156f9e7c8cc1a83cdd1286af586bad2c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

156f9e7c8cc1a83cdd1286af586bad2c_JaffaCakes118
Size

3.1MB
MD5

156f9e7c8cc1a83cdd1286af586bad2c
SHA1

c6d6f2dc62e13799dcb071ab64dc2e7e7d3f7d0c
SHA256

155bd4cffa7c5e654d2b8373bef2934e90f4d5aa809f00ac443da1e16800dfb7
SHA512

a0992b7e88dae3cfaccdc33ead493ad29e85f672402568e0f4b2acd1a4b1ee91fa5206c0ada4c68c349e878d0f8def69a545915c6c20a3c61ba4ad295122b01b
SSDEEP

49152:vWaI9GDRIR0NEFrfPkKO2Ft9QfDghPFxT/Ql7MlTkxj1/TtGwLhbI/5dLxDfb:vvIWRI2wVyDcPvM+xiRhLbIB/P

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
156f9e7c8cc1a83cdd1286af586bad2c_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/out.upx

Files

156f9e7c8cc1a83cdd1286af586bad2c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$_16_/ConfigMover30b2.exe
.exe windows:4 windows x86 arch:x86

23c66f324e0bfa41a56200360ba3ef41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ConfigMover30b2.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateDirectoryW
GetVersionExW
CompareStringW
CompareStringA
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

shell32

SHFileOperationW
SHGetFolderPathAndSubDirW
SHGetFolderPathW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/Correction.ini
$_16_/ErrorReport.exe
.exe windows:4 windows x86 arch:x86

eadada9b14fc50d843327593d54c00a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ErrorReport.pdb

Imports

kernel32

ReleaseMutex
OpenMutexW
CreateMutexW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
Sleep
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindClose
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetVersionExW
GetSystemInfo
GetModuleFileNameW
MultiByteToWideChar
CreateProcessW
GetCurrentThreadId
FormatMessageW
WaitForMultipleObjects
GetCommandLineW
CreateEventW
SetLastError
CreateThread
LocalFree
GetProcAddress
GlobalUnlock
GlobalFree
CreateFileW
GlobalAlloc
GlobalLock
GetLastError
GetTickCount
GetModuleHandleW
FindFirstFileW
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
VirtualFree
OpenEventW

imm32

ImmDisableIME

user32

DrawTextW
SetWindowPos
OffsetRect
CreateWindowExW
BeginPaint
SetTimer
PtInRect
GetCursorPos
GetWindowRect
SubtractRect
GetLastInputInfo
IntersectRect
MonitorFromRect
GetMessageW
InvalidateRect
EndPaint
TranslateMessage
FindWindowW
SetWindowLongW
DispatchMessageW
DestroyWindow
MonitorFromPoint
PostQuitMessage
GetWindowLongW
SetCursor
GetForegroundWindow
CloseWindow
LoadCursorW
RegisterClassExW
AdjustWindowRect
GetMonitorInfoW
DefWindowProcW
EmptyClipboard
CloseClipboard
MessageBoxW
OpenClipboard
GetSystemMetrics
SetClipboardData

gdi32

CreateFontIndirectW
GetStockObject
SetTextColor
BitBlt
SetViewportOrgEx
SetBkMode
DeleteObject
SelectObject
CreateSolidBrush
CreatePen
CreateCompatibleBitmap
Rectangle
CreateCompatibleDC
DeleteDC

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
RegCreateKeyExW
RegQueryValueExW
RegQueryValueW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/HWSignature.dll
.dll windows:4 windows x86 arch:x86

3805775f1dde052333909932d791dd7f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime33\Bin\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
GetProcessHeap
CopyFileA
DeviceIoControl
CloseHandle
HeapAlloc
HeapFree
GetSystemDirectoryA
lstrcatA
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_16_/ImeHint.exe
.exe windows:4 windows x86 arch:x86

819ced62d1b59ec708b1ff8978a4b4b3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ImeHint.pdb

Imports

imm32

ImmDisableIME

kernel32

OpenMutexW
WaitForSingleObject
SetFileAttributesW
CopyFileW
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
FindClose
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
SetFilePointer
GetConsoleCP
ReleaseMutex
LoadLibraryA
GetLocaleInfoA
CreateDirectoryW
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileW
MoveFileExW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetModuleFileNameW
GetSystemInfo
GetVersionExW
CreateProcessW
MultiByteToWideChar
CreateThread
LocalFree
GetCurrentThreadId
FormatMessageW
WaitForMultipleObjects
GetCommandLineW
SetLastError
Sleep
OpenEventW
CreateEventW
InterlockedCompareExchange
InterlockedIncrement
GetProcAddress
GetFileSize
CreateFileW
ReadFile
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
GetModuleHandleW
GetLastError
GetConsoleMode
CreateMutexW
DeleteCriticalSection

user32

DrawTextW
GetMonitorInfoW
FindWindowW
GetForegroundWindow
DefWindowProcW
GetLastInputInfo
RegisterClassExW
GetMessageW
AdjustWindowRect
OffsetRect
CloseWindow
MonitorFromRect
LoadCursorW
EndPaint
PostQuitMessage
DestroyWindow
DispatchMessageW
BeginPaint
IntersectRect
PtInRect
SetWindowLongW
SetCursor
SubtractRect
CreateWindowExW
InvalidateRect
SetWindowPos
TranslateMessage
GetWindowLongW
SetTimer
GetCursorPos
GetWindowRect
GetSystemMetrics
MessageBoxW
MonitorFromPoint

gdi32

CreateFontIndirectW
GetStockObject
SetTextColor
CreatePen
CreateCompatibleDC
DeleteDC
CreateSolidBrush
SetBkMode
BitBlt
Rectangle
CreateCompatibleBitmap
SelectObject
DeleteObject
SetViewportOrgEx

advapi32

RegCreateKeyExW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegQueryValueExW
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/ImeUtil.exe
.exe windows:4 windows x86 arch:x86

54306172970cc973f6ddea76e4b5f421

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ImeUtil.pdb

Imports

imm32

ImmDisableIME

kernel32

GlobalFree
GlobalAlloc
ReadFile
LoadLibraryW
GetProcAddress
SetLastError
CreateEventW
WaitForMultipleObjects
FormatMessageW
GetCurrentThreadId
MultiByteToWideChar
LocalFree
CreateThread
GetCommandLineW
GetVersionExW
GetModuleFileNameW
GetSystemInfo
InterlockedIncrement
InterlockedCompareExchange
CopyFileW
DeleteFileW
MoveFileExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
WideCharToMultiByte
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetFileSize
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentProcessId
LCMapStringA
LCMapStringW
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
GetModuleHandleW
HeapAlloc
OpenEventW
WriteFile
Sleep
CreateFileW
SetFileAttributesW
GetLastError
CreateDirectoryW
HeapFree
GetProcessHeap
CloseHandle
CreateProcessW
GetVersionExA

user32

PostQuitMessage
EndPaint
LoadCursorW
MonitorFromPoint
MonitorFromRect
CloseWindow
OffsetRect
GetMessageW
AdjustWindowRect
DrawTextW
DispatchMessageW
CreateWindowExW
InvalidateRect
SetWindowPos
TranslateMessage
GetWindowLongW
SetTimer
GetCursorPos
GetSystemMetrics
GetWindowRect
GetMonitorInfoW
GetForegroundWindow
DefWindowProcW
FindWindowW
GetLastInputInfo
SetForegroundWindow
RegisterClassExW
DestroyWindow
BeginPaint
IntersectRect
GetKeyboardLayoutList
SetWindowLongW
PtInRect
SetCursor
MessageBoxW
SubtractRect

advapi32

BuildExplicitAccessWithNameW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
RegQueryValueW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW

wininet

InternetReadFile
InternetOpenW
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoW
InternetOpenUrlW

gdi32

SetTextColor
GetStockObject
CreateCompatibleDC
DeleteDC
CreateSolidBrush
SetBkMode
DeleteObject
BitBlt
CreatePen
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
Rectangle
CreateFontIndirectW

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/MoHuYin.ini
$_16_/PinyinUp.exe
.exe windows:4 windows x86 arch:x86

81144eb83d45d3f284106bd200988db2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\PinyinUp.pdb

Imports

wininet

HttpQueryInfoW
InternetCloseHandle
InternetSetCookieW
InternetOpenW
InternetOpenUrlW
InternetReadFile

shlwapi

StrToIntW
StrCmpIW

imm32

ImmDisableIME

ws2_32

gethostbyname

kernel32

GetExitCodeThread
FindClose
GetTempPathW
CreateDirectoryW
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
Sleep
FindNextFileW
HeapAlloc
HeapFree
GetProcessHeap
FormatMessageW
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
GetVersionExW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
ResumeThread
CloseHandle
SetThreadPriority
SuspendThread
FindFirstFileW
MultiByteToWideChar
GetPrivateProfileStringW
GetCurrentProcess
EnterCriticalSection
LocalFree
GetLocalTime
GetLastError
WriteConsoleA
CreateProcessW
GetCurrentDirectoryA
GetFullPathNameW
GetCurrentProcessId
SetEnvironmentVariableA
GetCurrentThreadId
WideCharToMultiByte
MoveFileExW
DeleteFileW
SetFileAttributesW
CopyFileW
ReadFile
CreateFileW
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
WriteFile
GlobalAlloc
GetCommandLineW
GlobalFree
CreateEventW
WaitForMultipleObjects
QueryPerformanceCounter
CreateThread
GetModuleHandleW
GetSystemInfo
GetModuleFileNameW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
OpenMutexW
CreateMutexW
InterlockedIncrement
InterlockedCompareExchange
OpenEventW
RemoveDirectoryW
GetProcAddress
LCMapStringW
GetTickCount
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetVersionExA
GetStartupInfoW
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP

user32

RegisterClassW
LoadCursorW
GetSystemMetrics
GetMessageW
SetCursor
ShowWindow
PostQuitMessage
InvalidateRect
GetWindowTextW
CreateWindowExW
GetDlgItem
SetWindowTextW
LoadIconW
GetWindowLongW
DispatchMessageW
SetWindowPos
EnableMenuItem
TranslateMessage
SendMessageW
DefWindowProcW
GetSystemMenu
MessageBoxW
ExitWindowsEx

gdi32

CreateFontIndirectW

advapi32

RegQueryValueW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
AllocateAndInitializeSid
SetNamedSecurityInfoW
RegCloseKey
FreeSid
GetTokenInformation
EqualSid
LookupAccountSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

hwsignature

GenHWID

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/Punctures.ini
$_16_/Resource.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_16_/ScdMaker.exe
.exe windows:4 windows x86 arch:x86

b61c88b32d5d44dc2d3dbf818ee6a596

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ScdMaker.pdb

Imports

imm32

ImmDisableIME

kernel32

CloseHandle
LocalFree
CreateThread
FormatMessageW
GetCommandLineW
FindClose
FindNextFileW
FindFirstFileW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
CreateFileMappingW
GetVersionExW
GetSystemInfo
GetModuleFileNameW
GetModuleHandleW
SetFileAttributesW
MoveFileExW
CreateDirectoryW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
WriteFile
ReadFile
FlushFileBuffers
GetFileSize
SetFilePointer
InterlockedIncrement
InterlockedCompareExchange
RemoveDirectoryW
LCMapStringW
GetTickCount
Sleep
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
GetCurrentThreadId
HeapReAlloc
GetTimeZoneInformation
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LoadLibraryA
GetLocaleInfoW
CreateFileA
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalAlloc
WaitForMultipleObjects
CreateEventW
CreateProcessW
GlobalFree
SetLastError
WideCharToMultiByte
GetLastError
DeleteFileW
MultiByteToWideChar
CopyFileW
RaiseException

user32

MessageBoxW

advapi32

RegCreateKeyExW
RegQueryValueW
RegQueryValueExW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/ScdReg.exe
.exe windows:4 windows x86 arch:x86

b9d549f1f267cec71843909cce4fcf93

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ScdReg.pdb

Imports

imm32

ImmDisableIME

kernel32

CloseHandle
GetSystemInfo
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
OpenFileMappingW
SetFileAttributesW
MoveFileExW
CreateDirectoryW
CopyFileW
MultiByteToWideChar
CreateProcessW
GlobalFree
WaitForMultipleObjects
GlobalAlloc
GetCurrentThreadId
FormatMessageW
CreateThread
InterlockedCompareExchange
InterlockedIncrement
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
RemoveDirectoryW
LCMapStringW
GetTickCount
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FileTimeToSystemTime
OpenEventW
GetDriveTypeW
HeapReAlloc
GetTimeZoneInformation
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateEventW
SetLastError
GetLastError
Sleep
LocalFree
WideCharToMultiByte
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
FileTimeToLocalFileTime

user32

MessageBoxW

advapi32

RegCreateKeyExW
RegQueryValueW
RegSetValueExW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/ScdViewer.exe
.exe windows:4 windows x86 arch:x86

2fd4ce42f3412d026ae3bf4cbdcf77fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ScdViewer.pdb

Imports

user32

GetSystemMetrics
GetWindowRect
SendMessageW
GetDlgItem
EndDialog
SetWindowPos
DialogBoxParamW
MessageBoxW

gdi32

GetStockObject

imm32

ImmDisableIME

kernel32

GetCurrentThreadId
FormatMessageW
CloseHandle
LocalFree
MultiByteToWideChar
SetLastError
GlobalFree
GetCommandLineW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileSize
WaitForSingleObject
ReleaseMutex
OpenMutexW
CreateMutexW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
GetSystemInfo
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
SetFileAttributesW
GetLastError
GetStringTypeW
GetCPInfo
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
CreateDirectoryW
DeleteFileW
RaiseException
MoveFileExW
GetStartupInfoW
GetStringTypeA

advapi32

BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegQueryValueW
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityInfo

shell32

SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/SkinEditor.exe
.exe windows:4 windows x86 arch:x86

6fc1d7a0305884e43c62ac34e3d582db

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
GetTimeZoneInformation
InitializeCriticalSection
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetLastError
GetLastError
CopyFileW
DeleteFileW
GetTempPathW
GetLongPathNameW
CreateFileW
CloseHandle
RemoveDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindClose
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
SetStdHandle
GetCPInfo
InterlockedDecrement
LockResource
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
LoadLibraryW
GetProcAddress
ReadFile
GlobalAlloc
GlobalFree
GetFileSize
GlobalLock
GlobalUnlock
GetModuleHandleW
GetTickCount
GetVersionExW
GlobalReAlloc
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
LocalFree
GetCurrentThreadId
GetCommandLineW
InterlockedIncrement
InterlockedCompareExchange
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
SetFileAttributesW
MoveFileExW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetFilePointer
WriteFile
FlushFileBuffers
FindNextFileW
FreeLibrary
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

RegisterClassExW
CharNextW
LoadCursorW
SetWindowPlacement
GetSystemMetrics
GetWindowPlacement
DestroyAcceleratorTable
SetCursor
SetCapture
SetTimer
KillTimer
PostMessageW
ReleaseCapture
GetCursorPos
DrawIconEx
GetClassLongW
CheckDlgButton
GetWindowTextLengthW
EnableWindow
EndDialog
DialogBoxParamW
CreateDialogParamW
DefWindowProcW
RegisterClassW
SetFocus
ScreenToClient
CreateWindowExW
GetSysColor
GetWindowTextW
FillRect
GetScrollInfo
ScrollWindow
GetWindowLongW
SetWindowLongW
SetScrollInfo
BeginPaint
EndPaint
IsDlgButtonChecked
GetSysColorBrush
OffsetRect
SetWindowPos
GetWindowRect
DrawTextW
SetWindowRgn
GetDesktopWindow
LoadImageW
LoadIconW
SetRect
PtInRect
SetCursorPos
GetMonitorInfoW
UpdateLayeredWindow
SubtractRect
MonitorFromPoint
RedrawWindow
IntersectRect
GetCursor
TrackMouseEvent
CallWindowProcW
InflateRect
InvalidateRect
GetDC
ReleaseDC
GetDlgCtrlID
MoveWindow
GetDlgItem
DestroyWindow
PostQuitMessage
MessageBoxW
SetWindowTextW
GetClientRect
GetMenu
EnableMenuItem
GetMessageW
GetParent
GetClassNameW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
LoadMenuW
SetMenu
LoadAcceleratorsW
SendMessageW
UpdateWindow
DestroyMenu

gdi32

Rectangle
SelectObject
CreateSolidBrush
CreateFontIndirectW
CreatePen
SetViewportOrgEx
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
GetPixel
EnumFontFamiliesExW
GetTextExtentPointW
ExtCreateRegion
CombineRgn
OffsetRgn
GetTextMetricsW
SetBkColor
MoveToEx
SelectClipRgn
GetKerningPairsW
LineTo
GetFontData
GetObjectW
GetGlyphOutlineW
TextOutW
CreateDIBSection
SetTextColor
SetBkMode
DeleteObject
GetStockObject

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
CommDlgExtendedError

shell32

DragAcceptFiles
SHGetSpecialFolderPathW
SHFileOperationW
DragQueryFileW
DragFinish

msimg32

TransparentBlt
GradientFill
AlphaBlend

imm32

ImmDisableIME

ziplib

UnZip
ZipFolder

advapi32

RegCloseKey
SetSecurityInfo
RegOpenKeyExW
RegQueryValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegQueryValueExW
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/SkinReg.exe
.exe windows:4 windows x86 arch:x86

bc2f628937d4058c840ae1875d55d8ab

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\SkinReg.pdb

Imports

user32

DrawTextW
SetWindowPos
GetWindowLongW
TranslateMessage
GetCursorPos
SetTimer
GetSystemMetrics
GetWindowRect
GetMonitorInfoW
GetForegroundWindow
GetLastInputInfo
DefWindowProcW
FindWindowW
SetForegroundWindow
RegisterClassExW
AdjustWindowRect
OffsetRect
CloseWindow
MonitorFromRect
MonitorFromPoint
LoadCursorW
EndPaint
PostQuitMessage
DestroyWindow
DispatchMessageW
BeginPaint
IntersectRect
SetWindowLongW
PtInRect
SetCursor
CreateWindowExW
SubtractRect
InvalidateRect
GetMessageW
MessageBoxW

imm32

ImmDisableIME

kernel32

InterlockedCompareExchange
RemoveDirectoryW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
WideCharToMultiByte
FreeLibrary
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
FindFirstFileW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
Sleep
HeapSize
SetFilePointer
InterlockedIncrement
GetConsoleMode
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindNextFileW
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
LocalFree
MultiByteToWideChar
CreateProcessW
GetCurrentThreadId
FormatMessageW
WaitForMultipleObjects
CreateEventW
SetLastError
CreateThread
GetModuleFileNameW
GetCommandLineW
GetVersionExW
GetSystemInfo
SetFileAttributesW
DeleteFileW
CreateDirectoryW
MoveFileExW
CopyFileW
GetProcAddress
LoadLibraryW
GlobalFree
CloseHandle
GetFileSize
CreateFileW
GlobalAlloc
ReadFile
GetTickCount
GetModuleHandleW
GetLastError
GetConsoleCP
FindClose
InitializeCriticalSection

gdi32

CreateFontIndirectW
GetStockObject
SetTextColor
DeleteObject
BitBlt
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
Rectangle
CreatePen
CreateCompatibleDC
DeleteDC
SetBkMode
CreateSolidBrush

advapi32

GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
GetSecurityInfo

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/SogouTSF.dll
.dll regsvr32 windows:4 windows x86 arch:x86

eeaf1cf892d8e72dc6f6ddfd02e103df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime33\Bin\SogouInput\SogouTSF.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW

ole32

CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_16_/SpeedMeter.exe
.exe windows:4 windows x86 arch:x86

a248a7ff37d9332d68ad414c2d0103df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\SpeedMeter.pdb

Imports

kernel32

GlobalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTickCount
GlobalLock
GlobalUnlock
GlobalAlloc
GetLastError
GetModuleHandleW
GetCommandLineW
GetVersionExW
GetSystemInfo
GetModuleFileNameW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
OpenFileMappingW
CloseHandle
FormatMessageW
GetCurrentThreadId
MultiByteToWideChar
CreateProcessW
LocalFree
CreateThread
SetLastError
CreateEventW
WaitForMultipleObjects
InterlockedCompareExchange
InterlockedIncrement
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
MoveFileExW
DeleteFileW
CreateDirectoryW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
CopyFileW
SetFileAttributesW
WideCharToMultiByte
GetProcAddress
LCMapStringW
Sleep
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
ReadFile
FlushFileBuffers
SetFilePointer
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
CreateFileA
GetFileSize

user32

SetWindowLongW
DestroyWindow
DialogBoxParamW
CreateDialogParamW
GetWindowLongW
SetWindowTextW
EndDialog
GetWindowTextLengthW
SendMessageW
LoadIconW
CloseClipboard
OpenClipboard
SetClipboardData
EmptyClipboard
MessageBoxW
ShowWindow
SetForegroundWindow
IsIconic
FindWindowW
GetDlgItem
SetTimer
GetWindowTextW

comctl32

InitCommonControlsEx

imm32

ImmDisableIME

advapi32

SetNamedSecurityInfoW
RegQueryValueExW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegQueryValueW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/UserPage.exe
.exe windows:4 windows x86 arch:x86

c1753cbe9155bff72dbc8a9f999aa469

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\UserPage.pdb

Imports

imm32

ImmSetConversionStatus
ImmGetContext
ImmDisableIME

kernel32

GetLastError
GetModuleHandleW
CreateEventW
CloseHandle
CreateThread
TlsAlloc
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleFileNameW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetTickCount
GetVersionExW
GlobalAlloc
GlobalFree
GetFileSize
ReadFile
CreateFileW
LoadLibraryW
GetProcAddress
WideCharToMultiByte
WaitForMultipleObjects
GetCurrentThreadId
GetCommandLineW
FormatMessageW
LocalFree
CreateProcessW
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OpenMutexW
WaitForSingleObject
ReleaseMutex
CreateMutexW
DeleteFileW
MoveFileExW
SetFileAttributesW
CreateDirectoryW
CopyFileW
OpenEventW
Sleep
FindFirstFileW
FindClose
FindNextFileW
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
InterlockedIncrement
InterlockedCompareExchange
RemoveDirectoryW
SetFilePointer
WriteFile
FlushFileBuffers
FreeLibrary
LCMapStringW
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
HeapSize
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP

user32

GetDlgItemTextW
SendMessageW
GetClassNameW
SetWindowTextW
GetCursorPos
GetDlgCtrlID
GetWindowRect
SetCapture
MoveWindow
GetWindowLongW
OffsetRect
CheckDlgButton
DialogBoxParamW
DestroyWindow
CreateDialogParamW
SetWindowRgn
UpdateLayeredWindow
FillRect
GetSystemMetrics
InvalidateRect
DefWindowProcW
SubtractRect
GetMonitorInfoW
GetCursor
PtInRect
MonitorFromPoint
SetRect
BeginPaint
EndPaint
KillTimer
RegisterClassExW
InflateRect
TrackMouseEvent
GetParent
CallWindowProcW
CharNextW
ReleaseCapture
SetWindowLongW
RedrawWindow
SetCursorPos
LoadBitmapW
ActivateKeyboardLayout
GetKeyboardLayoutList
SetForegroundWindow
IsIconic
CreateWindowExW
SetClassLongW
LoadCursorW
SetCursor
EnableWindow
ReleaseDC
IsDlgButtonChecked
PostMessageW
FindWindowW
DrawTextW
IntersectRect
SetFocus
EndDialog
MessageBoxW
GetDC
SetTimer
SetWindowPos
GetWindowTextW
SetDlgItemTextW
GetDlgItem
ShowWindow

gdi32

SelectObject
GetTextExtentPoint32W
DeleteDC
CreateCompatibleDC
GetPixel
GetObjectW
CreateSolidBrush
GetStockObject
TextOutW
CombineRgn
OffsetRgn
CreateDIBSection
GetFontData
GetGlyphOutlineW
SetTextColor
GetTextMetricsW
SelectClipRgn
GetKerningPairsW
SetBkColor
StretchBlt
Rectangle
CreateFontIndirectW
GetTextExtentPointW
CreatePen
LineTo
MoveToEx
BitBlt
DeleteObject
CreateCompatibleBitmap
SetBkMode

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend
TransparentBlt

wininet

InternetReadFile
InternetCloseHandle
HttpEndRequestW
InternetCanonicalizeUrlW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW

advapi32

GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegCloseKey
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
SetNamedSecurityInfoW

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 666KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/UsrDictUtil.exe
.exe windows:4 windows x86 arch:x86

88e8e74f3ec0007acf22057e6057bc67

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\UsrDictUtil.pdb

Imports

imm32

ImmDisableIME

user32

MessageBoxW

kernel32

SetFileAttributesW
CopyFileW
GlobalFree
CreateEventW
WaitForMultipleObjects
GlobalAlloc
GetCommandLineW
GetCurrentThreadId
FormatMessageW
LocalFree
CreateThread
MultiByteToWideChar
CreateProcessW
SetLastError
InterlockedIncrement
InterlockedCompareExchange
GetModuleFileNameW
GetModuleHandleW
GetSystemInfo
GetVersionExW
Sleep
OpenEventW
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
ReadFile
FindNextFileW
FindFirstFileW
FindClose
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
RemoveDirectoryW
LCMapStringW
GetTickCount
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
HeapReAlloc
GetTimeZoneInformation
GetCPInfo
GetStringTypeA
GetStringTypeW
LCMapStringA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateDirectoryW
MoveFileExW
CloseHandle
GetLastError
OpenFileMappingW
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
GetDriveTypeW

advapi32

RegCreateKeyExW
RegQueryValueW
RegQueryValueExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegOpenKeyExW
RegCloseKey

shell32

SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/Wizard.exe
.exe windows:4 windows x86 arch:x86

530c47d19bc90ee9db4ef1de0c4a3c97

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\Wizard.pdb

Imports

kernel32

SizeofResource
FindClose
FindResourceW
LockResource
CloseHandle
LoadLibraryExW
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
CreateFileW
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryW
GetVersionExW
GetTickCount
GlobalReAlloc
CreateDirectoryW
DeleteFileW
SetFileAttributesW
CopyFileW
MoveFileExW
LocalFree
GetCommandLineW
CreateThread
FormatMessageW
MultiByteToWideChar
SetLastError
CreateProcessW
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
GetSystemInfo
GetModuleFileNameW
InterlockedIncrement
InterlockedCompareExchange
MapViewOfFile
UnmapViewOfFile
GetLastError
OpenFileMappingW
RemoveDirectoryW
FindNextFileW
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateMutexW
ReleaseMutex
OpenMutexW
SetFilePointer
WriteFile
FlushFileBuffers
FreeLibrary
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadResource
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
Sleep
HeapSize
VirtualAlloc
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
FindFirstFileW
CreateFileMappingW
GetModuleHandleW

user32

DialogBoxParamW
SetClassLongW
CharNextW
DrawTextW
LoadImageW
GetMonitorInfoW
KillTimer
UpdateLayeredWindow
SetCapture
SubtractRect
SetCursor
PtInRect
GetCursorPos
SetWindowPos
MonitorFromPoint
IntersectRect
GetSystemMetrics
RedrawWindow
ReleaseCapture
SetRect
GetCursor
SetCursorPos
TrackMouseEvent
GetParent
CallWindowProcW
SetWindowRgn
SetWindowLongW
SetScrollInfo
GetScrollInfo
CheckDlgButton
CreateWindowExW
DefWindowProcW
FindWindowW
SetForegroundWindow
IsIconic
InflateRect
ReleaseDC
FillRect
BeginPaint
GetUpdateRect
GetDC
OffsetRect
InvalidateRect
EndPaint
SetTimer
SetWindowTextW
ScreenToClient
GetFocus
GetWindowRect
LoadIconW
ShowWindow
LoadBitmapW
EndDialog
PostMessageW
MessageBoxW
GetClientRect
MoveWindow
GetDlgItem
SendMessageW
EnableWindow
GetDlgCtrlID
IsDlgButtonChecked
DestroyWindow
CreateDialogParamW
GetWindowLongW
GetDesktopWindow
LoadCursorW

gdi32

ExtCreateRegion
GetTextExtentPointW
CombineRgn
OffsetRgn
GetPixel
GetStockObject
GetGlyphOutlineW
SetBkColor
TextOutW
SelectClipRgn
GetKerningPairsW
GetClipRgn
SelectObject
DeleteObject
StretchBlt
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
CreatePen
Rectangle
CreateSolidBrush
CreateCompatibleBitmap
GetTextExtentPoint32W
BitBlt
DeleteDC
MoveToEx
LineTo
SetBkMode
CreateDIBSection
GetTextMetricsW
GetFontData
CreateRectRgn
SetTextColor

comctl32

InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt
GradientFill

imm32

ImmDisableIME

advapi32

GetNamedSecurityInfoW
RegQueryValueW
RegCreateKeyExW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

Sections

.text
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/ZipLib.dll
.dll windows:4 windows x86 arch:x86

1f9bbcf64bd00ab9c608fd36f2184919

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
GetFileTime
FileTimeToLocalFileTime
GetVersion
FindNextFileA
GlobalLock
GlobalAlloc
CloseHandle
GlobalFree
lstrcmpiA
lstrlenA
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetVolumeLabelA
SetFilePointer
GetLocaleInfoA
SetEndOfFile
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetLocalTime
lstrcpyA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
ReleaseMutex
CreateMutexA
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
GetVolumeInformationA
InitializeCriticalSection
GetDriveTypeA
GetProcessHeap
GetLastError
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
MultiByteToWideChar
MoveFileW
CopyFileW
GetTempPathA
FindClose
FindNextFileW
FindFirstFileW
GlobalUnlock
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InterlockedDecrement
GetCPInfo
MoveFileA
SetStdHandle
HeapReAlloc
GetFileInformationByHandle
PeekNamedPipe
RtlUnwind
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoA
Sleep
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
GetTimeZoneInformation
HeapSize
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueA
GetKernelObjectSecurity
GetSecurityDescriptorSacl
IsValidAcl

Exports

Exports

UnZip
UnZipEx
ZipFolder
ZipFolderEx

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_16_/ZipLib64.dll
.dll windows:4 windows x64 arch:x64

c72b7e0f1eaf64b127485b3988f7b2c9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
CreateMutexA
CreateFileA
ReleaseMutex
GetFileTime
FileTimeToLocalFileTime
GetVersion
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
FindNextFileA
GlobalLock
GlobalAlloc
GlobalUnlock
GetVolumeInformationA
lstrcmpiA
lstrlenA
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetLocalTime
DosDateTimeToFileTime
SetVolumeLabelA
LocalFileTimeToFileTime
SetFilePointer
GetLocaleInfoA
SetEndOfFile
lstrcpyA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
InitializeCriticalSection
GetDriveTypeA
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
CloseHandle
WideCharToMultiByte
GetTempPathW
CreateDirectoryW
MultiByteToWideChar
GetTempPathA
MoveFileW
CopyFileW
GetLastError
FindNextFileW
FindClose
GlobalFree
FindFirstFileW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
MoveFileA
GetCPInfo
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapSetInformation
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RaiseException
RtlPcToFileHeader
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
Sleep
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidAcl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueA
GetKernelObjectSecurity
OpenProcessToken
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl

Exports

Exports

UnZip
UnZipEx
ZipFolder
ZipFolderEx

Sections

.text
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_16_/config.exe
.exe windows:4 windows x86 arch:x86

b698a9e47b565a751b92c2454be0de0d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\config.pdb

Imports

imm32

ImmGetContext
ImmSetOpenStatus
ImmDisableIME

comctl32

InitCommonControlsEx

kernel32

LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
OpenEventW
GetLastError
CreateProcessW
GetTickCount
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetLocalTime
FindFirstFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
HeapSize
GetCurrentProcessId
FindClose
LockResource
FindResourceW
LoadResource
SizeofResource
LoadLibraryExW
LoadLibraryW
GetProcAddress
ReadFile
GlobalAlloc
CreateFileW
GlobalFree
GlobalUnlock
GlobalLock
GetFileSize
GetVersionExW
GetModuleHandleW
GlobalReAlloc
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
ReleaseMutex
OpenMutexW
FormatMessageW
MultiByteToWideChar
GetCommandLineW
SetLastError
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
LocalFree
CreateThread
InterlockedIncrement
InterlockedCompareExchange
CopyFileW
DeleteFileW
SetFileAttributesW
MoveFileExW
CreateDirectoryW
RemoveDirectoryW
FindNextFileW
GetSystemInfo
GetModuleFileNameW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FlushFileBuffers
SetFilePointer
WriteFile
FreeLibrary
LCMapStringW
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeZoneInformation
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA

user32

SetWindowLongW
SendMessageW
GetDlgItem
OffsetRect
ClientToScreen
CreateWindowExW
GetWindowLongW
GetWindowTextLengthW
GetUpdateRect
GetDC
ReleaseDC
ScreenToClient
GetDlgItemTextW
GetWindowTextW
InvalidateRect
CheckRadioButton
LoadCursorW
SetWindowRgn
DefWindowProcW
GetDesktopWindow
DestroyWindow
CreateDialogParamW
DialogBoxParamW
LoadImageW
CharNextW
SetRect
PtInRect
SetCursorPos
MonitorFromPoint
GetCursorPos
SetWindowPos
IntersectRect
RedrawWindow
ReleaseCapture
UpdateLayeredWindow
GetCursor
SetCapture
SetCursor
GetMonitorInfoW
SubtractRect
InflateRect
LoadStringW
CheckDlgButton
EnableWindow
PostMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetTimer
EndDialog
KillTimer
SetWindowTextW
FillRect
DrawTextW
EndPaint
BeginPaint
FindWindowW
SetForegroundWindow
IsIconic
GetWindowRect
GetClientRect
SetFocus
MoveWindow
MessageBoxW
GetSystemMetrics
LoadIconW
ShowWindow

gdi32

SetTextColor
CreateRectRgn
GetTextExtentPoint32W
GetObjectW
EnumFontFamiliesExW
SelectClipRgn
GetDeviceCaps
SetViewportOrgEx
GetTextExtentPointW
CreateCompatibleDC
OffsetRgn
ExtCreateRegion
LineTo
CombineRgn
BitBlt
GetPixel
CreateCompatibleBitmap
CreateDIBSection
GetTextMetricsW
GetKerningPairsW
GetFontData
GetGlyphOutlineW
SetBkMode
Rectangle
DeleteDC
MoveToEx
DeleteObject
CreateSolidBrush
CreateFontIndirectW
StretchBlt
SelectObject
SetBkColor
TextOutW
GetStockObject
CreatePen

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

msimg32

TransparentBlt
AlphaBlend
GradientFill

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
RegCreateKeyExW
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Sections

.text
Size: 512KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/phrases.ini
$_16_/userNetSchedule.exe
.exe windows:4 windows x86 arch:x86

27bed4e079f9e793ce5fd241d1840f6f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

MoveFileExW
CreateDirectoryW
SetFileAttributesW
SetLastError
SetFilePointer
WriteFile
FlushFileBuffers
WaitForMultipleObjects
GetCommandLineW
GetCurrentThreadId
FormatMessageW
LocalFree
CreateThread
MultiByteToWideChar
CreateEventW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
InterlockedCompareExchange
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
Sleep
OpenEventW
RemoveDirectoryW
GetSystemInfo
GetVersionExW
GetModuleFileNameW
WideCharToMultiByte
FreeLibrary
LCMapStringW
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
LoadLibraryW
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
GlobalFree
CreateFileW
GetFileSize
ReadFile
GlobalAlloc
GetTickCount
CreateProcessW
DeleteFileW
GetTempFileNameW
CloseHandle
GetLastError
CopyFileW
GetModuleHandleW
InterlockedDecrement

user32

OffsetRect
GetMessageW
AdjustWindowRect
RegisterClassExW
DrawTextW
MessageBoxW
IntersectRect
PtInRect
SetWindowLongW
CloseWindow
SubtractRect
InvalidateRect
SetWindowPos
TranslateMessage
GetWindowLongW
GetCursorPos
SetTimer
GetSystemMetrics
GetMonitorInfoW
GetWindowRect
DefWindowProcW
GetForegroundWindow
GetLastInputInfo
FindWindowW
MonitorFromRect
MonitorFromPoint
LoadCursorW
LoadIconW
CreateWindowExW
DestroyWindow
DispatchMessageW
PostQuitMessage
EndPaint
SetCursor
BeginPaint

