dialog
initDialog
show
Overview
overview
4Static
static
32733c0d7b1...18.exe
windows7-x64
32733c0d7b1...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3AniGIF.dll
windows7-x64
3AniGIF.dll
windows10-2004-x64
3Communicate.dll
windows7-x64
3Communicate.dll
windows10-2004-x64
3FSkill.exe
windows7-x64
3FSkill.exe
windows10-2004-x64
3VnetClinfo.dll
windows7-x64
3VnetClinfo.dll
windows10-2004-x64
3YBNTSrv.exe
windows7-x64
4YBNTSrv.exe
windows10-2004-x64
4YBProces.exe
windows7-x64
3YBProces.exe
windows10-2004-x64
3YBProces.exe
windows7-x64
3YBProces.exe
windows10-2004-x64
3YiBopal.exe
windows7-x64
YiBopal.exe
windows10-2004-x64
play.exe
windows7-x64
3play.exe
windows10-2004-x64
3protections.exe
windows7-x64
3protections.exe
windows10-2004-x64
3update.exe
windows7-x64
4update.exe
windows10-2004-x64
4update.exe
windows7-x64
4update.exe
windows10-2004-x64
4Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
2733c0d7b1c3bb3444dade14a05ad7fe_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2733c0d7b1c3bb3444dade14a05ad7fe_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
AniGIF.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
AniGIF.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
Communicate.dll
Resource
win7-20240729-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
Communicate.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
FSkill.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral14
Sample
FSkill.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral15
Sample
VnetClinfo.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral16
Sample
VnetClinfo.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral17
Sample
YBNTSrv.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral18
Sample
YBNTSrv.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral19
Sample
YBProces.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral20
Sample
YBProces.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral21
Sample
YBProces.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral22
Sample
YBProces.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral23
Sample
YiBopal.exe
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral24
Sample
YiBopal.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral25
Sample
play.exe
Resource
win7-20240903-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral26
Sample
play.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
7 signatures
150 seconds
Behavioral task
behavioral27
Sample
protections.exe
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral28
Sample
protections.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral29
Sample
update.exe
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral30
Sample
update.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral31
Sample
update.exe
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral32
Sample
update.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
2733c0d7b1c3bb3444dade14a05ad7fe_JaffaCakes118
-
Size
565KB
-
MD5
2733c0d7b1c3bb3444dade14a05ad7fe
-
SHA1
7a27511d8c66fbc3629999bb0f2a8d5ce23a1640
-
SHA256
7e161d43cd900383d2faccc34aac07834e50e77571f01a509e3b23d4bcf85d65
-
SHA512
4dc85d6cf73834528466f7b1b3a846f053e7395c8ce2e8d448df182abc4e8b5a671136a28ab7ee7eeb35817715ceb92e9bfb3f61fdc08079b4a340ceebcec9d0
-
SSDEEP
12288:9AmVuhPQihP5jvdRzYmf6BsDX+MqNhc4YeAu:9jVuhQyxVR8mfhDzqABeAu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource 2733c0d7b1c3bb3444dade14a05ad7fe_JaffaCakes118 unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/nsDialogs.dll unpack001/YiBopal.exe -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
2733c0d7b1c3bb3444dade14a05ad7fe_JaffaCakes118.exe windows:4 windows x86 arch:x86
099c0646ea7282d232219f8807883be0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/042.bmp
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
b1cd0d78f652ce5fc63f0879371af012
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
user32
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
gdi32
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
shell32
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/meituWel.ini
-
$PLUGINSDIR/modern-header.bmp
-
$PLUGINSDIR/nsDialogs.dll.dll windows:4 windows x86 arch:x86
1e2884056e655f2b7bc5a904e352fc80
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA
user32
GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect
gdi32
SetTextColor
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
comdlg32
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 572B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/titled.ini
-
AniGIF.ocx.dll regsvr32 windows:4 windows x86 arch:x86
167b5760c6be28458e606aaa61aadd12
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0c:ea:af:6d:d9:ca:4e:7d:5a:3f:90:b6:d8:ed:4f:3a:90:c5:e2Signer
Actual PE Digest6a:0c:ea:af:6d:d9:ca:4e:7d:5a:3f:90:b6:d8:ed:4f:3a:90:c5:e2Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvbvm60
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
ord518
__vbaI2Abs
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaI4Abs
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
__vbaBoolVar
__vbaStrFixstr
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaGet3
__vbaAryConstruct2
__vbaPutOwner3
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
ord568
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
__vbaUbound
__vbaGetOwner3
__vbaGetOwner4
__vbaI2Var
__vbaFileSeek
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaVar2Vec
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaCheckTypeVar
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
_CIatan
__vbaStrMove
ord618
__vbaCastObj
_allmul
_CItan
__vbaUI1Var
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaRecAssign
__vbaFreeObj
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 72KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Communicate.dll.dll windows:4 windows x86 arch:x86
e2a54059b3c1e5c11b78529ab6172893
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
a8:b8:3c:76:f0:b6:68:8d:53:73:75:1f:1d:b0:59:1f:f8:1a:8a:5eSigner
Actual PE Digesta8:b8:3c:76:f0:b6:68:8d:53:73:75:1f:1d:b0:59:1f:f8:1a:8a:5eDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetEnvironmentStringsW
MapViewOfFile
CloseHandle
GetLastError
CreateFileMappingA
ReleaseMutex
OpenFileMappingA
WaitForSingleObject
CreateMutexA
WriteFile
SetFilePointer
CreateFileA
GetLocalTime
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
UnmapViewOfFile
HeapDestroy
HeapCreate
VirtualFree
HeapFree
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
RtlUnwind
user32
FindWindowExA
PostMessageA
SendMessageA
wsprintfA
Exports
Exports
??0CCommunicate@@QAE@XZ
??4CCommunicate@@QAEAAV0@ABV0@@Z
?CleanFileMap@CCommunicate@@SAHPAX@Z
?CreateFileMap@CCommunicate@@SAHAAPAX@Z
?GetClientInfo@CCommunicate@@SAHAAU_CLIENTINFO@@@Z
?GetData@CCommunicate@@SAHHPAXHAAH@Z
?Log@CCommunicate@@SAXPBD0ZZ
?LogDebug@CCommunicate@@SAXPBD0ZZ
?LogError@CCommunicate@@SAXPBDZZ
?PostMessageA@CCommunicate@@SAHIJ@Z
?Read@CCommunicate@@CAHHPAXHAAH@Z
?ReleaseAndCloseHandle@CCommunicate@@SAHPAX@Z
?SetData@CCommunicate@@SAHHPAXH@Z
?UnMapViewOfFile@CCommunicate@@CAHPAX@Z
?WaitMutex@CCommunicate@@SAPAXH@Z
?Write@CCommunicate@@CAHHPAXH@Z
?fnCommunicate@@YAHXZ
?nCommunicate@@3HA
Sections
.text Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FSkill.exe.exe windows:4 windows x86 arch:x86
5397f37f2d22063f1bf2a94f14f756d1
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
8f:0a:73:00:c0:1d:e6:cf:dc:f4:95:23:5f:0f:bd:c4:52:fa:32:25Signer
Actual PE Digest8f:0a:73:00:c0:1d:e6:cf:dc:f4:95:23:5f:0f:bd:c4:52:fa:32:25Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
ord592
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
ord563
ord670
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
ord616
ord617
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
Sections
.text Size: 88KB - Virtual size: 85KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
VnetClinfo.ocx.dll regsvr32 windows:4 windows x86 arch:x86
2c43b9ceda934a8df955bb5505b07c25
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
a5:ac:89:ad:60:da:9a:64:ed:0d:fa:39:b0:ae:ac:39:82:90:62:9aSigner
Actual PE Digesta5:ac:89:ad:60:da:9a:64:ed:0d:fa:39:b0:ae:ac:39:82:90:62:9aDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
rasapi32
RasGetConnectStatusA
RasEnumConnectionsA
RasGetProjectionInfoA
mfc42
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1168
ord6467
ord1227
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord1089
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord4837
ord1131
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord2860
ord2541
ord4949
ord1601
ord2764
ord4202
ord5683
ord539
ord2956
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord2514
ord6052
ord1775
ord2385
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord802
ord1085
ord542
ord3663
ord2841
ord2107
ord5450
ord5440
ord6383
ord6394
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4278
ord939
ord926
ord538
ord924
ord922
ord2915
ord5572
ord2818
ord2614
ord858
ord823
ord540
ord535
ord860
ord537
ord941
ord800
ord825
ord1176
ord1116
ord1132
ord4361
ord4441
msvcrt
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
fseek
_strcmpi
_stricmp
strerror
__dllonexit
?terminate@@YAXXZ
_except_handler3
_EH_prolog
atoi
_mbsicmp
wcslen
wcsncpy
_mbsnicmp
_mbsncmp
_mbscmp
strtol
_errno
fopen
__CxxFrameHandler
fclose
fread
_mbccpy
wctomb
_mbsnbcmp
_mbschr
_mbclen
ftell
kernel32
LocalAlloc
LocalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetModuleFileNameA
WideCharToMultiByte
lstrlenW
GetLastError
CreateFileA
DeviceIoControl
CloseHandle
user32
FillRect
EnableWindow
CharNextA
gdi32
GetStockObject
Ellipse
advapi32
RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
ole32
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoInitialize
oleaut32
LoadRegTypeLi
communicate
?GetData@CCommunicate@@SAHHPAXHAAH@Z
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
YBNTSrv.exe.exe windows:4 windows x86 arch:x86
71f3e569b245e3711c6252ab0a187bd8
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:86:41:c4:88:4a:a5:ed:00:c5:16:75:cb:d2:47:cf:e9:4d:b7:d8Signer
Actual PE Digest2e:86:41:c4:88:4a:a5:ed:00:c5:16:75:cb:d2:47:cf:e9:4d:b7:d8Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord592
__vbaBoolStr
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaStrFixstr
_CIsin
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
ord563
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
ord616
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
YBProces.exe.exe windows:4 windows x86 arch:x86
954a03fce2e093b993e595a30e09b8d2
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
21:1a:27:01:dc:db:a5:18:fd:07:16:5f:e3:1d:39:69:fa:9b:b9:83Signer
Actual PE Digest21:1a:27:01:dc:db:a5:18:fd:07:16:5f:e3:1d:39:69:fa:9b:b9:83Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLineInputStr
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord592
__vbaExitProc
ord593
__vbaVarForInit
ord594
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord305
__vbaStrFixstr
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaVargVarMove
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
ord563
ord670
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaStrR8
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
ord313
__vbaPrintFile
__vbaStrToUnicode
ord712
ord314
ord606
_adj_fprem
_adj_fdivr_m64
ord315
__vbaVarDiv
ord316
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaVarMod
ord616
__vbaVarCopy
__vbaVarSetObjAddref
ord617
_CIatan
__vbaI2ErrVar
__vbaStrMove
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
YBProces.exe.new.exe windows:4 windows x86 arch:x86
954a03fce2e093b993e595a30e09b8d2
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
21:1a:27:01:dc:db:a5:18:fd:07:16:5f:e3:1d:39:69:fa:9b:b9:83Signer
Actual PE Digest21:1a:27:01:dc:db:a5:18:fd:07:16:5f:e3:1d:39:69:fa:9b:b9:83Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLineInputStr
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord592
__vbaExitProc
ord593
__vbaVarForInit
ord594
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord305
__vbaStrFixstr
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaVargVarMove
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
ord563
ord670
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaStrR8
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
ord313
__vbaPrintFile
__vbaStrToUnicode
ord712
ord314
ord606
_adj_fprem
_adj_fdivr_m64
ord315
__vbaVarDiv
ord316
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaVarMod
ord616
__vbaVarCopy
__vbaVarSetObjAddref
ord617
_CIatan
__vbaI2ErrVar
__vbaStrMove
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
YiBopal.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 200KB - Virtual size: 197KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 40KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
play.exe.exe windows:4 windows x86 arch:x86
611d4d210dba59bd2ea69c55247982f7
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
ae:5b:5c:ce:76:6a:72:f6:84:a6:2c:64:d8:00:7a:a8:05:39:ea:82Signer
Actual PE Digestae:5b:5c:ce:76:6a:72:f6:84:a6:2c:64:d8:00:7a:a8:05:39:ea:82Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLineInputStr
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaLateMemSt
ord592
__vbaForEachCollObj
__vbaStrBool
ord593
__vbaExitProc
__vbaBoolStr
__vbaVarForInit
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaFpR4
ord520
__vbaStrFixstr
__vbaBoolVar
__vbaVarTstLt
__vbaVargVar
__vbaRefVarAry
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
ord631
__vbaVargVarMove
ord632
__vbaNextEachCollObj
ord525
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaGet3
__vbaAryConstruct2
__vbaVarTstEq
ord560
__vbaVarLikeVar
__vbaObjVar
__vbaI2I4
__vbaPrintObj
DllFunctionCall
__vbaVarOr
ord563
__vbaVarLateMemSt
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaLateIdStAd
__vbaI2Str
__vbaVarDiv
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaLsetFixstrFree
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaInStr
__vbaVar2Vec
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
ord320
ord612
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaVarMod
__vbaVarTstGe
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaVarCopy
ord616
__vbaFpI4
__vbaVarSetObjAddref
ord617
__vbaLateMemCallLd
_CIatan
__vbaI2ErrVar
__vbaAryCopy
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaRecAssign
__vbaFreeStr
__vbaFreeObj
Sections
.text Size: 524KB - Virtual size: 522KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
protections.exe.exe windows:4 windows x86 arch:x86
54db7570f982ab40e2a30749988fc6aa
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
ab:fd:c7:78:b5:fe:bf:fe:a9:4c:5a:79:2f:3a:73:6e:36:2f:f8:8dSigner
Actual PE Digestab:fd:c7:78:b5:fe:bf:fe:a9:4c:5a:79:2f:3a:73:6e:36:2f:f8:8dDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
ord592
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
ord563
ord670
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
ord616
ord617
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 64KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
update.exe.exe windows:4 windows x86 arch:x86
a3826ed22478796146d38e9f1c191ce6
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
2d:44:00:e0:21:cc:58:c4:41:64:1f:e9:35:52:d0:17:c0:56:12:dcSigner
Actual PE Digest2d:44:00:e0:21:cc:58:c4:41:64:1f:e9:35:52:d0:17:c0:56:12:dcDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord592
__vbaVarForInit
ord593
ord594
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord305
ord520
ord307
__vbaRefVarAry
_CIsin
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
ord560
DllFunctionCall
ord563
ord670
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaStrR8
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord313
__vbaStrToUnicode
__vbaPrintFile
ord314
ord606
_adj_fprem
_adj_fdivr_m64
ord315
ord607
ord316
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarCopy
__vbaFpI4
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 60KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
update.exe.new.exe windows:4 windows x86 arch:x86
a3826ed22478796146d38e9f1c191ce6
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
2d:44:00:e0:21:cc:58:c4:41:64:1f:e9:35:52:d0:17:c0:56:12:dcSigner
Actual PE Digest2d:44:00:e0:21:cc:58:c4:41:64:1f:e9:35:52:d0:17:c0:56:12:dcDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord592
__vbaVarForInit
ord593
ord594
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord305
ord520
ord307
__vbaRefVarAry
_CIsin
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
ord560
DllFunctionCall
ord563
ord670
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaStrR8
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord313
__vbaStrToUnicode
__vbaPrintFile
ord314
ord606
_adj_fprem
_adj_fdivr_m64
ord315
ord607
ord316
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarCopy
__vbaFpI4
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 60KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
vico.ocx.dll regsvr32 windows:4 windows x86 arch:x86
0ee32a238b8a431041b9c4a3695241ab
Code Sign
42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before25/04/2007, 00:00Not After09/07/2019, 18:40SubjectCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before09/07/1999, 18:31Not After09/07/2019, 18:40SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before30/04/2007, 00:00Not After29/04/2012, 23:59SubjectCN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
ba:b7:4e:10:6b:12:d2:b7:1d:ec:13:78:f0:13:75:7eCertificate
IssuerCN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=USNot Before01/07/2010, 00:00Not After01/07/2011, 23:59SubjectCN=大连雅信科技发展有限公司,OU=WoSign Class 3 Code Signing,O=大连雅信科技发展有限公司,L=大连市,ST=辽宁省,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
33:2e:1e:82:2a:ec:1c:69:2e:11:92:4e:1f:26:ee:d4:fe:0d:af:90Signer
Actual PE Digest33:2e:1e:82:2a:ec:1c:69:2e:11:92:4e:1f:26:ee:d4:fe:0d:af:90Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvbvm60
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaAptOffset
__vbaGosubReturn
__vbaStrVarMove
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaI2Abs
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord665
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaStrTextCmp
__vbaFpR8
_CIsin
ord709
ord631
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaGosubFree
__vbaCyVar
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaGosub
__vbaFPException
__vbaUbound
__vbaCheckType
__vbaI2Var
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
__vbaFpCSngR4
_CItan
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 152KB - Virtual size: 149KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