17fc0a119eb3d564d86d9bb8d0c7bcaa_JaffaCakes118

resource
17fc0a119eb3d564d86d9bb8d0c7bcaa_JaffaCakes118
unpack001/$1
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/Base64.dll
unpack001/$PLUGINSDIR/SimpleSC.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/Base64.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/inetc.dll
unpack001/bin/MatroskaSplitter.ax

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$1	nsis_installer_1
static1/unpack001/$TEMP/KWMUSIC/DownloadUpdate.exe	nsis_installer_1
static1/unpack001/$TEMP/KWMUSIC/DownloadUpdate.exe	nsis_installer_2

.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

GetTickCount

CreateFileA

GetFileSize

GetModuleFileNameA

GetCurrentProcess

CopyFileA

ExitProcess

SetFileTime

GetTempPathA

GetCommandLineA

SetErrorMode

LoadLibraryA

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

CreateProcessA

RemoveDirectoryA

GetTempFileNameA

lstrlenA

lstrcatA

GetSystemDirectoryA

GetVersion

CloseHandle

lstrcmpiA

lstrcmpA

ExpandEnvironmentStringsA

GlobalFree

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

GetModuleHandleA

LoadLibraryExA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

GetPrivateProfileStringA

WriteFile

ReadFile

MulDiv

SetFilePointer

FindClose

FindNextFileA

FindFirstFileA

DeleteFileA

GetWindowsDirectoryA

user32

EndDialog

ScreenToClient

GetWindowRect

EnableMenuItem

GetSystemMenu

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

GetWindowLongA

SetCursor

LoadCursorA

CheckDlgButton

GetMessagePos

LoadBitmapA

CallWindowProcA

IsWindowVisible

CloseClipboard

SetClipboardData

EmptyClipboard

RegisterClassA

TrackPopupMenu

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxIndirectA

CharPrevA

DispatchMessageA

PeekMessageA

DestroyWindow

CreateDialogParamA

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

wsprintfA

SendMessageTimeoutA

FindWindowExA

SystemParametersInfoA

CreateWindowExA

GetClassInfoA

DialogBoxParamA

CharNextA

OpenClipboard

ExitWindowsEx

IsWindow

GetDlgItem

SetWindowLongA

LoadImageA

GetDC

EnableWindow

InvalidateRect

SendMessageA

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

ShowWindow

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegQueryValueExA

RegSetValueExA

RegEnumKeyA

RegEnumValueA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegCreateKeyExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

CoTaskMemFree

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$1

.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

CreateFileA

GetFileSize

GetModuleFileNameA

GetTickCount

GetCurrentProcess

SetFileTime

ExitProcess

GetCommandLineA

GetWindowsDirectoryA

GetTempPathA

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

CreateProcessA

RemoveDirectoryA

GetTempFileNameA

lstrlenA

lstrcatA

GetSystemDirectoryA

CloseHandle

lstrcmpiA

lstrcmpA

GetEnvironmentVariableA

ExpandEnvironmentStringsA

GlobalFree

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

SetErrorMode

GetModuleHandleA

LoadLibraryA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

GetPrivateProfileStringA

WriteFile

ReadFile

SetFilePointer

FindClose

MulDiv

FindNextFileA

FindFirstFileA

DeleteFileA

CopyFileA

user32

ExitWindowsEx

CharNextA

DialogBoxParamA

GetClassInfoA

SystemParametersInfoA

RegisterClassA

EndDialog

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

CheckDlgButton

GetAsyncKeyState

IsDlgButtonChecked

GetMessagePos

LoadBitmapA

IsWindowVisible

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

CreateDialogParamA

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxA

CharPrevA

wvsprintfA

DispatchMessageA

PeekMessageA

SendMessageTimeoutA

FindWindowExA

IsWindow

GetDlgItem

LoadImageA

GetDC

EnableWindow

InvalidateRect

CreateWindowExA

GetWindowLongA

DrawFocusRect

DestroyWindow

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

ShowWindow

TrackPopupMenu

wsprintfA

SendMessageA

CallWindowProcA

MapWindowPoints

GetWindowRect

ScreenToClient

PtInRect

LoadCursorA

SetCursor

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

SetWindowLongA

gdi32

SetBkColor

GetDeviceCaps

GetCurrentObject

GetObjectA

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetMalloc

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegEnumKeyA

RegEnumValueA

RegSetValueExA

RegCreateKeyExA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegQueryValueExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallOptions.dll

.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA

GetCurrentDirectoryA

GetPrivateProfileIntA

GetModuleHandleA

lstrcmpiA

GetPrivateProfileStringA

lstrcatA

lstrcpynA

WritePrivateProfileStringA

lstrlenA

lstrcpyA

GlobalFree

MultiByteToWideChar

GlobalAlloc

user32

GetDlgCtrlID

GetClientRect

SetWindowRgn

MapWindowPoints

LoadImageA

SetWindowLongA

CreateWindowExA

MapDialogRect

SetWindowPos

GetWindowRect

CreateDialogParamA

ShowWindow

EnableWindow

GetDlgItem

DestroyIcon

DestroyWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

PtInRect

LoadCursorA

SetCursor

DrawTextA

GetWindowLongA

DrawFocusRect

CallWindowProcA

PostMessageA

MessageBoxA

CharNextA

wsprintfA

GetWindowTextA

SetWindowTextA

SendMessageA

LoadIconA

gdi32

SetTextColor

GetObjectA

SelectObject

GetDIBits

CreateRectRgn

CombineRgn

DeleteObject

CreateCompatibleDC

shell32

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetDesktopFolder

SHGetMalloc

ShellExecuteA

comdlg32

GetOpenFileNameA

GetSaveFileNameA

CommDlgExtendedError

Exports

dialog

initDialog

show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KillProcDLL.dll

.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess

CloseHandle

OpenProcess

FreeLibrary

LoadLibraryA

GetProcAddress

GetVersionExA

GlobalFree

lstrcpyA

InterlockedDecrement

InterlockedIncrement

GetCommandLineA

GetVersion

HeapFree

HeapAlloc

WideCharToMultiByte

MultiByteToWideChar

LCMapStringA

LCMapStringW

InitializeCriticalSection

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

ExitProcess

GetCurrentProcess

HeapReAlloc

HeapSize

GetCurrentThreadId

TlsSetValue

TlsAlloc

TlsFree

TlsGetValue

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

GetModuleFileNameA

FreeEnvironmentStringsA

FreeEnvironmentStringsW

GetEnvironmentStrings

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

WriteFile

VirtualAlloc

RtlUnwind

GetCPInfo

GetStringTypeA

GetStringTypeW

GetACP

GetOEMCP

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KuWoNsis_new.dll

.dll windows:5 windows x86 arch:x86

ffd4412e307ea3d6ae2310c454bc8fc7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/12/2009, 00:00

Not After

02/12/2011, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:b8:74:4e:1e:f5:7b:81:8b:6c:d2:bb:df:2f:4e:29:17:84:18:bd
Signer

Actual PE Digest

ea:b8:74:4e:1e:f5:7b:81:8b:6c:d2:bb:df:2f:4e:29:17:84:18:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA

lstrcpynA

GlobalAlloc

FindClose

FindNextFileA

FindFirstFileA

MoveFileExA

DeleteFileA

GetVersionExA

GetExitCodeProcess

WaitForSingleObject

GetExitCodeThread

CreateThread

Process32Next

TerminateProcess

DuplicateHandle

GlobalFree

GetCurrentProcessId

Process32First

CreateToolhelp32Snapshot

CreateProcessA

OpenProcess

CreateDirectoryA

SetFileTime

LocalFileTimeToFileTime

SystemTimeToFileTime

GetLocalTime

GetTempPathA

GetFileAttributesA

MoveFileA

GetLastError

RemoveDirectoryA

GetTempFileNameA

DeviceIoControl

GetLogicalDrives

CreateFileA

CloseHandle

GetLogicalDriveStringsA

GetDriveTypeA

GetCurrentProcess

GetDiskFreeSpaceExA

GetProcessHeap

SetEndOfFile

LoadLibraryA

InitializeCriticalSectionAndSpinCount

RtlUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RaiseException

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCommandLineA

HeapFree

HeapAlloc

GetModuleHandleW

GetProcAddress

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

WideCharToMultiByte

MultiByteToWideChar

LCMapStringW

WriteFile

GetConsoleCP

GetConsoleMode

EnterCriticalSection

LeaveCriticalSection

ReadFile

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

VirtualAlloc

HeapReAlloc

HeapSize

SetFilePointer

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

SetStdHandle

FlushFileBuffers

advapi32

RegQueryValueExA

RegCloseKey

GetNamedSecurityInfoA

BuildExplicitAccessWithNameA

SetEntriesInAclA

SetNamedSecurityInfoA

RegOpenKeyExA

shell32

ShellExecuteExA

SHGetSpecialFolderPathA

shlwapi

PathRemoveBlanksA

StrStrIA

PathFileExistsA

PathRemoveBackslashA

PathIsDirectoryEmptyA

PathAddBackslashA

PathIsDirectoryA

Exports

AddDirAccessRights

AddRegAccessRights

ClearInstDir

CreateCachePath

DecodePath

Decryptx

GetFileName

GetInstallDate

IsDirEmpty

IsDirEmptyExcept

IsSubFoler

KwKillProc

KwKillProcEx

ModifyCacheFileAsNow

RenameDeletePathAllFiles

XORBase64

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

lstrcpyA

lstrcpynA

FreeLibrary

lstrcatA

GetProcAddress

LoadLibraryA

GetModuleHandleA

MultiByteToWideChar

lstrlenA

WideCharToMultiByte

GetLastError

VirtualAlloc

VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/inetc.dll

.dll windows:4 windows x86 arch:x86

5d31a4a9e83c0a8e38bab1f57d28402c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

msvcrt

strtoul

_adjust_fdiv

malloc

_initterm

free

_mbsrchr

memset

_mbsstr

_mbschr

strtol

strlen

kernel32

DeleteFileA

CreateThread

WaitForSingleObject

TerminateThread

GetModuleHandleA

MulDiv

lstrcpyA

GlobalAlloc

LoadLibraryA

GetProcAddress

lstrcmpiA

WriteFile

ReadFile

lstrlenA

lstrcmpA

lstrcpynA

GetLastError

CreateFileA

GlobalFree

CloseHandle

SleepEx

SetFilePointer

GetTickCount

lstrcatA

GetFileSize

user32

MessageBoxA

GetParent

ShowWindow

PostMessageA

SetWindowTextA

IsWindow

SendMessageA

GetDlgItem

SetDlgItemTextA

SendDlgItemMessageA

SetWindowPos

SystemParametersInfoA

GetClientRect

GetWindowRect

SetTimer

LoadIconA

SetWindowLongA

GetWindowLongA

UpdateWindow

DestroyWindow

KillTimer

RedrawWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

EnableWindow

CreateDialogParamA

FindWindowExA

wsprintfA

GetWindowTextA

wininet

HttpSendRequestA

HttpSendRequestExA

HttpQueryInfoA

InternetCloseHandle

InternetErrorDlg

InternetSetFilePointer

InternetQueryOptionA

HttpAddRequestHeadersA

InternetSetOptionA

HttpOpenRequestA

FtpCreateDirectoryA

FtpOpenFileA

InternetGetLastResponseInfoA

HttpEndRequestA

InternetConnectA

InternetCrackUrlA

InternetOpenA

InternetReadFile

InternetWriteFile

comctl32

ord17

Exports

get

head

post

put

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/ioSpecial.ini

$PLUGINSDIR/modern-header.bmp

$PLUGINSDIR/modern-wizard.bmp

$APPDATA/$APPDATA/kuwodata/KWMUSIC/Conf/p2pconf/setup.xml

.xml

$APPDATA/kuwodata/KWMUSIC/Res/cache/DOWNLOAD_ARTISTPIC/49FF334D.dat

.jpg

$PLUGINSDIR/Base64.dll

.dll windows:4 windows x86 arch:x86

472def3d6dc5d4ffe27376a831b4d49b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalFree

lstrcpyA

lstrcpynA

GlobalAlloc

GetCommandLineA

GetVersion

ExitProcess

TerminateProcess

GetCurrentProcess

GetCurrentThreadId

TlsSetValue

TlsAlloc

TlsFree

TlsGetValue

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStrings

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

HeapFree

WriteFile

MultiByteToWideChar

GetStringTypeA

GetStringTypeW

InitializeCriticalSection

EnterCriticalSection

LeaveCriticalSection

HeapAlloc

GetCPInfo

GetACP

GetOEMCP

VirtualAlloc

HeapReAlloc

GetProcAddress

LoadLibraryA

RtlUnwind

LCMapStringA

LCMapStringW

Exports

Decrypt

Encrypt

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KillProcDLL.dll

.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/12/2009, 00:00

Not After

02/12/2011, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:ce:eb:0d:67:9c:78:4f:20:40:e3:b1:ba:13:a5:fb:3d:05:3b:c8
Signer

Actual PE Digest

43:ce:eb:0d:67:9c:78:4f:20:40:e3:b1:ba:13:a5:fb:3d:05:3b:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA

TerminateProcess

OpenProcess

LoadLibraryA

CloseHandle

GetProcAddress

FreeLibrary

GlobalFree

lstrcpyA

DisableThreadLibraryCalls

msvcrt

strcmp

_strupr

toupper

strlen

free

_initterm

malloc

_adjust_fdiv

strcpy

_itoa

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KuWoNsis_new.dll

.dll windows:5 windows x86 arch:x86

948b8bae60b459524040676d50b6a578

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

02:d7:02:42:d9:88:71:41:c8:12:23:5e:dc:27:83:11:76:97:f7:67
Signer

Actual PE Digest

02:d7:02:42:d9:88:71:41:c8:12:23:5e:dc:27:83:11:76:97:f7:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

LocalFree

FindClose

FindNextFileA

FindFirstFileA

MoveFileExA

DeleteFileA

GetVersionExA

GetExitCodeProcess

WaitForSingleObject

GetExitCodeThread

CreateThread

Process32Next

TerminateProcess

DuplicateHandle

GetCurrentProcess

GetCurrentProcessId

OpenProcess

Process32First

CreateToolhelp32Snapshot

CreateProcessA

ReleaseMutex

lstrcpynA

CreateMutexA

CreateDirectoryA

SetFileTime

LocalFileTimeToFileTime

SystemTimeToFileTime

GetLocalTime

GetTempPathA

GetFileAttributesA

MoveFileA

RemoveDirectoryA

CopyFileA

GetTempFileNameA

WritePrivateProfileSectionA

FlushFileBuffers

WriteFile

ReadFile

SetFilePointer

GetFileSize

lstrcpyA

GlobalFree

DeviceIoControl

GetLogicalDrives

CreateFileA

CloseHandle

GetLogicalDriveStringsA

GetDriveTypeA

GetLastError

GetDiskFreeSpaceExA

GetProcessHeap

SetEndOfFile

LoadLibraryA

InitializeCriticalSectionAndSpinCount

SetStdHandle

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

RtlUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RaiseException

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCommandLineA

HeapFree

HeapAlloc

GetModuleHandleW

GetProcAddress

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

WideCharToMultiByte

MultiByteToWideChar

LCMapStringW

GetConsoleCP

GetConsoleMode

EnterCriticalSection

LeaveCriticalSection

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

VirtualAlloc

HeapReAlloc

HeapSize

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

user32

SendMessageTimeoutA

FindWindowA

advapi32

RegQueryValueExA

RegCloseKey

AllocateAndInitializeSid

FreeSid

GetNamedSecurityInfoA

BuildExplicitAccessWithNameA

SetEntriesInAclA

SetNamedSecurityInfoA

RegOpenKeyExA

shell32

ShellExecuteExA

SHGetSpecialFolderPathA

shlwapi

PathRemoveBackslashA

PathIsDirectoryA

PathIsDirectoryEmptyA

PathRemoveBlanksA

StrStrIA

PathAddBackslashA

PathFileExistsA

psapi

GetModuleFileNameExA

Exports

AddDirAccessRights

AddRegAccessRights

CheckPlayListDir

ClearInstDir

CloseMusicBox

CopyLocalPlayList

CreateCachePath

DecodePath

Decryptx

EnsureOneInstance

GetFileName

GetInstallDate

IsDirEmpty

IsDirEmptyExcept

IsSubFoler

KwKillProc

KwKillProcEx

ModP2PCachePath

ModifyCacheFileAsNow

RenameDeletePathAllFiles

RenameeleteFile

ReplaceKwDownload

WriteIniSection

XORBase64

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KwMusicNsis.dll

.dll windows:5 windows x86 arch:x86

6b2dd5935ded9a39799a9f6805af044f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

91:93:fd:bf:02:1a:3d:2f:8e:22:a0:04:38:c0:7f:2c:98:b0:5d:6c
Signer

Actual PE Digest

91:93:fd:bf:02:1a:3d:2f:8e:22:a0:04:38:c0:7f:2c:98:b0:5d:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

n:\ZC-KW\20111021_setup_q_mbox\KwMusicNsis\KuWoNsis\Release\KwMusicNsis.pdb

Imports

kernel32

GetModuleHandleA

FlushInstructionCache

GetCurrentProcess

FlushFileBuffers

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

SetStdHandle

GetLocaleInfoA

GetStringTypeW

GetStringTypeA

InitializeCriticalSectionAndSpinCount

GetConsoleMode

GetConsoleCP

SetFilePointer

HeapReAlloc

EnterCriticalSection

LeaveCriticalSection

GetProcAddress

GetCurrentProcessId

GetTickCount

QueryPerformanceCounter

HeapDestroy

HeapCreate

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetEnvironmentStrings

FreeEnvironmentStringsA

DeleteCriticalSection

GetFileType

SetHandleCount

lstrcpynA

lstrcpyA

GlobalFree

FindResourceA

LoadResource

LockResource

SizeofResource

GlobalAlloc

GlobalLock

CreateFileA

InterlockedCompareExchange

IsProcessorFeaturePresent

HeapSize

LoadLibraryA

HeapFree

GetProcessHeap

HeapAlloc

VirtualAlloc

CloseHandle

VirtualFree

WaitForSingleObject

GetExitCodeProcess

GetModuleFileNameA

GetStdHandle

WriteFile

LCMapStringW

MultiByteToWideChar

WideCharToMultiByte

LCMapStringA

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

ExitProcess

Sleep

InterlockedDecrement

InterlockedIncrement

TlsFree

TlsSetValue

TlsAlloc

TlsGetValue

GetModuleHandleW

GetCommandLineA

IsDebuggerPresent

SetUnhandledExceptionFilter

GetStartupInfoA

CreateProcessA

GetLastError

SetLastError

TerminateProcess

GetSystemTimeAsFileTime

UnhandledExceptionFilter

RaiseException

ExitThread

GetCurrentThreadId

CreateThread

RtlUnwind

user32

SendMessageA

IsWindow

SetWindowLongA

GetWindowLongA

GetDlgCtrlID

MapWindowPoints

GetParent

UpdateWindow

MoveWindow

EnableWindow

GetDlgItem

GetWindowTextA

ShowWindow

SetWindowRgn

GetWindowRect

DrawTextA

GetClientRect

InvalidateRect

CallWindowProcA

GetCursorPos

ScreenToClient

KillTimer

SetTimer

PtInRect

BeginPaint

EndPaint

InflateRect

DefWindowProcA

SetCursor

LoadCursorA

IsWindowEnabled

SetFocus

SetWindowTextA

EndDialog

BringWindowToTop

PostMessageA

DialogBoxParamA

gdi32

RoundRect

CreatePen

CreateSolidBrush

GetTextExtentPoint32A

CreateRoundRectRgn

GetStockObject

OffsetWindowOrgEx

SetWindowOrgEx

CreateCompatibleDC

CreateCompatibleBitmap

SelectObject

SetBkMode

SetTextColor

BitBlt

DeleteDC

DeleteObject

CreateFontA

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

gdiplus

GdipLoadImageFromStream

GdipFree

GdipAlloc

GdipCreateImageAttributes

GdipDisposeImageAttributes

GdipSetImageAttributesWrapMode

GdipCreateFromHDC

GdipDeleteGraphics

GdipDrawImageRectI

GdipDrawImageRectRect

GdipDisposeImage

GdipCloneImage

GdipGetImageWidth

GdipGetImageHeight

GdiplusStartup

GdiplusShutdown

shlwapi

PathFileExistsA

comctl32

ImageList_Draw

ImageList_LoadImageA

ImageList_Destroy

ImageList_GetImageCount

ImageList_GetImageInfo

Exports

EnCodePostValue

Initialize

IsRepairSucceed

JmpToNewPage

Release

SetBkImg2Index

SetCompVisible

SetFeedBackEdit

SetLicenseFile

StartRepair

TrimString

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/NSISArray.dll

.dll windows:5 windows x86 arch:x86

8772d66326aa6d7b2a9d5c4b0a7afb36

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/12/2009, 00:00

Not After

02/12/2011, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:21:4b:cb:49:70:3e:78:62:43:dc:e5:eb:36:5d:a5:80:98:2c:3e
Signer

Actual PE Digest

3e:21:4b:cb:49:70:3e:78:62:43:dc:e5:eb:36:5d:a5:80:98:2c:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalFree

GlobalAlloc

lstrcmpA

lstrcatA

lstrcpyA

lstrcpynA

lstrcmpiA

user32

wsprintfA

CharLowerA

MessageBoxA

SendMessageA

GetDlgItem

FindWindowExA

EnableWindow

SetWindowTextA

EndDialog

RedrawWindow

DialogBoxParamA

Exports

ArrayCount

ArrayExists

Clear

Concat

Copy

Cut

Debug

Delete

ErrorStyle

Exists

ExistsI

FreeUnusedMem

Join

New

Pop

Push

Put

ReDim

Read

ReadToStack

Reverse

Search

SearchI

SetAutoReDim

SetSize

Shift

SizeOf

Sort

Splice

Subtract

Swap

Unshift

Write

WriteList

WriteListC

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/ShellLink.dll

.dll windows:5 windows x86 arch:x86

50112fdd20200a51dbedeae8f1f33cdb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

95:af:a4:40:20:0a:94:ed:fd:91:ec:ea:bc:18:07:43:32:f5:ea:e6
Signer

Actual PE Digest

95:af:a4:40:20:0a:94:ed:fd:91:ec:ea:bc:18:07:43:32:f5:ea:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

LocalFree

MultiByteToWideChar

LocalAlloc

GlobalFree

lstrcpyA

lstrcpynA

GlobalAlloc

user32

wsprintfA

ole32

CoCreateInstance

Exports

GetShortCutArgs

GetShortCutDescription

GetShortCutHotkey

GetShortCutIconIndex

GetShortCutIconLocation

GetShortCutShowMode

GetShortCutTarget

GetShortCutWorkingDirectory

SetRunAsAdministrator

SetShortCutArgs

SetShortCutDescription

SetShortCutHotkey

SetShortCutIconIndex

SetShortCutIconLocation

SetShortCutShowMode

SetShortCutTarget

SetShortCutWorkingDirectory

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/SimpleSC.dll

.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_BYTES_REVERSED_LO

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

IMAGE_FILE_BYTES_REVERSED_HI

Exports

ContinueService

ExistsService

GetErrorMessage

GetServiceBinaryPath

GetServiceDelayedAutoStartInfo

GetServiceDescription

GetServiceDisplayName

GetServiceFailure

GetServiceFailureFlag

GetServiceLogon

GetServiceName

GetServiceStartType

GetServiceStatus

GrantServiceLogonPrivilege

InstallService

PauseService

RemoveService

RemoveServiceLogonPrivilege

RestartService

ServiceIsPaused

ServiceIsRunning

ServiceIsStopped

SetServiceBinaryPath

SetServiceDelayedAutoStartInfo

SetServiceDescription

SetServiceFailure

SetServiceFailureFlag

SetServiceLogon

SetServiceStartType

StartService

StopService

Sections

CODE
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

GetLastError

lstrcpyA

lstrcpynA

FreeLibrary

lstrcatA

GetProcAddress

LoadLibraryA

GetModuleHandleA

MultiByteToWideChar

lstrlenA

WideCharToMultiByte

VirtualAlloc

VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/inetc.dll

.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

msvcrt

_mbschr

_adjust_fdiv

malloc

_initterm

free

strlen

strchr

strrchr

_mbsrchr

strtoul

memset

_mbsstr

strtol

kernel32

GlobalFree

CreateThread

WaitForSingleObject

TerminateThread

GetModuleHandleA

MulDiv

lstrcpyA

GlobalAlloc

LoadLibraryA

GetProcAddress

lstrcmpiA

CreateFileA

GetFileSize

lstrlenA

WriteFile

ReadFile

lstrcmpA

lstrcpynA

lstrcatA

GetLastError

DeleteFileA

CloseHandle

SleepEx

SetFilePointer

GetTickCount

user32

MessageBoxA

GetParent

ShowWindow

SetWindowLongA

IsWindow

SetWindowTextA

SendDlgItemMessageA

GetDlgItem

PostMessageA

GetWindowTextA

SendMessageA

SetDlgItemTextA

SetWindowPos

SystemParametersInfoA

GetClientRect

GetWindowRect

SetTimer

LoadIconA

UpdateWindow

DestroyWindow

KillTimer

RedrawWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

IsWindowVisible

EnableWindow

CreateDialogParamA

FindWindowExA

wsprintfA

GetWindowLongA

wininet

HttpSendRequestA

HttpSendRequestExA

HttpQueryInfoA

FtpCreateDirectoryA

FtpOpenFileA

InternetGetLastResponseInfoA

InternetSetFilePointer

InternetSetOptionA

InternetQueryOptionA

InternetCloseHandle

InternetErrorDlg

HttpOpenRequestA

HttpAddRequestHeadersA

HttpEndRequestA

InternetConnectA

InternetCrackUrlA

InternetOpenA

InternetReadFile

InternetWriteFile

comctl32

ord17

Exports

get

head

post

put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/nsDialogs.dll

.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA

GetFileAttributesA

lstrcmpiA

MulDiv

lstrlenA

HeapFree

GetCurrentDirectoryA

HeapAlloc

HeapReAlloc

GlobalFree

lstrcpynA

GlobalAlloc

GetProcessHeap

SetCurrentDirectoryA

user32

GetPropA

DestroyWindow

CallWindowProcA

SetCursor

LoadCursorA

RemovePropA

CharPrevA

GetWindowLongA

DrawTextA

GetWindowTextA

GetDlgItem

SetWindowLongA

SetWindowPos

CreateDialogParamA

MapWindowPoints

GetWindowRect

SetPropA

CreateWindowExA

IsWindow

SetTimer

KillTimer

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

ShowWindow

wsprintfA

MapDialogRect

GetClientRect

CharNextA

SendMessageA

DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA

SHGetPathFromIDListA

comdlg32

GetSaveFileNameA

GetOpenFileNameA

CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Create

CreateControl

CreateItem

CreateTimer

GetUserData

KillTimer

OnBack

OnChange

OnClick

OnNotify

SelectFileDialog

SelectFolderDialog

SetRTL

SetUserData

Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/nsisSlideshowx.dll

.dll windows:5 windows x86 arch:x86

d2325c6257e48d1bd19cd17c53b9f01d

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/12/2009, 00:00

Not After

02/12/2011, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:c3:98:e9:07:91:29:03:81:e8:f6:f4:ac:f5:63:b4:78:a4:bb:6c
Signer

Actual PE Digest

3f:c3:98:e9:07:91:29:03:81:e8:f6:f4:ac:f5:63:b4:78:a4:bb:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

n:\ZC-KW\20111017_setup_q_mbox\nsisSlideshow\nsisSlideshow\Release\nsisSlideshow.pdb

Imports

shlwapi

StrChrA

StrToIntExA

PathRemoveFileSpecA

PathCombineA

StrToIntA

msimg32

AlphaBlend

gdiplus

GdipDisposeImage

GdipAlloc

GdipFree

GdipLoadImageFromFile

GdipDeleteGraphics

GdipGetImageWidth

GdipGetImageHeight

GdiplusStartup

GdiplusShutdown

GdipCreateFromHDC

GdipDrawImageRectRect

GdipCloneImage

kernel32

GetStringTypeA

LCMapStringW

LCMapStringA

InitializeCriticalSectionAndSpinCount

LoadLibraryA

WriteFile

GlobalFree

lstrcpyA

lstrlenA

MultiByteToWideChar

lstrcpynA

GlobalReAlloc

GetPrivateProfileSectionA

GlobalAlloc

lstrcmpiA

GetStringTypeW

HeapReAlloc

VirtualAlloc

RaiseException

HeapAlloc

EnterCriticalSection

LeaveCriticalSection

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

GetSystemTimeAsFileTime

GetCurrentProcessId

GetTickCount

GetLocaleInfoA

HeapSize

GetModuleHandleW

RtlUnwind

GetCurrentThreadId

GetCommandLineA

GetProcAddress

GetModuleHandleA

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetLastError

InterlockedDecrement

HeapFree

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

user32

KillTimer

CallWindowProcA

BeginPaint

EndPaint

GetDC

GetWindowLongA

SendMessageA

ReleaseDC

SetWindowLongA

InvalidateRect

SetTimer

IsWindow

ScreenToClient

GetWindowRect

GetDlgItem

IsWindowVisible

FindWindowExA

GetClientRect

gdi32

CreateCompatibleDC

CreateCompatibleBitmap

SelectObject

BitBlt

GetObjectA

CreateFontIndirectA

SetTextColor

SetBkMode

SetTextAlign

TextOutA

DeleteObject

DeleteDC

Exports

Initialize

Release

show

stop

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$TEMP/KWMUSIC/BindConfig.ini

$TEMP/KWMUSIC/DownloadUpdate.exe

.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

b2:04:df:5e:9e:32:94:d9:b5:ac:26:fa:d8:fa:63:24:ef:cd:a5:5e
Signer

Actual PE Digest

b2:04:df:5e:9e:32:94:d9:b5:ac:26:fa:d8:fa:63:24:ef:cd:a5:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

GetTickCount

CreateFileA

GetFileSize

GetModuleFileNameA

GetCurrentProcess

CopyFileA

ExitProcess

SetFileTime

GetTempPathA

GetCommandLineA

SetErrorMode

LoadLibraryA

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

CreateProcessA

RemoveDirectoryA

GetTempFileNameA

lstrlenA

lstrcatA

GetSystemDirectoryA

GetVersion

CloseHandle

lstrcmpiA

lstrcmpA

ExpandEnvironmentStringsA

GlobalFree

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

GetModuleHandleA

LoadLibraryExA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

GetPrivateProfileStringA

WriteFile

ReadFile

MulDiv

SetFilePointer

FindClose

FindNextFileA

FindFirstFileA

DeleteFileA

GetWindowsDirectoryA

user32

EndDialog

ScreenToClient

GetWindowRect

EnableMenuItem

GetSystemMenu

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

GetWindowLongA

SetCursor

LoadCursorA

CheckDlgButton

GetMessagePos

LoadBitmapA

CallWindowProcA

IsWindowVisible

CloseClipboard

SetClipboardData

EmptyClipboard

RegisterClassA

TrackPopupMenu

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxIndirectA

CharPrevA

DispatchMessageA

PeekMessageA

DestroyWindow

CreateDialogParamA

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

wsprintfA

SendMessageTimeoutA

FindWindowExA

SystemParametersInfoA

CreateWindowExA

GetClassInfoA

DialogBoxParamA

CharNextA

OpenClipboard

ExitWindowsEx

IsWindow

GetDlgItem

SetWindowLongA

LoadImageA

GetDC

EnableWindow

InvalidateRect

SendMessageA

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

ShowWindow

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegQueryValueExA

RegSetValueExA

RegEnumKeyA

RegEnumValueA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegCreateKeyExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

CoTaskMemFree

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/Base64.dll

.dll windows:4 windows x86 arch:x86

472def3d6dc5d4ffe27376a831b4d49b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalFree

lstrcpyA

lstrcpynA

GlobalAlloc

GetCommandLineA

GetVersion

ExitProcess

TerminateProcess

GetCurrentProcess

GetCurrentThreadId

TlsSetValue

TlsAlloc

TlsFree

TlsGetValue

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStrings

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

HeapFree

WriteFile

MultiByteToWideChar

GetStringTypeA

GetStringTypeW

InitializeCriticalSection

EnterCriticalSection

LeaveCriticalSection

HeapAlloc

GetCPInfo

GetACP

GetOEMCP

VirtualAlloc

HeapReAlloc

GetProcAddress

LoadLibraryA

RtlUnwind

LCMapStringA

LCMapStringW

Exports

Decrypt

Encrypt

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/ExecWaitEx.dll

.dll windows:5 windows x86 arch:x86

54b9abc6c68871f258abd4b5591459db

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

e4:d7:7e:3a:74:c0:62:ed:0d:2f:6a:a4:d2:c7:ea:3b:99:36:12:40
Signer

Actual PE Digest

e4:d7:7e:3a:74:c0:62:ed:0d:2f:6a:a4:d2:c7:ea:3b:99:36:12:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

OpenProcess

GlobalAlloc

Sleep

GetExitCodeProcess

CreateProcessA

GlobalFree

Process32Next

CreateToolhelp32Snapshot

CloseHandle

lstrcpyA

InterlockedDecrement

GetCurrentProcess

GetWindowsDirectoryA

WaitForSingleObject

FindFirstFileA

GetProcAddress

SetFileAttributesA

FindClose

FindNextFileA

GetModuleHandleA

GetVersionExA

DeleteFileA

GetProcessHeap

lstrlenA

Process32First

GetSystemDirectoryA

lstrcpynA

FlushFileBuffers

CreateFileA

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

SetStdHandle

RtlUnwind

InitializeCriticalSectionAndSpinCount

LoadLibraryA

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCommandLineA

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetCPInfo

InterlockedIncrement

GetACP

GetOEMCP

IsValidCodePage

GetModuleHandleW

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

SetLastError

GetLastError

HeapFree

HeapAlloc

RaiseException

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

SetFilePointer

WriteFile

GetConsoleCP

GetConsoleMode

EnterCriticalSection

LeaveCriticalSection

LCMapStringA

MultiByteToWideChar

LCMapStringW

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

VirtualAlloc

HeapReAlloc

HeapSize

user32

wsprintfA

wsprintfW

advapi32

OpenProcessToken

GetTokenInformation

shell32

ShellExecuteExA

ole32

CoCreateInstance

CoInitialize

CoUninitialize

oleaut32

GetErrorInfo

SysFreeString

VariantInit

VariantClear

SysAllocString

psapi

GetModuleFileNameExA

shlwapi

PathRemoveFileSpecA

Exports

ExecWaitEx

Initialize

Release

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KuWoNsis_new.dll

.dll windows:5 windows x86 arch:x86

948b8bae60b459524040676d50b6a578

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

6b:ac:a4:49:dc:b4:59:ec:0f:2c:be:67:38:73:38:d1:6a:05:58:8a
Signer

Actual PE Digest

6b:ac:a4:49:dc:b4:59:ec:0f:2c:be:67:38:73:38:d1:6a:05:58:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

LocalFree

FindClose

FindNextFileA

FindFirstFileA

MoveFileExA

DeleteFileA

GetVersionExA

GetExitCodeProcess

WaitForSingleObject

GetExitCodeThread

CreateThread

Process32Next

TerminateProcess

DuplicateHandle

GetCurrentProcess

GetCurrentProcessId

OpenProcess

Process32First

CreateToolhelp32Snapshot

CreateProcessA

ReleaseMutex

lstrcpynA

CreateMutexA

CreateDirectoryA

SetFileTime

LocalFileTimeToFileTime

SystemTimeToFileTime

GetLocalTime

GetTempPathA

GetFileAttributesA

MoveFileA

RemoveDirectoryA

CopyFileA

GetTempFileNameA

WritePrivateProfileSectionA

FlushFileBuffers

WriteFile

ReadFile

SetFilePointer

GetFileSize

lstrcpyA

GlobalFree

DeviceIoControl

GetLogicalDrives

CreateFileA

CloseHandle

GetLogicalDriveStringsA

GetDriveTypeA

GetLastError

GetDiskFreeSpaceExA

GetProcessHeap

SetEndOfFile

LoadLibraryA

InitializeCriticalSectionAndSpinCount

SetStdHandle

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

RtlUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RaiseException

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCommandLineA

HeapFree

HeapAlloc

GetModuleHandleW

GetProcAddress

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

WideCharToMultiByte

MultiByteToWideChar

LCMapStringW

GetConsoleCP

GetConsoleMode

EnterCriticalSection

LeaveCriticalSection

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

VirtualAlloc

HeapReAlloc

HeapSize

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

user32

SendMessageTimeoutA

FindWindowA

advapi32

RegQueryValueExA

RegCloseKey

AllocateAndInitializeSid

FreeSid

GetNamedSecurityInfoA

BuildExplicitAccessWithNameA

SetEntriesInAclA

SetNamedSecurityInfoA

RegOpenKeyExA

shell32

ShellExecuteExA

SHGetSpecialFolderPathA

shlwapi

PathRemoveBackslashA

PathIsDirectoryA

PathIsDirectoryEmptyA

PathRemoveBlanksA

StrStrIA

PathAddBackslashA

PathFileExistsA

psapi

GetModuleFileNameExA

Exports

AddDirAccessRights

AddRegAccessRights

ClearInstDir

CloseMusicBox

CopyLocalPlayList

CreateCachePath

DecodePath

Decryptx

EnsureOneInstance

GetFileName

GetInstallDate

IsDirEmpty

IsDirEmptyExcept

IsSubFoler

KwKillProc

KwKillProcEx

ModP2PCachePath

ModifyCacheFileAsNow

RenameDeletePathAllFiles

RenameeleteFile

ReplaceKwDownload

WriteIniSection

XORBase64

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

GetLastError

lstrcpyA

lstrcpynA

FreeLibrary

lstrcatA

GetProcAddress

LoadLibraryA

GetModuleHandleA

MultiByteToWideChar

lstrlenA

WideCharToMultiByte

VirtualAlloc

VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/inetc.dll

.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

msvcrt

_mbschr

_adjust_fdiv

malloc

_initterm

free

strlen

strchr

strrchr

_mbsrchr

strtoul

memset

_mbsstr

strtol

kernel32

GlobalFree

CreateThread

WaitForSingleObject

TerminateThread

GetModuleHandleA

MulDiv

lstrcpyA

GlobalAlloc

LoadLibraryA

GetProcAddress

lstrcmpiA

CreateFileA

GetFileSize

lstrlenA

WriteFile

ReadFile

lstrcmpA

lstrcpynA

lstrcatA

GetLastError

DeleteFileA

CloseHandle

SleepEx

SetFilePointer

GetTickCount

user32

MessageBoxA

GetParent

ShowWindow

SetWindowLongA

IsWindow

SetWindowTextA

SendDlgItemMessageA

GetDlgItem

PostMessageA

GetWindowTextA

SendMessageA

SetDlgItemTextA

SetWindowPos

SystemParametersInfoA

GetClientRect

GetWindowRect

SetTimer

LoadIconA

UpdateWindow

DestroyWindow

KillTimer

RedrawWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

IsWindowVisible

EnableWindow

CreateDialogParamA

FindWindowExA

wsprintfA

GetWindowLongA

wininet

HttpSendRequestA

HttpSendRequestExA

HttpQueryInfoA

FtpCreateDirectoryA

FtpOpenFileA

InternetGetLastResponseInfoA

InternetSetFilePointer

InternetSetOptionA

InternetQueryOptionA

InternetCloseHandle

InternetErrorDlg

HttpOpenRequestA

HttpAddRequestHeadersA

HttpEndRequestA

InternetConnectA

InternetCrackUrlA

InternetOpenA

InternetReadFile

InternetWriteFile

comctl32

ord17

Exports

get

head

post

put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$TEMP/KWMUSIC/mylk.dat

$WINDIR/KwYlx.dat

KwMusic.exe

.exe windows:5 windows x86 arch:x86

579eb69a9d42f824590130a37d3931e6

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

9f:4c:4d:cd:e1:45:b4:80:44:f9:30:64:62:50:80:3b:bd:04:42:8b
Signer

Actual PE Digest

9f:4c:4d:cd:e1:45:b4:80:44:f9:30:64:62:50:80:3b:bd:04:42:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\正式发布打包_勿动\601_2012版本\20120912_播放列表修复合并\KwResource\bin\release\pdb\StartKwMusic.pdb

Imports

kernel32

Sleep

GetVersionExA

GetCurrentProcess

GetProcAddress

GetModuleHandleA

FindNextFileA

DeleteFileA

SetFileAttributesA

CloseHandle

GetWindowsDirectoryA

InterlockedDecrement

lstrcmpiA

LocalFree

lstrlenA

GetPrivateProfileStringA

WritePrivateProfileStringA

FindFirstFileA

FindClose

GetModuleFileNameA

GetCurrentDirectoryA

GetSystemDirectoryA

CreateProcessA

GetProcessHeap

SetEndOfFile

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

GetLocaleInfoA

RaiseException

RtlUnwind

GetSystemTimeAsFileTime

GetCommandLineA

GetStartupInfoA

HeapAlloc

GetLastError

HeapFree

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetModuleHandleW

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetCurrentThreadId

HeapSize

ExitProcess

EnterCriticalSection

LeaveCriticalSection

SetHandleCount

GetStdHandle

GetFileType

DeleteCriticalSection

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

WriteFile

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

VirtualAlloc

HeapReAlloc

SetFilePointer

GetConsoleCP

GetConsoleMode

LoadLibraryA

InitializeCriticalSectionAndSpinCount

SetStdHandle

FlushFileBuffers

MultiByteToWideChar

ReadFile

CreateFileA

LCMapStringA

LCMapStringW

GetStringTypeA

GetStringTypeW

user32

wsprintfW

FindWindowA

MessageBoxA

wsprintfA

advapi32

GetTokenInformation

RegOpenKeyExA

RegQueryValueExA

RegCloseKey

OpenProcessToken

shell32

ShellExecuteExA

ShellExecuteA

SHGetSpecialFolderPathA

ole32

CoCreateInstance

CoInitialize

CoUninitialize

oleaut32

VariantClear

VariantInit

SysFreeString

SysAllocString

GetErrorInfo

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/AdbWinApi.dll

.dll windows:6 windows x86 arch:x86

c64cac39044626770353879245ea25e4

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

2a:8e:ec:b8:71:f3:54:1d:8d:23:fa:6f:ef:41:75:99:a0:70:3f:7b
Signer

Actual PE Digest

2a:8e:ec:b8:71:f3:54:1d:8d:23:fa:6f:ef:41:75:99:a0:70:3f:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

c:\code\android\donut\development\host\windows\usb\api\objfre_wxp_x86\i386\AdbWinApi.pdb

Imports

ole32

CoCreateInstance

kernel32

GetACP

SetLastError

CloseHandle

GetLastError

DeviceIoControl

WriteFile

ReadFile

GetOverlappedResult

CreateFileW

WideCharToMultiByte

Sleep

InterlockedIncrement

InterlockedDecrement

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

DeleteCriticalSection

GetProcAddress

LoadLibraryW

GetFileAttributesW

GetSystemDirectoryW

RaiseException

FreeLibrary

InterlockedExchange

InitializeCriticalSectionAndSpinCount

GetCommandLineA

GetVersionExA

RtlUnwind

HeapFree

HeapAlloc

GetModuleHandleA

ExitProcess

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

GetCurrentThreadId

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCPInfo

GetOEMCP

OutputDebugStringA

VirtualAlloc

HeapReAlloc

HeapSize

LoadLibraryA

GetModuleHandleW

LCMapStringA

MultiByteToWideChar

LCMapStringW

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

SetFilePointer

GetConsoleCP

GetConsoleMode

VirtualProtect

GetSystemInfo

VirtualQuery

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

CreateFileA

FlushFileBuffers

setupapi

SetupDiGetClassDevsW

SetupDiDestroyDeviceInfoList

SetupDiEnumDeviceInterfaces

SetupDiGetDeviceInterfaceDetailW

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z

??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z

??0AdbIOCompletion@@QAE@ABV0@@Z

??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z

??0AdbInterfaceObject@@QAE@ABV0@@Z

??0AdbInterfaceObject@@QAE@PBG@Z

??0AdbObjectHandle@@QAE@ABV0@@Z

??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z

??1AdbEndpointObject@@MAE@XZ

??1AdbIOCompletion@@MAE@XZ

??1AdbInterfaceObject@@MAE@XZ

??1AdbObjectHandle@@MAE@XZ

??4AdbEndpointObject@@QAEAAV0@ABV0@@Z

??4AdbIOCompletion@@QAEAAV0@ABV0@@Z

??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z

??4AdbObjectHandle@@QAEAAV0@ABV0@@Z

??_7AdbEndpointObject@@6B@

??_7AdbIOCompletion@@6B@

??_7AdbInterfaceObject@@6B@

??_7AdbObjectHandle@@6B@

?AddRef@AdbObjectHandle@@UAEJXZ

?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z

?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z

?CloseHandle@AdbObjectHandle@@UAE_NXZ

?CreateHandle@AdbObjectHandle@@UAEPAXXZ

?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z

?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z

?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ

?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ

?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z

?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z

?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z

?IsCompleted@AdbIOCompletion@@UAE_NXZ

?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z

?IsOpened@AdbObjectHandle@@QBE_NXZ

?LastReferenceReleased@AdbObjectHandle@@MAEXXZ

?Lookup@AdbObjectHandle@@SGPAV1@PAX@Z

?Release@AdbObjectHandle@@UAEJXZ

?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z

?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z

?Type@AdbEndpointObject@@SG?AW4AdbObjectType@@XZ

?Type@AdbIOCompletion@@SG?AW4AdbObjectType@@XZ

?Type@AdbInterfaceObject@@SG?AW4AdbObjectType@@XZ

?adb_handle@AdbObjectHandle@@QBEPAXXZ

?endpoint_id@AdbEndpointObject@@QBEEXZ

?endpoint_index@AdbEndpointObject@@QBEEXZ

?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ

?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ

?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ

?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ

?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ

?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ

?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ

AdbCloseHandle

AdbCreateInterface

AdbCreateInterfaceByName

AdbEnumInterfaces

AdbGetDefaultBulkReadEndpointInformation

AdbGetDefaultBulkWriteEndpointInformation

AdbGetEndpointInformation

AdbGetEndpointInterface

AdbGetInterfaceName

AdbGetOvelappedIoResult

AdbGetSerialNumber

AdbGetUsbConfigurationDescriptor

AdbGetUsbDeviceDescriptor

AdbGetUsbInterfaceDescriptor

AdbHasOvelappedIoComplated

AdbNextInterface

AdbOpenDefaultBulkReadEndpoint

AdbOpenDefaultBulkWriteEndpoint

AdbOpenEndpoint

AdbQueryInformationEndpoint

AdbReadEndpointAsync

AdbReadEndpointSync

AdbResetInterfaceEnum

AdbWriteEndpointAsync

AdbWriteEndpointSync

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/CKuwoPlayer.dll

.dll windows:5 windows x86 arch:x86

4fcf47d9e60560522bda703f8d19ae52

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7c:ce:15:cd:36:ba:fe:35:31:85:37:d0:23:fe:85:ae:fa:f1:17:8d
Signer

Actual PE Digest

7c:ce:15:cd:36:ba:fe:35:31:85:37:d0:23:fe:85:ae:fa:f1:17:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\正式发布打包_勿动\601_2012版本\20120912_播放列表修复合并\KwResource\bin\release\pdb\CKuwoPlayer.pdb

Imports

winmm

timeBeginPeriod

timeGetDevCaps

timeEndPeriod

kernel32

FindNextFileA

InterlockedExchange

LoadLibraryA

GetProcAddress

FreeLibrary

GetLastError

InitializeCriticalSection

DeleteCriticalSection

GetCurrentThreadId

TerminateProcess

GetCurrentProcess

GetWindowsDirectoryA

Sleep

CreateThread

WaitForSingleObject

TerminateThread

CloseHandle

EnterCriticalSection

LeaveCriticalSection

GetTickCount

FindFirstFileA

InterlockedCompareExchange

FindClose

GetModuleFileNameA

CreateProcessA

lstrcpynA

DisableThreadLibraryCalls

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetSystemTimeAsFileTime

GetCurrentProcessId

QueryPerformanceCounter

user32

DefWindowProcA

DispatchMessageA

DestroyWindow

GetParent

PostMessageA

IsChild

CreateWindowExA

RegisterClassA

TranslateMessage

PostQuitMessage

GetMessageA

gdi32

GetStockObject

ole32

CoUninitialize

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

?uncaught_exception@std@@YA_NXZ

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z

??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z

?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

kwlog

?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

kwdatadef

?Init@SONG_INFO@@QAEXXZ

??0SONG_INFO@@QAE@XZ

??1SONG_INFO@@QAE@XZ

kwlib

?IsExistFile@Dir@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetFileExtension@Dir@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z

kwmodconfig

AfxGetConfigManager

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

__clean_type_info_names_internal

_crt_debugger_hook

_stricmp

__CxxFrameHandler3

memset

memcpy

_CxxThrowException

??3@YAXPAX@Z

??2@YAPAXI@Z

_beginthreadex

_purecall

??_V@YAXPAX@Z

??0exception@std@@QAE@ABV01@@Z

?what@exception@std@@UBEPBDXZ

??1exception@std@@UAE@XZ

??0exception@std@@QAE@ABQBD@Z

iswspace

_invalid_parameter_noinfo

??0exception@std@@QAE@XZ

sprintf

memmove_s

_snprintf

toupper

strstr

_stat64

_unlock

__dllonexit

_encode_pointer

_lock

_onexit

_decode_pointer

_malloc_crt

free

_encoded_null

_initterm

_initterm_e

_amsg_exit

_adjust_fdiv

__CppXcptFilter

?terminate@@YAXXZ

Exports

CreateKuwoPlayer

GetKuwoPlayerMediaPluginConfig

GetMeidaPluginManagerFactory

ReleaseKuwoPlayer

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/CWmpPlayer.dll

.dll windows:5 windows x86 arch:x86

45a38a9f4cf88d5fef40567da57cba67

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:62:66:32:30:d3:80:42:d8:ad:06:14:b5:2e:bc:b0:b3:ab:54:c5
Signer

Actual PE Digest

49:62:66:32:30:d3:80:42:d8:ad:06:14:b5:2e:bc:b0:b3:ab:54:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\正式发布打包_勿动\601_2012版本\20120912_播放列表修复合并\KwResource\bin\release\pdb\CWmpPlayer.pdb

Imports

kernel32

GetFileSizeEx

GetFileTime

RtlUnwind

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RaiseException

GetCommandLineA

HeapAlloc

HeapFree

Sleep

ExitProcess

ExitThread

CreateThread

HeapSize

VirtualProtect

VirtualAlloc

GetSystemInfo

VirtualQuery

HeapReAlloc

GetStdHandle

GetACP

IsValidCodePage

LCMapStringA

LCMapStringW

SetHandleCount

GetFileType

GetStartupInfoA

GetFileAttributesA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetSystemTimeAsFileTime

FatalAppExitA

GetStringTypeA

GetStringTypeW

SetConsoleCtrlHandler

InitializeCriticalSectionAndSpinCount

GetTimeZoneInformation

GetLocaleInfoW

GetTimeFormatA

GetDateFormatA

GetUserDefaultLCID

EnumSystemLocalesA

IsValidLocale

GetConsoleCP

GetConsoleMode

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

CompareStringW

SetEnvironmentVariableA

SetFileAttributesA

SetFileTime

LocalFileTimeToFileTime

GetFileAttributesExA

FileTimeToLocalFileTime

GetTickCount

SystemTimeToFileTime

FileTimeToSystemTime

GetModuleHandleW

GetShortPathNameA

GetFullPathNameA

GetVolumeInformationA

FindFirstFileA

FindClose

GetCurrentProcess

DuplicateHandle

GetFileSize

SetEndOfFile

UnlockFile

LockFile

FlushFileBuffers

SetFilePointer

WriteFile

ReadFile

lstrcmpiA

GetStringTypeExA

DeleteFileA

MoveFileA

GetCurrentDirectoryA

GetPrivateProfileStringA

WritePrivateProfileStringA

GetPrivateProfileIntA

GetAtomNameA

GetOEMCP

GetCPInfo

GlobalFlags

CopyFileA

GlobalSize

FormatMessageA

SetErrorMode

TlsFree

DeleteCriticalSection

LocalReAlloc

TlsSetValue

TlsAlloc

InitializeCriticalSection

GlobalHandle

GlobalReAlloc

EnterCriticalSection

TlsGetValue

LeaveCriticalSection

LocalFree

LocalAlloc

InterlockedDecrement

GetModuleFileNameW

GlobalFree

GetCurrentProcessId

CreateEventA

SuspendThread

SetEvent

ResumeThread

SetThreadPriority

GetCurrentThread

ConvertDefaultLocale

EnumResourceLanguagesA

GetModuleFileNameA

GetLocaleInfoA

InterlockedExchange

lstrcmpA

GlobalAlloc

GlobalLock

GlobalUnlock

MulDiv

GetThreadLocale

InterlockedIncrement

lstrlenA

FreeResource

GetCurrentThreadId

GlobalGetAtomNameA

GlobalAddAtomA

GlobalFindAtomA

GlobalDeleteAtom

FreeLibrary

CompareStringA

LoadLibraryA

SetLastError

lstrcmpW

GetModuleHandleA

GetProcAddress

GetVersionExA

FindResourceA

LoadResource

LockResource

SizeofResource

GetWindowsDirectoryA

CreateFileA

CloseHandle

lstrcpyA

lstrcatA

CreateProcessA

WaitForSingleObject

WideCharToMultiByte

MultiByteToWideChar

lstrlenW

FreeEnvironmentStringsA

GetLastError

user32

GetMenuBarInfo

LoadMenuA

ReuseDDElParam

UnpackDDElParam

WindowFromPoint

PostThreadMessageA

GetDialogBaseUnits

GetKeyNameTextA

MapVirtualKeyA

GetSystemMenu

SetParent

UnionRect

GetDCEx

LockWindowUpdate

CharUpperA

DestroyIcon

DeleteMenu

ReleaseCapture

SetCapture

InvalidateRgn

InvalidateRect

SetRect

IsRectEmpty

CopyAcceleratorTableA

LoadCursorA

GetSysColorBrush

GetDesktopWindow

DestroyMenu

GetMenuItemInfoA

GetMenuStringA

AppendMenuA

InsertMenuA

RemoveMenu

UnregisterClassA

SetWindowContextHelpId

MapDialogRect

GetWindowThreadProcessId

ShowOwnedPopups

SetCursor

GetMessageA

TranslateMessage

GetActiveWindow

GetCursorPos

ValidateRect

PostQuitMessage

InflateRect

EndPaint

BeginPaint

GetWindowDC

ReleaseDC

GetDC

ClientToScreen

GrayStringA

DrawTextExA

DrawTextA

FillRect

CharNextA

ScrollWindowEx

IsWindowEnabled

MoveWindow

SetWindowTextA

LoadAcceleratorsA

IsDlgButtonChecked

SetDlgItemTextA

SetDlgItemInt

GetDlgItemTextA

GetDlgItemInt

CheckRadioButton

CheckDlgButton

SetMenuItemBitmaps

GetMenuCheckMarkDimensions

LoadBitmapA

ModifyMenuA

GetMenuState

EnableMenuItem

CheckMenuItem

RegisterWindowMessageA

LoadIconA

SendDlgItemMessageA

WinHelpA

IsChild

GetCapture

SetWindowsHookExA

CallNextHookEx

GetClassLongA

GetClassNameA

SetPropA

GetPropA

RemovePropA

GetFocus

SetFocus

GetWindowTextLengthA

GetWindowTextA

GetForegroundWindow

GetLastActivePopup

SetActiveWindow

DispatchMessageA

BeginDeferWindowPos

EndDeferWindowPos

GetDlgItem

GetTopWindow

DestroyWindow

UnhookWindowsHookEx

GetMessageTime

GetMessagePos

PeekMessageA

MapWindowPoints

GetWindowRect

ShowWindow

IsWindow

GetClientRect

ScrollWindow

TrackPopupMenuEx

TrackPopupMenu

GetKeyState

SetMenu

SetScrollRange

GetScrollRange

SetScrollPos

GetScrollPos

SetForegroundWindow

ShowScrollBar

IsWindowVisible

UpdateWindow

InsertMenuItemA

CreatePopupMenu

BringWindowToTop

TranslateAcceleratorA

CreateDialogIndirectParamA

EndDialog

RegisterClipboardFormatA

SetRectEmpty

MessageBeep

GetNextDlgTabItem

IsDialogMessageA

GetNextDlgGroupItem

SetTimer

KillTimer

GetParent

EnableWindow

CopyRect

GetWindow

GetSystemMetrics

GetWindowPlacement

IsIconic

SystemParametersInfoA

IntersectRect

OffsetRect

SetWindowPos

SetWindowLongA

GetWindowLongA

GetMenu

CallWindowProcA

DefWindowProcA

SendMessageA

GetDlgCtrlID

PtInRect

SetWindowPlacement

SetScrollInfo

GetScrollInfo

DeferWindowPos

EqualRect

ScreenToClient

AdjustWindowRectEx

GetSysColor

RegisterClassA

GetClassInfoA

GetClassInfoExA

CreateWindowExA

MessageBoxA

GetMenuItemCount

GetMenuItemID

GetSubMenu

PostMessageA

TabbedTextOutA

gdi32

PolylineTo

PolyBezierTo

ExtSelectClipRgn

DeleteDC

CreateDIBPatternBrushPt

CreatePatternBrush

CreateCompatibleDC

SelectPalette

PlayMetaFileRecord

GetObjectType

EnumMetaFile

PlayMetaFile

CreatePen

ExtCreatePen

CreateSolidBrush

CreateHatchBrush

PolyDraw

CreateRectRgnIndirect

SetRectRgn

CombineRgn

GetMapMode

PatBlt

DPtoLP

CopyMetaFileA

CreateDCA

GetTextExtentPoint32A

GetRgnBox

GetCharWidthA

CreateFontA

StretchDIBits

CreateCompatibleBitmap

GetTextMetricsA

GetCurrentPositionEx

ArcTo

ScaleWindowExtEx

SetWindowExtEx

OffsetWindowOrgEx

SetWindowOrgEx

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

SelectObject

Escape

ExtTextOutA

CreateFontIndirectA

GetDCOrgEx

RectVisible

PtVisible

StartDocA

GetPixel

BitBlt

GetWindowExtEx

GetViewportExtEx

SelectClipPath

CreateRectRgn

GetClipRgn

SelectClipRgn

DeleteObject

SetColorAdjustment

SetArcDirection

SetMapperFlags

SetTextCharacterExtra

SetTextJustification

SetTextAlign

MoveToEx

LineTo

OffsetClipRgn

IntersectClipRect

ExcludeClipRect

SetMapMode

ModifyWorldTransform

SetWorldTransform

SetGraphicsMode

SetStretchBltMode

SetROP2

SetPolyFillMode

SetBkMode

RestoreDC

SaveDC

GetTextColor

GetBkColor

GetDeviceCaps

GetStockObject

CreateBitmap

GetObjectA

SetBkColor

SetTextColor

GetClipBox

TextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA

ClosePrinter

OpenPrinterA

advapi32

RegDeleteValueA

RegSetValueExA

RegCreateKeyExA

RegSetValueA

RegQueryValueA

RegOpenKeyA

RegEnumKeyA

RegDeleteKeyA

RegOpenKeyExA

RegQueryValueExA

RegCloseKey

RegCreateKeyA

shell32

ExtractIconA

DragFinish

DragQueryFileA

SHGetFileInfoA

shlwapi

PathFindFileNameA

PathStripToRootA

PathIsUNCA

PathFindExtensionA

PathRemoveExtensionA

PathRemoveFileSpecW

oledlg

ord8

ole32

OleSetClipboard

CoRevokeClassObject

CoRegisterClassObject

CoInitializeEx

OleInitialize

CoFreeUnusedLibraries

OleUninitialize

StringFromGUID2

CoCreateInstance

OleRun

CreateILockBytesOnHGlobal

StgCreateDocfileOnILockBytes

StgOpenStorageOnILockBytes

CoGetClassObject

CoDisconnectObject

OleIsCurrentClipboard

CoTaskMemAlloc

ReleaseStgMedium

CreateBindCtx

CoTreatAsClass

StringFromCLSID

ReadClassStg

ReadFmtUserTypeStg

OleRegGetUserType

WriteClassStg

WriteFmtUserTypeStg

SetConvertStg

CoTaskMemFree

CLSIDFromString

CLSIDFromProgID

CoUninitialize

CoInitialize

OleFlushClipboard

CoRegisterMessageFilter

CreateStreamOnHGlobal

OleDuplicateData

oleaut32

VariantClear

VariantChangeType

VariantInit

SysAllocStringLen

OleCreateFontIndirect

SysStringLen

SysAllocStringByteLen

SysStringByteLen

VariantTimeToSystemTime

SystemTimeToVariantTime

SafeArrayDestroy

SysAllocString

RegisterTypeLi

LoadTypeLi

LoadRegTypeLi

SafeArrayUnaccessData

SafeArrayAccessData

SafeArrayGetUBound

SafeArrayGetLBound

SafeArrayGetElemsize

SafeArrayGetDim

SafeArrayCreate

SafeArrayRedim

VariantCopy

SafeArrayAllocData

SafeArrayAllocDescriptor

SafeArrayCopy

SafeArrayGetElement

SafeArrayPtrOfIndex

SafeArrayPutElement

SafeArrayLock

SafeArrayUnlock

SafeArrayDestroyData

SafeArrayDestroyDescriptor

SysReAllocStringLen

VarDateFromStr

VarBstrFromCy

VarBstrFromDec

VarDecFromStr

VarCyFromStr

VarBstrFromDate

SysFreeString

Exports

?CreateMediaAudioPlayer@@YAPAVIMediaAudioPlayer@@XZ

?CreateMediaVideoPlayer@@YAPAVIMediaVideoPlayer@@XZ

?ReleaseMediaAudioPlayer@@YAXPAVIMediaAudioPlayer@@@Z

?ReleaseMediaVideoPlayer@@YAXPAVIMediaVideoPlayer@@@Z

CreateWmpPlayer

ReleaseWmpPlayer

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/CoreAVC0.ax

.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/12/2009, 00:00

Not After

02/12/2011, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:c8:5c:3a:53:e1:48:67:69:9a:2c:04:95:b0:a0:31:37:1d:57:a4
Signer

Actual PE Digest

92:c8:5c:3a:53:e1:48:67:69:9a:2c:04:95:b0:a0:31:37:1d:57:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

Configure

DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

Sections

.
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

bin/DshowPlayer.dll

.dll windows:5 windows x86 arch:x86

61d9f42845cb3ca2b168cd8c87458a92

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

75:79:75:ab:f3:2b:91:06:e0:ce:14:ec:ce:94:8b:cf:ee:e2:9a:58
Signer

Actual PE Digest

75:79:75:ab:f3:2b:91:06:e0:ce:14:ec:ce:94:8b:cf:ee:e2:9a:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\正式发布打包_勿动\601_2012版本\20120912_播放列表修复合并\KwResource\bin\release\pdb\DshowPlayer.pdb

Imports

kernel32

LoadLibraryA

GetProcAddress

MultiByteToWideChar

SizeofResource

LockResource

LoadResource

FindResourceA

FindResourceExA

WideCharToMultiByte

GetCurrentProcess

FreeLibrary

SetProcessAffinityMask

HeapDestroy

HeapFree

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

DisableThreadLibraryCalls

InterlockedCompareExchange

Sleep

InterlockedExchange

GetProcessAffinityMask

DeleteCriticalSection

InitializeCriticalSection

LeaveCriticalSection

EnterCriticalSection

RaiseException

GetProcessHeap

HeapSize

HeapReAlloc

HeapAlloc

user32

GetDC

ReleaseDC

GetClientRect

DefWindowProcA

PostQuitMessage

SetWindowLongA

ole32

CoUninitialize

CoInitialize

CoCreateInstance

oleaut32

VariantClear

VariantInit

shlwapi

PathFileExistsA

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

kwlog

?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

msvcr90

strstr

strnlen

_purecall

_mbscmp

_mbslwr_s

free

memset

_unlock

??3@YAXPAX@Z

_encode_pointer

_lock

memmove_s

_decode_pointer

_malloc_crt

_encoded_null

_initterm

_initterm_e

_amsg_exit

_adjust_fdiv

__CppXcptFilter

_except_handler4_common

?terminate@@YAXXZ

?_type_info_dtor_internal_method@type_info@@QAEXXZ

__clean_type_info_names_internal

_crt_debugger_hook

memcpy_s

_onexit

??2@YAPAXI@Z

__dllonexit

_except_handler3

__CxxFrameHandler3

_CxxThrowException

kwlib

?IsIE9OrHigher@utility@KwLib@@YAHXZ

kwmodconfig

AfxGetConfigManager

Exports

GetDshowPlayer

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/DuiLib.dll

.dll windows:5 windows x86 arch:x86

013de4afd9839cc98c18533bb9c52f2b

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

e7:65:57:f2:4f:c0:5b:ce:83:55:03:c6:a8:67:2a:bf:fe:c6:1a:89
Signer

Actual PE Digest

e7:65:57:f2:4f:c0:5b:ce:83:55:03:c6:a8:67:2a:bf:fe:c6:1a:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\正式发布打包_勿动\601_2012版本\20120912_播放列表修复合并\KwResource\bin\release\pdb\DuiLib.pdb

Imports

riched20

ord4

kernel32

ReleaseMutex

CreateMutexA

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

QueryPerformanceCounter

InterlockedCompareExchange

InterlockedExchange

CreateEventA

TerminateThread

SetEvent

WaitForSingleObject

GetFileType

CreateDirectoryA

GetCurrentProcess

SystemTimeToFileTime

SetFilePointer

DosDateTimeToFileTime

CloseHandle

ReadFile

GetFileSize

CreateFileA

GetCurrentDirectoryA

GetModuleHandleA

GetModuleFileNameA

SetCurrentDirectoryA

DisableThreadLibraryCalls

LockResource

SizeofResource

LoadResource

FreeResource

FindResourceA

GetLastError

WideCharToMultiByte

LoadLibraryA

GetProcAddress

MultiByteToWideChar

GetACP

MulDiv

GetTickCount

Sleep

IsDebuggerPresent

user32

IsWindow

GetCursorPos

EnableWindow

LoadCursorA

HideCaret

ShowCaret

GetSysColor

CreateCaret

SetCaretPos

UpdateWindow

CharPrevA

SetRect

UpdateLayeredWindow

GetWindowDC

GetFocus

WindowFromPoint

GetUpdateRect

PeekMessageA

KillTimer

IsRectEmpty

ShowWindowAsync

CharNextA

SetParent

GetWindowTextLengthA

GetWindowTextA

SetWindowTextA

MapWindowPoints

ClientToScreen

RegisterClassExA

GetClassInfoExA

GetPropA

GetParent

wsprintfA

SetFocus

SendMessageA

InflateRect

GetMenu

SetPropA

UnionRect

CreateWindowExA

PostMessageA

wvsprintfA

AdjustWindowRectEx

GetSystemMetrics

LoadImageA

CallWindowProcA

RegisterClassA

GetWindow

EndPaint

DestroyWindow

FillRect

SetCapture

InvalidateRgn

BeginPaint

GetDC

IntersectRect

InvalidateRect

CreateAcceleratorTableA

ReleaseDC

DefWindowProcA

ReleaseCapture

GetMessageA

GetKeyState

TranslateMessage

GetDesktopWindow

DispatchMessageA

SystemParametersInfoA

SetWindowRgn

SetTimer

GetWindowRect

PostQuitMessage

IsIconic

IsZoomed

SetForegroundWindow

GetClientRect

PtInRect

SetWindowPos

GetWindowLongA

SetWindowLongA

ScreenToClient

SetCursor

MessageBoxA

MoveWindow

IsWindowVisible

ShowWindow

MonitorFromWindow

OffsetRect

GetMonitorInfoA

gdi32

CreateRectRgn

Rectangle

SetWindowOrgEx

TextOutA

CreateSolidBrush

GetTextColor

ExtSelectClipRgn

RoundRect

GetClipBox

SetStretchBltMode

CombineRgn

GetCharABCWidthsA

CreateRectRgnIndirect

SelectClipRgn

SetBkMode

CreatePen

SetBkColor

StretchBlt

SetTextColor

LineTo

MoveToEx

GetDeviceCaps

GetTextExtentPoint32A

CreateCompatibleBitmap

BitBlt

DeleteDC

SaveDC

CreateRoundRectRgn

RestoreDC

CreateFontIndirectA

DeleteObject

CreateDIBSection

SelectObject

CreateCompatibleDC

GdiFlush

GetStockObject

GetObjectA

GetTextMetricsA

advapi32

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

shell32

ShellExecuteA

ole32

OleLockRunning

CLSIDFromProgID

CLSIDFromString

CoCreateInstance

msvcp90

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z