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ziplib

UnZip
ZipFolder

wininet

InternetConnectW
InternetCloseHandle
InternetReadFile
HttpEndRequestW
InternetCanonicalizeUrlW
HttpSendRequestExW
InternetQueryOptionW
InternetWriteFile
HttpSendRequestW
InternetSetOptionW
InternetGetCookieW
InternetSetCookieW
InternetOpenW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW

gdi32

CreateSolidBrush
SetBkMode
DeleteObject
SelectObject
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
DeleteDC
Rectangle
CreateCompatibleDC
CreatePen
SetTextColor
GetStockObject
CreateFontIndirectW

advapi32

SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegQueryValueW
GetSecurityInfo

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ConfigMover30b2.exe
.exe windows:4 windows x86 arch:x86

23c66f324e0bfa41a56200360ba3ef41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ConfigMover30b2.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateDirectoryW
GetVersionExW
CompareStringW
CompareStringA
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

shell32

SHFileOperationW
SHGetFolderPathAndSubDirW
SHGetFolderPathW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ErrorReport.exe
.exe windows:4 windows x86 arch:x86

eadada9b14fc50d843327593d54c00a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ErrorReport.pdb

Imports

kernel32

ReleaseMutex
OpenMutexW
CreateMutexW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
Sleep
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindClose
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetVersionExW
GetSystemInfo
GetModuleFileNameW
MultiByteToWideChar
CreateProcessW
GetCurrentThreadId
FormatMessageW
WaitForMultipleObjects
GetCommandLineW
CreateEventW
SetLastError
CreateThread
LocalFree
GetProcAddress
GlobalUnlock
GlobalFree
CreateFileW
GlobalAlloc
GlobalLock
GetLastError
GetTickCount
GetModuleHandleW
FindFirstFileW
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
VirtualFree
OpenEventW

imm32

ImmDisableIME

user32

DrawTextW
SetWindowPos
OffsetRect
CreateWindowExW
BeginPaint
SetTimer
PtInRect
GetCursorPos
GetWindowRect
SubtractRect
GetLastInputInfo
IntersectRect
MonitorFromRect
GetMessageW
InvalidateRect
EndPaint
TranslateMessage
FindWindowW
SetWindowLongW
DispatchMessageW
DestroyWindow
MonitorFromPoint
PostQuitMessage
GetWindowLongW
SetCursor
GetForegroundWindow
CloseWindow
LoadCursorW
RegisterClassExW
AdjustWindowRect
GetMonitorInfoW
DefWindowProcW
EmptyClipboard
CloseClipboard
MessageBoxW
OpenClipboard
GetSystemMetrics
SetClipboardData

gdi32

CreateFontIndirectW
GetStockObject
SetTextColor
BitBlt
SetViewportOrgEx
SetBkMode
DeleteObject
SelectObject
CreateSolidBrush
CreatePen
CreateCompatibleBitmap
Rectangle
CreateCompatibleDC
DeleteDC

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
RegCreateKeyExW
RegQueryValueExW
RegQueryValueW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/HWSignature.dll
.dll windows:4 windows x86 arch:x86

3805775f1dde052333909932d791dd7f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime33\Bin\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
GetProcessHeap
CopyFileA
DeviceIoControl
CloseHandle
HeapAlloc
HeapFree
GetSystemDirectoryA
lstrcatA
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/ImeHint.exe
.exe windows:4 windows x86 arch:x86

819ced62d1b59ec708b1ff8978a4b4b3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ImeHint.pdb

Imports

imm32

ImmDisableIME

kernel32

OpenMutexW
WaitForSingleObject
SetFileAttributesW
CopyFileW
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
FindClose
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
SetFilePointer
GetConsoleCP
ReleaseMutex
LoadLibraryA
GetLocaleInfoA
CreateDirectoryW
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileW
MoveFileExW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetModuleFileNameW
GetSystemInfo
GetVersionExW
CreateProcessW
MultiByteToWideChar
CreateThread
LocalFree
GetCurrentThreadId
FormatMessageW
WaitForMultipleObjects
GetCommandLineW
SetLastError
Sleep
OpenEventW
CreateEventW
InterlockedCompareExchange
InterlockedIncrement
GetProcAddress
GetFileSize
CreateFileW
ReadFile
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
GetModuleHandleW
GetLastError
GetConsoleMode
CreateMutexW
DeleteCriticalSection

user32

DrawTextW
GetMonitorInfoW
FindWindowW
GetForegroundWindow
DefWindowProcW
GetLastInputInfo
RegisterClassExW
GetMessageW
AdjustWindowRect
OffsetRect
CloseWindow
MonitorFromRect
LoadCursorW
EndPaint
PostQuitMessage
DestroyWindow
DispatchMessageW
BeginPaint
IntersectRect
PtInRect
SetWindowLongW
SetCursor
SubtractRect
CreateWindowExW
InvalidateRect
SetWindowPos
TranslateMessage
GetWindowLongW
SetTimer
GetCursorPos
GetWindowRect
GetSystemMetrics
MessageBoxW
MonitorFromPoint

gdi32

CreateFontIndirectW
GetStockObject
SetTextColor
CreatePen
CreateCompatibleDC
DeleteDC
CreateSolidBrush
SetBkMode
BitBlt
Rectangle
CreateCompatibleBitmap
SelectObject
DeleteObject
SetViewportOrgEx

advapi32

RegCreateKeyExW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegQueryValueExW
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ImeUtil.exe
.exe windows:4 windows x86 arch:x86

54306172970cc973f6ddea76e4b5f421

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ImeUtil.pdb

Imports

imm32

ImmDisableIME

kernel32

GlobalFree
GlobalAlloc
ReadFile
LoadLibraryW
GetProcAddress
SetLastError
CreateEventW
WaitForMultipleObjects
FormatMessageW
GetCurrentThreadId
MultiByteToWideChar
LocalFree
CreateThread
GetCommandLineW
GetVersionExW
GetModuleFileNameW
GetSystemInfo
InterlockedIncrement
InterlockedCompareExchange
CopyFileW
DeleteFileW
MoveFileExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
WideCharToMultiByte
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetFileSize
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentProcessId
LCMapStringA
LCMapStringW
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
GetModuleHandleW
HeapAlloc
OpenEventW
WriteFile
Sleep
CreateFileW
SetFileAttributesW
GetLastError
CreateDirectoryW
HeapFree
GetProcessHeap
CloseHandle
CreateProcessW
GetVersionExA

user32

PostQuitMessage
EndPaint
LoadCursorW
MonitorFromPoint
MonitorFromRect
CloseWindow
OffsetRect
GetMessageW
AdjustWindowRect
DrawTextW
DispatchMessageW
CreateWindowExW
InvalidateRect
SetWindowPos
TranslateMessage
GetWindowLongW
SetTimer
GetCursorPos
GetSystemMetrics
GetWindowRect
GetMonitorInfoW
GetForegroundWindow
DefWindowProcW
FindWindowW
GetLastInputInfo
SetForegroundWindow
RegisterClassExW
DestroyWindow
BeginPaint
IntersectRect
GetKeyboardLayoutList
SetWindowLongW
PtInRect
SetCursor
MessageBoxW
SubtractRect

advapi32

BuildExplicitAccessWithNameW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
RegQueryValueW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW

wininet

InternetReadFile
InternetOpenW
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoW
InternetOpenUrlW

gdi32

SetTextColor
GetStockObject
CreateCompatibleDC
DeleteDC
CreateSolidBrush
SetBkMode
DeleteObject
BitBlt
CreatePen
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
Rectangle
CreateFontIndirectW

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/PinyinUp.exe
.exe windows:4 windows x86 arch:x86

81144eb83d45d3f284106bd200988db2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\PinyinUp.pdb

Imports

wininet

HttpQueryInfoW
InternetCloseHandle
InternetSetCookieW
InternetOpenW
InternetOpenUrlW
InternetReadFile

shlwapi

StrToIntW
StrCmpIW

imm32

ImmDisableIME

ws2_32

gethostbyname

kernel32

GetExitCodeThread
FindClose
GetTempPathW
CreateDirectoryW
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
Sleep
FindNextFileW
HeapAlloc
HeapFree
GetProcessHeap
FormatMessageW
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
GetVersionExW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
ResumeThread
CloseHandle
SetThreadPriority
SuspendThread
FindFirstFileW
MultiByteToWideChar
GetPrivateProfileStringW
GetCurrentProcess
EnterCriticalSection
LocalFree
GetLocalTime
GetLastError
WriteConsoleA
CreateProcessW
GetCurrentDirectoryA
GetFullPathNameW
GetCurrentProcessId
SetEnvironmentVariableA
GetCurrentThreadId
WideCharToMultiByte
MoveFileExW
DeleteFileW
SetFileAttributesW
CopyFileW
ReadFile
CreateFileW
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
WriteFile
GlobalAlloc
GetCommandLineW
GlobalFree
CreateEventW
WaitForMultipleObjects
QueryPerformanceCounter
CreateThread
GetModuleHandleW
GetSystemInfo
GetModuleFileNameW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
OpenMutexW
CreateMutexW
InterlockedIncrement
InterlockedCompareExchange
OpenEventW
RemoveDirectoryW
GetProcAddress
LCMapStringW
GetTickCount
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetVersionExA
GetStartupInfoW
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP

user32

RegisterClassW
LoadCursorW
GetSystemMetrics
GetMessageW
SetCursor
ShowWindow
PostQuitMessage
InvalidateRect
GetWindowTextW
CreateWindowExW
GetDlgItem
SetWindowTextW
LoadIconW
GetWindowLongW
DispatchMessageW
SetWindowPos
EnableMenuItem
TranslateMessage
SendMessageW
DefWindowProcW
GetSystemMenu
MessageBoxW
ExitWindowsEx

gdi32

CreateFontIndirectW

advapi32

RegQueryValueW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
AllocateAndInitializeSid
SetNamedSecurityInfoW
RegCloseKey
FreeSid
GetTokenInformation
EqualSid
LookupAccountSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

hwsignature

GenHWID

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/Resource.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/ScdMaker.exe
.exe windows:4 windows x86 arch:x86

b61c88b32d5d44dc2d3dbf818ee6a596

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ScdMaker.pdb

Imports

imm32

ImmDisableIME

kernel32

CloseHandle
LocalFree
CreateThread
FormatMessageW
GetCommandLineW
FindClose
FindNextFileW
FindFirstFileW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
CreateFileMappingW
GetVersionExW
GetSystemInfo
GetModuleFileNameW
GetModuleHandleW
SetFileAttributesW
MoveFileExW
CreateDirectoryW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
WriteFile
ReadFile
FlushFileBuffers
GetFileSize
SetFilePointer
InterlockedIncrement
InterlockedCompareExchange
RemoveDirectoryW
LCMapStringW
GetTickCount
Sleep
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
GetCurrentThreadId
HeapReAlloc
GetTimeZoneInformation
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LoadLibraryA
GetLocaleInfoW
CreateFileA
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalAlloc
WaitForMultipleObjects
CreateEventW
CreateProcessW
GlobalFree
SetLastError
WideCharToMultiByte
GetLastError
DeleteFileW
MultiByteToWideChar
CopyFileW
RaiseException

user32

MessageBoxW

advapi32

RegCreateKeyExW
RegQueryValueW
RegQueryValueExW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ScdReg.exe
.exe windows:4 windows x86 arch:x86

b9d549f1f267cec71843909cce4fcf93

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ScdReg.pdb

Imports

imm32

ImmDisableIME

kernel32

CloseHandle
GetSystemInfo
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
OpenFileMappingW
SetFileAttributesW
MoveFileExW
CreateDirectoryW
CopyFileW
MultiByteToWideChar
CreateProcessW
GlobalFree
WaitForMultipleObjects
GlobalAlloc
GetCurrentThreadId
FormatMessageW
CreateThread
InterlockedCompareExchange
InterlockedIncrement
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
RemoveDirectoryW
LCMapStringW
GetTickCount
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FileTimeToSystemTime
OpenEventW
GetDriveTypeW
HeapReAlloc
GetTimeZoneInformation
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateEventW
SetLastError
GetLastError
Sleep
LocalFree
WideCharToMultiByte
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
FileTimeToLocalFileTime

user32

MessageBoxW

advapi32

RegCreateKeyExW
RegQueryValueW
RegSetValueExW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ScdViewer.exe
.exe windows:4 windows x86 arch:x86

2fd4ce42f3412d026ae3bf4cbdcf77fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\ScdViewer.pdb

Imports

user32

GetSystemMetrics
GetWindowRect
SendMessageW
GetDlgItem
EndDialog
SetWindowPos
DialogBoxParamW
MessageBoxW

gdi32

GetStockObject

imm32

ImmDisableIME

kernel32

GetCurrentThreadId
FormatMessageW
CloseHandle
LocalFree
MultiByteToWideChar
SetLastError
GlobalFree
GetCommandLineW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileSize
WaitForSingleObject
ReleaseMutex
OpenMutexW
CreateMutexW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
GetSystemInfo
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
SetFileAttributesW
GetLastError
GetStringTypeW
GetCPInfo
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
CreateDirectoryW
DeleteFileW
RaiseException
MoveFileExW
GetStartupInfoW
GetStringTypeA

advapi32

BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegQueryValueW
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityInfo

shell32

SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/SkinEditor.exe
.exe windows:4 windows x86 arch:x86

6fc1d7a0305884e43c62ac34e3d582db

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
GetTimeZoneInformation
InitializeCriticalSection
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetLastError
GetLastError
CopyFileW
DeleteFileW
GetTempPathW
GetLongPathNameW
CreateFileW
CloseHandle
RemoveDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindClose
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
SetStdHandle
GetCPInfo
InterlockedDecrement
LockResource
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
LoadLibraryW
GetProcAddress
ReadFile
GlobalAlloc
GlobalFree
GetFileSize
GlobalLock
GlobalUnlock
GetModuleHandleW
GetTickCount
GetVersionExW
GlobalReAlloc
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
LocalFree
GetCurrentThreadId
GetCommandLineW
InterlockedIncrement
InterlockedCompareExchange
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
SetFileAttributesW
MoveFileExW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetFilePointer
WriteFile
FlushFileBuffers
FindNextFileW
FreeLibrary
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

RegisterClassExW
CharNextW
LoadCursorW
SetWindowPlacement
GetSystemMetrics
GetWindowPlacement
DestroyAcceleratorTable
SetCursor
SetCapture
SetTimer
KillTimer
PostMessageW
ReleaseCapture
GetCursorPos
DrawIconEx
GetClassLongW
CheckDlgButton
GetWindowTextLengthW
EnableWindow
EndDialog
DialogBoxParamW
CreateDialogParamW
DefWindowProcW
RegisterClassW
SetFocus
ScreenToClient
CreateWindowExW
GetSysColor
GetWindowTextW
FillRect
GetScrollInfo
ScrollWindow
GetWindowLongW
SetWindowLongW
SetScrollInfo
BeginPaint
EndPaint
IsDlgButtonChecked
GetSysColorBrush
OffsetRect
SetWindowPos
GetWindowRect
DrawTextW
SetWindowRgn
GetDesktopWindow
LoadImageW
LoadIconW
SetRect
PtInRect
SetCursorPos
GetMonitorInfoW
UpdateLayeredWindow
SubtractRect
MonitorFromPoint
RedrawWindow
IntersectRect
GetCursor
TrackMouseEvent
CallWindowProcW
InflateRect
InvalidateRect
GetDC
ReleaseDC
GetDlgCtrlID
MoveWindow
GetDlgItem
DestroyWindow
PostQuitMessage
MessageBoxW
SetWindowTextW
GetClientRect
GetMenu
EnableMenuItem
GetMessageW
GetParent
GetClassNameW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
LoadMenuW
SetMenu
LoadAcceleratorsW
SendMessageW
UpdateWindow
DestroyMenu

gdi32

Rectangle
SelectObject
CreateSolidBrush
CreateFontIndirectW
CreatePen
SetViewportOrgEx
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
GetPixel
EnumFontFamiliesExW
GetTextExtentPointW
ExtCreateRegion
CombineRgn
OffsetRgn
GetTextMetricsW
SetBkColor
MoveToEx
SelectClipRgn
GetKerningPairsW
LineTo
GetFontData
GetObjectW
GetGlyphOutlineW
TextOutW
CreateDIBSection
SetTextColor
SetBkMode
DeleteObject
GetStockObject

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
CommDlgExtendedError

shell32

DragAcceptFiles
SHGetSpecialFolderPathW
SHFileOperationW
DragQueryFileW
DragFinish

msimg32

TransparentBlt
GradientFill
AlphaBlend

imm32

ImmDisableIME

ziplib

UnZip
ZipFolder

advapi32

RegCloseKey
SetSecurityInfo
RegOpenKeyExW
RegQueryValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegQueryValueExW
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/SkinReg.exe
.exe windows:4 windows x86 arch:x86

bc2f628937d4058c840ae1875d55d8ab

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\SkinReg.pdb

Imports

user32

DrawTextW
SetWindowPos
GetWindowLongW
TranslateMessage
GetCursorPos
SetTimer
GetSystemMetrics
GetWindowRect
GetMonitorInfoW
GetForegroundWindow
GetLastInputInfo
DefWindowProcW
FindWindowW
SetForegroundWindow
RegisterClassExW
AdjustWindowRect
OffsetRect
CloseWindow
MonitorFromRect
MonitorFromPoint
LoadCursorW
EndPaint
PostQuitMessage
DestroyWindow
DispatchMessageW
BeginPaint
IntersectRect
SetWindowLongW
PtInRect
SetCursor
CreateWindowExW
SubtractRect
InvalidateRect
GetMessageW
MessageBoxW

imm32

ImmDisableIME

kernel32

InterlockedCompareExchange
RemoveDirectoryW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
WideCharToMultiByte
FreeLibrary
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
FindFirstFileW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
Sleep
HeapSize
SetFilePointer
InterlockedIncrement
GetConsoleMode
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindNextFileW
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
LocalFree
MultiByteToWideChar
CreateProcessW
GetCurrentThreadId
FormatMessageW
WaitForMultipleObjects
CreateEventW
SetLastError
CreateThread
GetModuleFileNameW
GetCommandLineW
GetVersionExW
GetSystemInfo
SetFileAttributesW
DeleteFileW
CreateDirectoryW
MoveFileExW
CopyFileW
GetProcAddress
LoadLibraryW
GlobalFree
CloseHandle
GetFileSize
CreateFileW
GlobalAlloc
ReadFile
GetTickCount
GetModuleHandleW
GetLastError
GetConsoleCP
FindClose
InitializeCriticalSection

gdi32

CreateFontIndirectW
GetStockObject
SetTextColor
DeleteObject
BitBlt
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
Rectangle
CreatePen
CreateCompatibleDC
DeleteDC
SetBkMode
CreateSolidBrush

advapi32

GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
GetSecurityInfo

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/SogouTSF.dll
.dll regsvr32 windows:4 windows x86 arch:x86

eeaf1cf892d8e72dc6f6ddfd02e103df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime33\Bin\SogouInput\SogouTSF.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW

ole32

CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/SpeedMeter.exe
.exe windows:4 windows x86 arch:x86

a248a7ff37d9332d68ad414c2d0103df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\SpeedMeter.pdb

Imports

kernel32

GlobalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTickCount
GlobalLock
GlobalUnlock
GlobalAlloc
GetLastError
GetModuleHandleW
GetCommandLineW
GetVersionExW
GetSystemInfo
GetModuleFileNameW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
OpenFileMappingW
CloseHandle
FormatMessageW
GetCurrentThreadId
MultiByteToWideChar
CreateProcessW
LocalFree
CreateThread
SetLastError
CreateEventW
WaitForMultipleObjects
InterlockedCompareExchange
InterlockedIncrement
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
MoveFileExW
DeleteFileW
CreateDirectoryW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
CopyFileW
SetFileAttributesW
WideCharToMultiByte
GetProcAddress
LCMapStringW
Sleep
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
ReadFile
FlushFileBuffers
SetFilePointer
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
CreateFileA
GetFileSize

user32

SetWindowLongW
DestroyWindow
DialogBoxParamW
CreateDialogParamW
GetWindowLongW
SetWindowTextW
EndDialog
GetWindowTextLengthW
SendMessageW
LoadIconW
CloseClipboard
OpenClipboard
SetClipboardData
EmptyClipboard
MessageBoxW
ShowWindow
SetForegroundWindow
IsIconic
FindWindowW
GetDlgItem
SetTimer
GetWindowTextW

comctl32

InitCommonControlsEx

imm32

ImmDisableIME

advapi32

SetNamedSecurityInfoW
RegQueryValueExW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegQueryValueW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/UserPage.exe
.exe windows:4 windows x86 arch:x86

c1753cbe9155bff72dbc8a9f999aa469

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\UserPage.pdb

Imports

imm32

ImmSetConversionStatus
ImmGetContext
ImmDisableIME

kernel32

GetLastError
GetModuleHandleW
CreateEventW
CloseHandle
CreateThread
TlsAlloc
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleFileNameW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetTickCount
GetVersionExW
GlobalAlloc
GlobalFree
GetFileSize
ReadFile
CreateFileW
LoadLibraryW
GetProcAddress
WideCharToMultiByte
WaitForMultipleObjects
GetCurrentThreadId
GetCommandLineW
FormatMessageW
LocalFree
CreateProcessW
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OpenMutexW
WaitForSingleObject
ReleaseMutex
CreateMutexW
DeleteFileW
MoveFileExW
SetFileAttributesW
CreateDirectoryW
CopyFileW
OpenEventW
Sleep
FindFirstFileW
FindClose
FindNextFileW
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
InterlockedIncrement
InterlockedCompareExchange
RemoveDirectoryW
SetFilePointer
WriteFile
FlushFileBuffers
FreeLibrary
LCMapStringW
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
HeapSize
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP

user32

GetDlgItemTextW
SendMessageW
GetClassNameW
SetWindowTextW
GetCursorPos
GetDlgCtrlID
GetWindowRect
SetCapture
MoveWindow
GetWindowLongW
OffsetRect
CheckDlgButton
DialogBoxParamW
DestroyWindow
CreateDialogParamW
SetWindowRgn
UpdateLayeredWindow
FillRect
GetSystemMetrics
InvalidateRect
DefWindowProcW
SubtractRect
GetMonitorInfoW
GetCursor
PtInRect
MonitorFromPoint
SetRect
BeginPaint
EndPaint
KillTimer
RegisterClassExW
InflateRect
TrackMouseEvent
GetParent
CallWindowProcW
CharNextW
ReleaseCapture
SetWindowLongW
RedrawWindow
SetCursorPos
LoadBitmapW
ActivateKeyboardLayout
GetKeyboardLayoutList
SetForegroundWindow
IsIconic
CreateWindowExW
SetClassLongW
LoadCursorW
SetCursor
EnableWindow
ReleaseDC
IsDlgButtonChecked
PostMessageW
FindWindowW
DrawTextW
IntersectRect
SetFocus
EndDialog
MessageBoxW
GetDC
SetTimer
SetWindowPos
GetWindowTextW
SetDlgItemTextW
GetDlgItem
ShowWindow

gdi32

SelectObject
GetTextExtentPoint32W
DeleteDC
CreateCompatibleDC
GetPixel
GetObjectW
CreateSolidBrush
GetStockObject
TextOutW
CombineRgn
OffsetRgn
CreateDIBSection
GetFontData
GetGlyphOutlineW
SetTextColor
GetTextMetricsW
SelectClipRgn
GetKerningPairsW
SetBkColor
StretchBlt
Rectangle
CreateFontIndirectW
GetTextExtentPointW
CreatePen
LineTo
MoveToEx
BitBlt
DeleteObject
CreateCompatibleBitmap
SetBkMode

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend
TransparentBlt

wininet

InternetReadFile
InternetCloseHandle
HttpEndRequestW
InternetCanonicalizeUrlW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW

advapi32

GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegCloseKey
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
SetNamedSecurityInfoW

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 666KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/UsrDictUtil.exe
.exe windows:4 windows x86 arch:x86

88e8e74f3ec0007acf22057e6057bc67

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\UsrDictUtil.pdb

Imports

imm32

ImmDisableIME

user32

MessageBoxW

kernel32

SetFileAttributesW
CopyFileW
GlobalFree
CreateEventW
WaitForMultipleObjects
GlobalAlloc
GetCommandLineW
GetCurrentThreadId
FormatMessageW
LocalFree
CreateThread
MultiByteToWideChar
CreateProcessW
SetLastError
InterlockedIncrement
InterlockedCompareExchange
GetModuleFileNameW
GetModuleHandleW
GetSystemInfo
GetVersionExW
Sleep
OpenEventW
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
ReadFile
FindNextFileW
FindFirstFileW
FindClose
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
RemoveDirectoryW
LCMapStringW
GetTickCount
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
HeapReAlloc
GetTimeZoneInformation
GetCPInfo
GetStringTypeA
GetStringTypeW
LCMapStringA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateDirectoryW
MoveFileExW
CloseHandle
GetLastError
OpenFileMappingW
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
GetDriveTypeW

advapi32

RegCreateKeyExW
RegQueryValueW
RegQueryValueExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegOpenKeyExW
RegCloseKey

shell32

SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/Wizard.exe
.exe windows:4 windows x86 arch:x86

530c47d19bc90ee9db4ef1de0c4a3c97

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\Wizard.pdb

Imports

kernel32

SizeofResource
FindClose
FindResourceW
LockResource
CloseHandle
LoadLibraryExW
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
CreateFileW
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryW
GetVersionExW
GetTickCount
GlobalReAlloc
CreateDirectoryW
DeleteFileW
SetFileAttributesW
CopyFileW
MoveFileExW
LocalFree
GetCommandLineW
CreateThread
FormatMessageW
MultiByteToWideChar
SetLastError
CreateProcessW
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
GetSystemInfo
GetModuleFileNameW
InterlockedIncrement
InterlockedCompareExchange
MapViewOfFile
UnmapViewOfFile
GetLastError
OpenFileMappingW
RemoveDirectoryW
FindNextFileW
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateMutexW
ReleaseMutex
OpenMutexW
SetFilePointer
WriteFile
FlushFileBuffers
FreeLibrary
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadResource
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
Sleep
HeapSize
VirtualAlloc
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
FindFirstFileW
CreateFileMappingW
GetModuleHandleW

user32

DialogBoxParamW
SetClassLongW
CharNextW
DrawTextW
LoadImageW
GetMonitorInfoW
KillTimer
UpdateLayeredWindow
SetCapture
SubtractRect
SetCursor
PtInRect
GetCursorPos
SetWindowPos
MonitorFromPoint
IntersectRect
GetSystemMetrics
RedrawWindow
ReleaseCapture
SetRect
GetCursor
SetCursorPos
TrackMouseEvent
GetParent
CallWindowProcW
SetWindowRgn
SetWindowLongW
SetScrollInfo
GetScrollInfo
CheckDlgButton
CreateWindowExW
DefWindowProcW
FindWindowW
SetForegroundWindow
IsIconic
InflateRect
ReleaseDC
FillRect
BeginPaint
GetUpdateRect
GetDC
OffsetRect
InvalidateRect
EndPaint
SetTimer
SetWindowTextW
ScreenToClient
GetFocus
GetWindowRect
LoadIconW
ShowWindow
LoadBitmapW
EndDialog
PostMessageW
MessageBoxW
GetClientRect
MoveWindow
GetDlgItem
SendMessageW
EnableWindow
GetDlgCtrlID
IsDlgButtonChecked
DestroyWindow
CreateDialogParamW
GetWindowLongW
GetDesktopWindow
LoadCursorW

gdi32

ExtCreateRegion
GetTextExtentPointW
CombineRgn
OffsetRgn
GetPixel
GetStockObject
GetGlyphOutlineW
SetBkColor
TextOutW
SelectClipRgn
GetKerningPairsW
GetClipRgn
SelectObject
DeleteObject
StretchBlt
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
CreatePen
Rectangle
CreateSolidBrush
CreateCompatibleBitmap
GetTextExtentPoint32W
BitBlt
DeleteDC
MoveToEx
LineTo
SetBkMode
CreateDIBSection
GetTextMetricsW
GetFontData
CreateRectRgn
SetTextColor

comctl32

InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt
GradientFill

imm32

ImmDisableIME

advapi32

GetNamedSecurityInfoW
RegQueryValueW
RegCreateKeyExW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

Sections

.text
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ZipLib.dll
.dll windows:4 windows x86 arch:x86

1f9bbcf64bd00ab9c608fd36f2184919

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
GetFileTime
FileTimeToLocalFileTime
GetVersion
FindNextFileA
GlobalLock
GlobalAlloc
CloseHandle
GlobalFree
lstrcmpiA
lstrlenA
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetVolumeLabelA
SetFilePointer
GetLocaleInfoA
SetEndOfFile
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetLocalTime
lstrcpyA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
ReleaseMutex
CreateMutexA
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
GetVolumeInformationA
InitializeCriticalSection
GetDriveTypeA
GetProcessHeap
GetLastError
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
MultiByteToWideChar
MoveFileW
CopyFileW
GetTempPathA
FindClose
FindNextFileW
FindFirstFileW
GlobalUnlock
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InterlockedDecrement
GetCPInfo
MoveFileA
SetStdHandle
HeapReAlloc
GetFileInformationByHandle
PeekNamedPipe
RtlUnwind
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoA
Sleep
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
GetTimeZoneInformation
HeapSize
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueA
GetKernelObjectSecurity
GetSecurityDescriptorSacl
IsValidAcl

Exports

Exports

UnZip
UnZipEx
ZipFolder
ZipFolderEx

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/ZipLib64.dll
.dll windows:4 windows x64 arch:x64

c72b7e0f1eaf64b127485b3988f7b2c9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
CreateMutexA
CreateFileA
ReleaseMutex
GetFileTime
FileTimeToLocalFileTime
GetVersion
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
FindNextFileA
GlobalLock
GlobalAlloc
GlobalUnlock
GetVolumeInformationA
lstrcmpiA
lstrlenA
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetLocalTime
DosDateTimeToFileTime
SetVolumeLabelA
LocalFileTimeToFileTime
SetFilePointer
GetLocaleInfoA
SetEndOfFile
lstrcpyA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
InitializeCriticalSection
GetDriveTypeA
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
CloseHandle
WideCharToMultiByte
GetTempPathW
CreateDirectoryW
MultiByteToWideChar
GetTempPathA
MoveFileW
CopyFileW
GetLastError
FindNextFileW
FindClose
GlobalFree
FindFirstFileW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
MoveFileA
GetCPInfo
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapSetInformation
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RaiseException
RtlPcToFileHeader
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
Sleep
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidAcl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueA
GetKernelObjectSecurity
OpenProcessToken
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl

Exports

Exports

UnZip
UnZipEx
ZipFolder
ZipFolderEx

Sections

.text
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/config.exe
.exe windows:4 windows x86 arch:x86

b698a9e47b565a751b92c2454be0de0d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime33\Bin\SogouInput\config.pdb

Imports

imm32

ImmGetContext
ImmSetOpenStatus
ImmDisableIME

comctl32

InitCommonControlsEx

kernel32

LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
OpenEventW
GetLastError
CreateProcessW
GetTickCount
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetLocalTime
FindFirstFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
HeapSize
GetCurrentProcessId
FindClose
LockResource
FindResourceW
LoadResource
SizeofResource
LoadLibraryExW
LoadLibraryW
GetProcAddress
ReadFile
GlobalAlloc
CreateFileW
GlobalFree
GlobalUnlock
GlobalLock
GetFileSize
GetVersionExW
GetModuleHandleW
GlobalReAlloc
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
ReleaseMutex
OpenMutexW
FormatMessageW
MultiByteToWideChar
GetCommandLineW
SetLastError
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
LocalFree
CreateThread
InterlockedIncrement
InterlockedCompareExchange
CopyFileW
DeleteFileW
SetFileAttributesW
MoveFileExW
CreateDirectoryW
RemoveDirectoryW
FindNextFileW
GetSystemInfo
GetModuleFileNameW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FlushFileBuffers
SetFilePointer
WriteFile
FreeLibrary
LCMapStringW
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeZoneInformation
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA

user32

SetWindowLongW
SendMessageW
GetDlgItem
OffsetRect
ClientToScreen
CreateWindowExW
GetWindowLongW
GetWindowTextLengthW
GetUpdateRect
GetDC
ReleaseDC
ScreenToClient
GetDlgItemTextW
GetWindowTextW
InvalidateRect
CheckRadioButton
LoadCursorW
SetWindowRgn
DefWindowProcW
GetDesktopWindow
DestroyWindow
CreateDialogParamW
DialogBoxParamW
LoadImageW
CharNextW
SetRect
PtInRect
SetCursorPos
MonitorFromPoint
GetCursorPos
SetWindowPos
IntersectRect
RedrawWindow
ReleaseCapture
UpdateLayeredWindow
GetCursor
SetCapture
SetCursor
GetMonitorInfoW
SubtractRect
InflateRect
LoadStringW
CheckDlgButton
EnableWindow
PostMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetTimer
EndDialog
KillTimer
SetWindowTextW
FillRect
DrawTextW
EndPaint
BeginPaint
FindWindowW
SetForegroundWindow
IsIconic
GetWindowRect
GetClientRect
SetFocus
MoveWindow
MessageBoxW
GetSystemMetrics
LoadIconW
ShowWindow

gdi32

SetTextColor
CreateRectRgn
GetTextExtentPoint32W
GetObjectW
EnumFontFamiliesExW
SelectClipRgn
GetDeviceCaps
SetViewportOrgEx
GetTextExtentPointW
CreateCompatibleDC
OffsetRgn
ExtCreateRegion
LineTo
CombineRgn
BitBlt
GetPixel
CreateCompatibleBitmap
CreateDIBSection
GetTextMetricsW
GetKerningPairsW
GetFontData
GetGlyphOutlineW
SetBkMode
Rectangle
DeleteDC
MoveToEx
DeleteObject
CreateSolidBrush
CreateFontIndirectW
StretchBlt
SelectObject
SetBkColor
TextOutW
GetStockObject
CreatePen

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

msimg32

TransparentBlt
AlphaBlend
GradientFill

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
RegCreateKeyExW
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Sections

.text
Size: 512KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/sgim_sys.bin
InstTemp/userNetSchedule.exe
.exe windows:4 windows x86 arch:x86

27bed4e079f9e793ce5fd241d1840f6f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

MoveFileExW
CreateDirectoryW
SetFileAttributesW
SetLastError
SetFilePointer
WriteFile
FlushFileBuffers
WaitForMultipleObjects
GetCommandLineW
GetCurrentThreadId
FormatMessageW
LocalFree
CreateThread
MultiByteToWideChar
CreateEventW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
InterlockedCompareExchange
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
Sleep
OpenEventW
RemoveDirectoryW
GetSystemInfo
GetVersionExW
GetModuleFileNameW
WideCharToMultiByte
FreeLibrary
LCMapStringW
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
LoadLibraryW
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
GlobalFree
CreateFileW
GetFileSize
ReadFile
GlobalAlloc
GetTickCount
CreateProcessW
DeleteFileW
GetTempFileNameW
CloseHandle
GetLastError
CopyFileW
GetModuleHandleW
InterlockedDecrement

user32

OffsetRect
GetMessageW
AdjustWindowRect
RegisterClassExW
DrawTextW
MessageBoxW
IntersectRect
PtInRect
SetWindowLongW
CloseWindow
SubtractRect
InvalidateRect
SetWindowPos
TranslateMessage
GetWindowLongW
GetCursorPos
SetTimer
GetSystemMetrics
GetMonitorInfoW
GetWindowRect
DefWindowProcW
GetForegroundWindow
GetLastInputInfo
FindWindowW
MonitorFromRect
MonitorFromPoint
LoadCursorW
LoadIconW
CreateWindowExW
DestroyWindow
DispatchMessageW
PostQuitMessage
EndPaint
SetCursor
BeginPaint

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ziplib

UnZip
ZipFolder

wininet

InternetConnectW
InternetCloseHandle
InternetReadFile
HttpEndRequestW
InternetCanonicalizeUrlW
HttpSendRequestExW
InternetQueryOptionW
InternetWriteFile
HttpSendRequestW
InternetSetOptionW
InternetGetCookieW
InternetSetCookieW
InternetOpenW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW

gdi32

CreateSolidBrush
SetBkMode
DeleteObject
SelectObject
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
DeleteDC
Rectangle
CreateCompatibleDC
CreatePen
SetTextColor
GetStockObject
CreateFontIndirectW

advapi32

SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegQueryValueW
GetSecurityInfo

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 224KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 7KB - Virtual size: 8KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 472B

23c66f324e0bfa41a56200360ba3ef41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

shell32

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 48KB - Virtual size: 47KB

eadada9b14fc50d843327593d54c00a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

UPX0
Size: - Virtual size: 224KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 48KB - Virtual size: 47KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1020B

.reloc
Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate