GetLastError
InitializeCriticalSection
GetModuleHandleW
GetCommandLineW
LeaveCriticalSection
lstrlenW
EnterCriticalSection
InterlockedDecrement
GetProcAddress
InterlockedIncrement
WideCharToMultiByte
RaiseException
LoadLibraryW
CloseHandle
SleepEx
GetFileSize
FindNextFileW
lstrcpynW
MoveFileW
IsBadReadPtr
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetThreadLocale
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
IsBadStringPtrW

user32

SetWindowLongW
DestroyWindow
CreateWindowExW
ShowWindow
FindWindowW
PostMessageW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
GetCursorPos
GetWindowLongW
RegisterClassExW
UnregisterClassA
FindWindowA
SetForegroundWindow
DefWindowProcW
GetMessageW
WaitMessage
TranslateMessage
PtInRect
SendMessageTimeoutW
GetDesktopWindow
IsWindow
SendMessageW
LoadImageW
CallWindowProcW
PostThreadMessageW

advapi32

RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegSetValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
RegDeleteValueW
RegFlushKey
RegEnumKeyExW
RegEnumValueW

shell32

ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW
PathMakePrettyW
PathStripPathW
StrFormatByteSizeW
StrFormatKBSizeW
StrFromTimeIntervalW
PathRemoveFileSpecW
PathCombineW

msvcp80

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?uncaught_exception@std@@YA_NXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
_FInf
_FNan
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
_Inf
_Nan
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z

msvcr80

_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_vsnprintf
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_except_handler3
_exit
_cexit
??3@YAXPAX@Z
memcpy_s
calloc
_wtoi
_vscwprintf
memset
strlen
_recalloc
_vscprintf
vsprintf_s
??_V@YAXPAX@Z
vswprintf_s
memcpy
??2@YAPAXI@Z
wcslen
free
_wtoi64
_invalid_parameter_noinfo
memmove_s
swscanf_s
malloc
??0exception@std@@QAE@XZ
_wtol
??0exception@std@@QAE@ABQBD@Z
wcschr
??0exception@std@@QAE@ABV01@@Z
wcsstr
wcsrchr
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_wcslwr_s
_wcsicmp
_snwprintf_s
_wcsnicmp
_localtime64_s
wcscmp
_time64
wcscpy_s
_mktime64
memcmp
_localtime64
memmove
_purecall
strncpy_s
rand_s
_itow_s
pow
realloc
swprintf_s
_beginthreadex
__RTDynamicCast
srand
rand
wcsncpy_s
tolower
putwchar
wcstol
strchr
strtol
putchar
_vsnprintf_s
_vsnwprintf_s
fclose
fflush
fwrite
_snprintf_s
strrchr
_memicmp
wcsncat_s
_wsplitpath_s
_time32
__CxxFrameHandler3
_snprintf
fprintf
__iob_func
_CxxThrowException
strcmp
ldiv
_strtoi64
_strtoui64
strtoul
sprintf
_errno
strtod
strcpy
abs
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
GetProcessMemoryInfo
EnumProcesses

androidassisthelper

RepairAndroidAssist
CreateAndroidAssist

atl80

ord30

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

InitCommonControlsEx

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWechatBackup/Plugins/WechatBackup/WechatBackup.rdb

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:bc:d7:58:1f:ef:26:59:2e:ab:58:46:eb:58:8f:d1:48:8a:3d:b6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 580KB

.rsrc Size: 285KB - Virtual size: 284KB

d9997cc22607493388b309294c30bacc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

version

psapi

imagehlp

netapi32

Exports

Exports

Sections

.text Size: 872KB - Virtual size: 869KB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 20KB - Virtual size: 41KB

.rsrc Size: 308KB - Virtual size: 305KB

.reloc Size: 52KB - Virtual size: 48KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:bc:d7:58:1f:ef:26:59:2e:ab:58:46:eb:58:8f:d1:48:8a:3d:b6
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 580KB

.rsrc
Size: 285KB - Virtual size: 284KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22
Signer

.text
Size: 872KB - Virtual size: 869KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 20KB - Virtual size: 41KB

.rsrc
Size: 308KB - Virtual size: 305KB

.reloc
Size: 52KB - Virtual size: 48KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

20:59:d5:79:26:d7:50:73:4f:fb:40:26:a9:a1:dd:c0:20:dd:33:02
Signer

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate