输入法（解压密码：sogou）[.]zip

Resubmissions

08-10-2024 07:24

241008-h8prmayfnh 10

08-10-2024 07:10

241008-hzqmkayble 10

Sharing

Copy URL

Twitter E-mail

General

Target

输入法（解压密码：sogou）.zip
Size

155.6MB
MD5

382a1252ea33ef78ab974669107bcdbf
SHA1

08037aa68d04e4f2c0fab50d7c87dd827310b406
SHA256

e4cd575a0afa2a039622b62aabd9aa024851ac716d3d64edf59a2d639632bcb6
SHA512

6d9c5d1cd1d528ce5c8108eed3a9dab831650a7c00f582b9c337f438c50f165df1a2df9aa2b77a50d29c4a0b14c2c58b5ca7c7468285a456316b607695059b1e
SSDEEP

3145728:B73yWE7TAIFHM+jmoil2axup/ZlSX5Z0JU7B6TF8EY1VAs+R0Lpb/d5ovqgduQ:pg3FHMXoil2ax+/OpKJUy8EMqh0Lpbop

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack002/sogou.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/sougou_output.exe
unpack002/$PLUGINSDIR/INetC.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/out.upx

Files

输入法（解压密码：sogou）.zip
.zip

Password: sogou
sougou_output.exe
.exe windows:4 windows x86 arch:x86

Password: sogou

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:4 windows x86 arch:x86

Password: sogou

163fdad7b5f915e3a0ca7ad1d08b4ff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
CreateThread
LocalAlloc
lstrcpynW
SleepEx
MulDiv
GetModuleHandleW
GetTickCount
ReadFile
CreateFileA
CreateFileW
GetFileSize
lstrcmpiW
lstrcatW
LoadLibraryA
lstrcmpW
lstrlenA
MultiByteToWideChar
WriteFile
lstrlenW
CloseHandle
GetLastError
DeleteFileW
GetProcAddress
WideCharToMultiByte
LocalFree
TerminateThread
GlobalAlloc
GlobalFree
SetFilePointer
WaitForSingleObject

user32

wsprintfA
FindWindowExW
GetWindowLongW
IsWindow
CreateDialogParamW
ShowWindow
GetParent
DispatchMessageW
LoadIconW
KillTimer
PostMessageW
IsDialogMessageW
SetWindowPos
SetWindowTextW
GetMessageW
SendDlgItemMessageW
TranslateMessage
EnableWindow
RedrawWindow
UpdateWindow
GetWindowRect
SendMessageW
SetTimer
SetWindowLongW
wsprintfW
SetDlgItemTextW
GetDlgItem
IsWindowVisible
MessageBoxW
GetClientRect
DestroyWindow
SystemParametersInfoW
GetWindowTextW

comctl32

ord17

wininet

HttpSendRequestExW
InternetErrorDlg
InternetWriteFile
HttpSendRequestW
InternetSetFilePointer
HttpAddRequestHeadersA
FtpCreateDirectoryW
InternetCrackUrlW
FtpOpenFileW
InternetSetOptionW
InternetOpenW
InternetGetLastResponseInfoW
HttpEndRequestW
InternetReadFile
HttpAddRequestHeadersW
HttpQueryInfoW
InternetCloseHandle
InternetConnectW
InternetQueryOptionW
HttpOpenRequestW

Exports

Exports

get
head
post
put

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sogou.exe
.exe windows:5 windows x86 arch:x86

Password: sogou

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cf:8d:b1:67:fd:57:f4:65:79:a7:31:c0:1c:4f:39:02:9f:88:03:1b:82:ae:4a:f9:2c:47:b3:6d:29:13:2e
Signer

Actual PE Digest

03:cf:8d:b1:67:fd:57:f4:65:79:a7:31:c0:1c:4f:39:02:9f:88:03:1b:82:ae:4a:f9:2c:47:b3:6d:29:13:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/HWSignature.dll
.dll windows:6 windows x86 arch:x86

Password: sogou

cdd42c264bacf432f4003380d6c8ce27

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6
Signer

Actual PE Digest

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\HWSignature.pdb

Imports

ws2_32

WSAStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

EnterCriticalSection
CreateFileW
DecodePointer
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
DeviceIoControl
lstrcatA
CopyFileA
CreateFileA
GetSystemDirectoryA
CloseHandle
HeapAlloc
GetProcessHeap
lstrcpyA
lstrlenA
GlobalAlloc
LocalAlloc
GetLastError
LoadLibraryA
GetVersionExA
GetProcAddress
LocalFree
FreeLibrary
HeapReAlloc
SetLastError
GlobalFree
GetTickCount
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
WriteConsoleW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize

user32

IsCharAlphaNumericA
wsprintfA

Exports

Exports

DLLGenHWID
GenHWID
GetDllVersionA

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ImageMagik.dll
.dll windows:6 windows x86 arch:x86

Password: sogou

f204f2299a0324f196a8576faef59e72

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:ab:59:bb:f3:13:fc:85:33:e2:9c:a6:b7:5d:4c:d1:84:0c:a2:7d:67:cc:d8:6a:a1:17:d2:68:42:62:57:e3
Signer

Actual PE Digest

59:ab:59:bb:f3:13:fc:85:33:e2:9c:a6:b7:5d:4c:d1:84:0c:a2:7d:67:cc:d8:6a:a1:17:d2:68:42:62:57:e3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\data\landun\workspace\p-a6b81373d56245738becf19644b9638b\src\third_party_build\imagemagick\tmp\x86\RelWithDebInfo\ImageMagik.pdb

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetExitCodeProcess
GetSystemTimeAsFileTime
GetConsoleOutputCP
LoadLibraryA
MultiByteToWideChar
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
ReadFile
WriteFile
PeekNamedPipe
SetEvent
ResetEvent
ReadConsoleInputA
DeviceIoControl
DuplicateHandle
GetConsoleWindow
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventW
WaitForMultipleObjects
GetExitCodeThread
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateMutexA
GetCurrentThreadId
ExitProcess
MoveFileExW
GetFileInformationByHandle
AttachConsole
GetThreadLocale
GetLocaleInfoA
WideCharToMultiByte
GetModuleHandleW
FreeLibrary
GetVersion
CreateProcessA
CreateEventA
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetShortPathNameW
GetCommandLineW
GetStdHandle
GetFileAttributesW
GetCurrentDirectoryW
TerminateProcess
GetSystemInfo
SetConsoleMode
GetConsoleMode
GetFileInformationByHandleEx
IsDebuggerPresent
GetFileType
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetProcessAffinityMask
GetNativeSystemInfo
GetCurrentProcess
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CloseHandle
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AllocConsole
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
RaiseException
GetComputerNameW
GetModuleHandleA
GetModuleFileNameW
VirtualQuery
GetWindowsDirectoryW
GetSystemDirectoryW
DebugBreak
LoadLibraryW
GetProcAddress
FormatMessageW
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateFileW
LocalFree
GetCurrentProcessId
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetLastError
PeekConsoleInputA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EncodePointer
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetEndOfFile
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesExW
SetFileAttributesW
FlushFileBuffers
SetFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetConsoleCP
CreatePipe
CreateProcessW
GetFullPathNameW
FindClose
FindFirstFileExW
FindNextFileW
SetFilePointerEx
ReadConsoleW
HeapFree
HeapAlloc
HeapReAlloc
DecodePointer
GetFileSizeEx
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
GetStringTypeW
GetNumberOfConsoleInputEvents
ReadConsoleInputW
GetOEMCP
GetCommandLineA
GetProcessHeap
OutputDebugStringW
HeapSize
WriteConsoleW
GetTickCount
GetDiskFreeSpaceExW
GetVolumeInformationW
GetVolumePathNameW
GetModuleHandleExA
GetLogicalDrives
GetSystemDirectoryA
GetLongPathNameW
ReadDirectoryChangesW
GetDriveTypeA
GetFileSize

user32

PeekMessageA
MessageBoxA
FillRect
IsWindow
MsgWaitForMultipleObjectsEx
ReleaseDC
GetDC
SystemParametersInfoA
PostMessageA
LoadStringW

gdi32

Polyline
StretchDIBits
CreateSolidBrush
GetDeviceCaps
GdiFlush
CreateDIBSection
GetWorldTransform
Rectangle
SelectClipRgn
IntersectClipRect
GetClipRgn
GetClipBox
ExtCreateRegion
CreateRectRgn
CreateCompatibleBitmap
BitBlt
ExtTextOutW
GetObjectW
ModifyWorldTransform
SetWorldTransform
GetTextMetricsA
SetTextAlign
SetTextColor
SetMapMode
SetGraphicsMode
SetBkMode
SelectObject
SaveDC
RestoreDC
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsA
GetGlyphOutlineW
GetFontData
GetCharWidth32A
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetStockObject
GetGlyphOutlineA
CreatePen
CreateDCA
EnumFontFamiliesExW
ExtSelectClipRgn
GetGraphicsMode
CreateFontIndirectA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
CommandLineToArgvW

ole32

CoTaskMemFree

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
LookupAccountSidW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
GetFileSecurityW
GetSecurityDescriptorOwner
RegLoadMUIStringW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
GetUserNameW
BuildExplicitAccessWithNameW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup

ws2_32

ioctlsocket
closesocket
WSAStartup
getsockopt
recv
send
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSASetEvent
getservbyport
getservbyname
inet_pton
inet_ntop
htonl
htons
inet_addr
inet_ntoa
ntohs
gethostbyaddr
gethostbyname
WSASetLastError

dnsapi

DnsFree
DnsQuery_A

iphlpapi

NotifyRouteChange2
CancelMibChangeNotify2
GetIpForwardTable2

Exports

Exports

ImageMagickEx_FreePNGBuffer
ImageMagickEx_SVGToPNGBuffer
ImageMagickEx_SVGToPNGBufferByDpi

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

Password: sogou

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupFlash.swf
$PLUGINSDIR/SetupLib.dll
.dll windows:6 windows x86 arch:x86

Password: sogou

b7d3cc98eeef23680dc67f5bf5f2b60f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:fd:6b:06:72:74:9d:24:83:0a:aa:b0:d8:a7:c4:53:17:e7:dc:f7:5e:03:43:20:9b:67:7a:df:68:ef:06:2c
Signer

Actual PE Digest

b8:fd:6b:06:72:74:9d:24:83:0a:aa:b0:d8:a7:c4:53:17:e7:dc:f7:5e:03:43:20:9b:67:7a:df:68:ef:06:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SetupLib.pdb

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

wininet

InternetSetOptionW
HttpAddRequestHeadersA
InternetErrorDlg
InternetQueryOptionW
HttpOpenRequestA
InternetWriteFile
HttpAddRequestHeadersW
InternetReadFile
InternetConnectA
InternetCloseHandle
HttpSendRequestExW
HttpEndRequestW
InternetOpenW
InternetCrackUrlA

shlwapi

StrRetToBufW
SHDeleteKeyW
PathFileExistsW
StrToIntW
PathMatchSpecW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetDesktopFolder
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW
SHFileOperationW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

advapi32

CryptEncrypt
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptSetKeyParam
GetTokenInformation
CryptImportKey
SystemFunction036
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
RegDeleteValueW
LookupAccountSidW
RegEnumKeyW
LookupAccountNameW
AddAccessAllowedAce
GetUserNameW
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
GetFileSecurityW
FreeSid
OpenProcessToken
AddAce
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
BuildExplicitAccessWithNameW
EqualSid
GetAce
GetAclInformation
SetFileSecurityW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
LookupPrivilegeValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegOpenKeyW
ConvertSidToStringSidW
RegCreateKeyW
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
RegSaveKeyW
RegFlushKey
RegQueryInfoKeyW
CryptReleaseContext

kernel32

CreateProcessW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
GetTickCount
GetExitCodeProcess
Sleep
DeleteFileW
LockResource
Process32NextW
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
UnmapViewOfFile
GetSystemDirectoryW
GetCurrentThreadId
CreateFileW
WaitForSingleObject
VirtualProtect
VirtualQuery
OutputDebugStringA
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetLongPathNameW
GetNativeSystemInfo
RtlCaptureStackBackTrace
LeaveCriticalSection
TerminateProcess
EnterCriticalSection
SizeofResource
ReadFile
HeapDestroy
MoveFileExW
HeapSize
InitializeCriticalSectionEx
FindResourceW
GetModuleFileNameW
GetTempPathW
LoadLibraryExW
GetEnvironmentVariableW
DebugBreak
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LoadResource
FindResourceExW
RaiseException
SuspendThread
GetCurrentProcessId
FreeLibrary
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
LocalFree
GetProcAddress
DecodePointer
HeapAlloc
LoadLibraryW
CloseHandle
GetThreadContext
SetThreadContext
OutputDebugStringW
CreateFileA
CreateFileMappingA
GetLastError
LocalAlloc
FindClose
lstrlenA
InitializeCriticalSectionAndSpinCount
lstrlenW
GetCurrentProcess
FindNextFileW
GetFullPathNameW
SetLastError
HeapFree
FindFirstFileW
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
InitOnceBeginInitialize
InitOnceComplete
GetDriveTypeW
GlobalHandle
GlobalFree
Process32FirstW
HeapReAlloc
lstrcatW
lstrcpyW
GetCommandLineW
TerminateThread
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
QueryDosDeviceW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
GetLogicalDriveStringsW
FileTimeToSystemTime
GlobalLock
GetTempFileNameW
GlobalUnlock
CreateDirectoryW
GetProcessId
GetFileAttributesExW
SystemTimeToFileTime
CopyFileW
GetFileTime
WriteFile
SetFilePointer
DuplicateHandle
ExitThread
CreateEventW
FormatMessageW
CreateThread
GetFileSize
OpenMutexW
CreateMutexW
ReleaseMutex
GetVersionExW
OpenFileMappingW
GetWindowsDirectoryW
FlushFileBuffers
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
VirtualFree
VirtualAlloc
GetCurrentThread
GetExitCodeThread
SetThreadPriority
lstrcmpiW
GetDiskFreeSpaceExW
OpenEventW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
FormatMessageA
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
GlobalAlloc
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetFileSizeEx
GetConsoleOutputCP
SetConsoleCtrlHandler
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
WriteConsoleW
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
MoveFileExA
CompareFileTime
GetEnvironmentVariableA
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
SetConsoleMode
ReadConsoleA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
GetLocalTime
GetSystemInfo
GetCurrentDirectoryW
ResumeThread

user32

ClientToScreen
PtInRect
OffsetRect
ExitWindowsEx
SetCursor
GetProcessWindowStation
GetUserObjectInformationW
wvsprintfW
InsertMenuItemW
GetKeyState
ScreenToClient
GetWindowThreadProcessId
DrawTextW
UpdateLayeredWindow
GetFocus
MonitorFromPoint
GetDC
IsWindowVisible
CreatePopupMenu
GetWindowPlacement
IsWindowEnabled
GetMessageW
SetWindowPos
TrackPopupMenu
SetMenuItemInfoW
TrackMouseEvent
DestroyMenu
SetPropW
SetCapture
AppendMenuW
ReleaseCapture
GetCursorPos
WaitMessage
CallMsgFilterW
GetQueueStatus
GetMessagePos
SubtractRect
RegisterWindowMessageW
SetFocus
FindWindowW
MessageBoxIndirectW
LoadIconW
SetParent
SetActiveWindow
MonitorFromWindow
DispatchMessageW
ShowWindow
SetRect
GetMonitorInfoW
AttachThreadInput
GetForegroundWindow
GetMenuItemInfoW
GetSystemMenu
PostMessageW
SendMessageTimeoutW
GetMenuItemCount
DeleteMenu
wsprintfW
GetDlgItem
GetWindowTextLengthW
SetWindowTextW
KillTimer
EnableWindow
GetWindowTextW
FindWindowExW
MessageBoxW
CreateWindowExW
SendMessageW
RegisterClassExW
IsWindow
GetKeyboardLayoutList
LoadKeyboardLayoutW
LoadCursorW
GetClientRect
PeekMessageW
UnloadKeyboardLayout
GetClassInfoExW
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetWindowRect
FillRect
SetTimer
CopyRect
SetWindowLongW
LoadImageW
InvalidateRect
BeginPaint
EndPaint
DestroyIcon
UnregisterClassW
LoadStringW
CharNextW
DestroyWindow
MsgWaitForMultipleObjectsEx
TranslateMessage
WindowFromPoint
SetRectEmpty
PostQuitMessage
GetPropW
NotifyWinEvent
MoveWindow
GetDesktopWindow
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
GetSystemMetrics
IntersectRect
ReleaseDC

gdi32

CreateFontIndirectW
GetFontData
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
StretchBlt
DeleteDC
SetViewportOrgEx
DeleteObject
GetStockObject
GetObjectW
SetTextColor
SetBkMode
SetTextCharacterExtra
GetTextExtentExPointW
CreateDIBSection

ole32

OleCreate
OleSetContainedObject
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocString
VariantInit
SysFreeString
SysStringByteLen
VariantClear

imm32

ImmDisableIME
ImmGetIMEFileNameW
ImmInstallIMEW
ImmGetContext
ImmSetOpenStatus
ImmNotifyIME

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

msimg32

AlphaBlend

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

wldap32

ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217

bcrypt

BCryptGenRandom

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpCrackUrl

ws2_32

WSAIoctl
__WSAFDIsSet
select
gethostname
socket
htons
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
getpeername

oleacc

AccessibleObjectFromWindow
LresultFromObject

winmm

timeGetTime

Exports

Exports

AddAccess
AddAccessExec
AddAccessOnReg
AddAccess_RX
AddIE7ElevationPolicy
AddSogouImeMgrSchTasks
AttachProgressBar
BackupExe
BackupOtherFile
BackupSysDict
CancelDelayDelDir
CancleDelayDelDirWrap
CheckAccess
CheckInDelayDir
CheckRegKeyIsVolatile
CmpFile
CopyRegToArm32
CorrectSmartInfoUsed
CreateSmartInfoUid
CreateSogouInputUid
DefaultBrowserIsIE
DelBackupExe
DelayDelFile
DelayDelReg
DelayDeleteSogouImeFile
DeleteShortcut
DeleteShortcutWithPath
DeleteVolatileRegKey
DownloadQuiet
ExecWait
FilterSid
GetAppDataPath
GetArm32SysPath
GetBDInfo
GetCheckBoxState
GetFeedBackContact
GetFeedBackReason
GetFinishIds
GetFinishStats
GetHWID
GetHandleVerifier
GetHwndImage
GetHwndMain
GetImeInstallMutex
GetInstallPath
GetOSVersionTime
GetPPName
GetQQStatistics
GetRealOsVersion
GetSmartInfoOption
GetVerifyText
GuiInitAndAttach
HideChildWindows
ImageInstallingStart
InitResource
InstSuccessUserNetSchedule
InstallIME
InstalledIMEIsPre30b1
IsArmArch
IsFinishCheckBoxShow
IsFinishCloseBtnClicked
IsFullScreenActivated
IsInWin8
IsInX64
IsInXP
IsReadScreenEnable
IsRecommendTimeout
IsShowOpenMedal
IsSmartInfoEnable
IsSogouExplorerInstalled
IsSogouMobileInstalled
KillProcess
MonitorUninstallCompleted
MonitorVerifyUninstallSelect
MoveImeDir
MoveUrlGuideIcon
OnAbort
OnPageLeave
OnPagePre
OnPageShow
OpenPage
Ping
PluginToComp
QQMgrSetIESP
ReadIniStr
ReadSmartInfoOption
RemoveAppDataDir
RemoveCommonDir
RemoveDir
RemoveFireWall
RemoveIE7ElevationPolicy
RemoveSogouImeMgrSchTasks
RepairComponentRights
SECheckOSInstalled
SaveInstallTime
SetAccessRights
SetCheckBoxState
SetGuideQQUrl
SetLowLabel
SetMutex
SetPathAccessRightsRecursive
SetQQShowType
SetReboot
SetRecommendTime
SetShowQQ
SetSmartInfoOption
SetUrlInvite
SetWithType
ShowQQOrNot
SwitchIme
UnGuiInitAndAttach
UninstallInstPath
UninstallReg
UninstallUsrReg
UpdateFireWall
WaitAccountThread

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupLibNew.dll
.dll windows:6 windows x86 arch:x86

Password: sogou

ee645596d4a2b89985eed10af9de4f1f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:58:80:93:1c:d0:36:38:20:8f:44:87:ce:12:f0:6e:a3:95:b6:23:08:e1:a9:11:89:e7:89:6e:1d:da:24:88
Signer

Actual PE Digest

ba:58:80:93:1c:d0:36:38:20:8f:44:87:ce:12:f0:6e:a3:95:b6:23:08:e1:a9:11:89:e7:89:6e:1d:da:24:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SetupLibNew.pdb

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

wininet

HttpAddRequestHeadersW
InternetReadFile
InternetConnectA
InternetErrorDlg
InternetSetOptionW
HttpAddRequestHeadersA
InternetQueryOptionW
InternetCloseHandle
InternetWriteFile
InternetCrackUrlA
InternetOpenW
HttpEndRequestW
HttpOpenRequestA
HttpSendRequestExW

shlwapi

StrRetToBufW
SHDeleteKeyW
StrToIntW
PathFileExistsW

shell32

SHGetFolderPathW
ShellExecuteW
SHFileOperationW
ShellExecuteExW
SHGetDesktopFolder
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
DragQueryFileW

kernel32

DebugBreak
FreeLibrary
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
LocalFree
GetProcAddress
DecodePointer
HeapAlloc
LoadLibraryW
CloseHandle
OutputDebugStringW
GetLastError
LocalAlloc
FindClose
lstrlenA
InitializeCriticalSectionAndSpinCount
lstrlenW
GetCurrentProcess
FindNextFileW
GetFullPathNameW
SetLastError
HeapFree
FindFirstFileW
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
HeapDestroy
ReadFile
SizeofResource
EnterCriticalSection
TerminateProcess
LeaveCriticalSection
WaitForSingleObject
CreateFileW
GetCurrentThreadId
GetSystemDirectoryW
UnmapViewOfFile
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
Process32NextW
LockResource
LoadLibraryExW
GlobalAlloc
Process32FirstW
GlobalFree
RaiseException
FindResourceExW
LoadResource
GetSystemInfo
RtlCaptureStackBackTrace
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
GetCommandLineW
TerminateThread
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
QueryDosDeviceW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
GetLogicalDriveStringsW
FileTimeToSystemTime
GlobalLock
GlobalUnlock
CreateDirectoryW
SetFileTime
SystemTimeToFileTime
CopyFileW
GetFileTime
WriteFile
SetFilePointer
ExitThread
CreateEventW
FormatMessageW
CreateThread
GetFileSize
OpenMutexW
CreateMutexW
ReleaseMutex
GetVersionExW
OpenFileMappingW
GetWindowsDirectoryW
FlushFileBuffers
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
VirtualFree
VirtualAlloc
GetTickCount64
GetLocalTime
IsProcessorFeaturePresent
PeekNamedPipe
GetCurrentThread
MulDiv
GetDiskFreeSpaceExW
GetTempPathW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
GetStringTypeW
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetCPInfo
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
WriteConsoleW
LoadLibraryA
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
lstrcpyW
lstrcpynW
lstrcmpiW
FreeResource
GetCurrentDirectoryW
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
LocalFileTimeToFileTime
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetThreadPriority
WriteConsoleA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
VirtualQuery
SetThreadContext
GetThreadContext
SuspendThread
VirtualProtect
GetEnvironmentVariableW
InitializeSRWLock
GetModuleFileNameW
DeleteFileW
Sleep
GetExitCodeProcess
MoveFileW
GetTickCount
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
CreateProcessW
GetCurrentProcessId
MoveFileExW
FindResourceW

user32

GetClassInfoExW
BeginPaint
InvalidateRect
CallWindowProcW
GetWindowLongW
DefWindowProcW
SetCursor
PtInRect
SetFocus
MessageBoxIndirectW
SetParent
DestroyWindow
RemovePropW
GetClassInfoW
RegisterClassW
LoadIconW
GetPropW
ReplyMessage
SetPropW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
WindowFromPoint
SetRectEmpty
GetGUIThreadInfo
GetWindowThreadProcessId
MonitorFromPoint
GetDC
IsWindowVisible
SetWindowPos
MonitorFromWindow
GetSystemMetrics
ShowWindow
GetMonitorInfoW
LoadImageW
GetDesktopWindow
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
EndPaint
GetQueueStatus
CallMsgFilterW
WaitMessage
GetMessageW
IsZoomed
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetUpdateRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
UnionRect
OffsetRect
IsRectEmpty
GetWindow
NotifyWinEvent
GetWindowPlacement
CreatePopupMenu
AppendMenuW
TrackPopupMenu
InsertMenuItemW
SetMenuItemInfoW
SetWindowRgn
EqualRect
GetMenu
AdjustWindowRectEx
InflateRect
CharPrevW
DrawTextW
SetRect
UpdateLayeredWindow
MoveWindow
GetWindowRgn
DestroyMenu
EnableMenuItem
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
UpdateWindow
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
UnloadKeyboardLayout
DestroyIcon
GetUserObjectInformationW
GetProcessWindowStation
GetWindowRect
FillRect
SetTimer
GetClientRect
CopyRect
ClientToScreen
LoadCursorW
LoadKeyboardLayoutW
GetKeyboardLayoutList
IsWindow
CharNextW
RegisterClassExW
LoadStringW
UnregisterClassW
SendMessageW
CreateWindowExW
MessageBoxW
IntersectRect
PostQuitMessage
IsWindowEnabled
ReleaseDC
FindWindowExW
GetWindowTextW
EnableWindow
KillTimer
SetWindowTextW
GetWindowTextLengthW
GetMenuItemInfoW
GetSystemMenu
PostMessageW
SendMessageTimeoutW
GetMenuItemCount
DeleteMenu
wsprintfW
GetDlgItem
SetWindowLongW

gdi32

SelectClipRgn
ExtSelectClipRgn
GetDeviceCaps
CreateDIBSection
LineTo
CreateDIBitmap
CreateFontIndirectW
CreatePen
GetFontData
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
GetTextExtentPoint32W
GetDIBits
RestoreDC
SaveDC
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
GetClipBox
GetCharABCWidthsW
CombineRgn
CreateSolidBrush
CreatePenIndirect
CreateRectRgnIndirect
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreateDCW
PtInRegion
CreateRectRgn
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
SetTextColor
SetStretchBltMode
SetBkMode
DeleteObject
SetViewportOrgEx
DeleteDC
StretchBlt
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
SetBkColor

advapi32

CryptSignHashW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
LookupAccountSidW
RegDeleteValueW
GetTokenInformation
CryptDestroyHash
CryptCreateHash
CryptExportKey
RegEnumKeyW
RegQueryInfoKeyW
RegFlushKey
RegSaveKeyW
RegEnumKeyExW
RegUnLoadKeyW
RegLoadKeyW
RegCreateKeyW
ConvertSidToStringSidW
RegOpenKeyW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
LookupPrivilegeValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
LookupAccountNameW
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptEnumProvidersW

ole32

OleLockRunning
CLSIDFromString
ReleaseStgMedium
CreateStreamOnHGlobal
OleDuplicateData
DoDragDrop
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CLSIDFromProgID
CoInitializeEx

oleaut32

VariantInit
SysStringLen
VariantClear
SysAllocString
SysFreeString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imm32

ImmGetIMEFileNameW
ImmDisableIME
ImmSetOpenStatus
ImmInstallIMEW
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

psapi

GetModuleFileNameExW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

winmm

timeGetTime
timeSetEvent
timeKillEvent

winhttp

WinHttpCrackUrl
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpGetProxyForUrl

ws2_32

WSACleanup
closesocket
WSASetLastError
send
recv
gethostbyname
gethostname
WSAStartup
WSAGetLastError

oleacc

LresultFromObject

crypt32

CertGetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore

imagemagik

ImageMagickEx_FreePNGBuffer
ImageMagickEx_SVGToPNGBufferByDpi

bcrypt

BCryptGenRandom

Exports

Exports

AddAccess
AddAccessExec
AddAccessOnReg
AddAccess_RX
AddIE7ElevationPolicy
AddSogouImeMgrSchTasks
AttachProgressBar
CancelDelayDelDir
CancleDelayDelDirWrap
CheckAccess
CheckInDelayDir
CheckProcessIsRunning
CheckRegKeyIsVolatile
CmpFile
CopyRegToArm32
CorrectSmartInfoUsed
CreateSmartInfoUid
CreateSogouInputUid
DefaultBrowserIsIE
DelayDelFile
DelayDelReg
DelayDeleteSogouImeFile
DelayTakeEffectDark
DeleteShortcut
DeleteShortcutWithPath
DeleteVolatileRegKey
ExecWait
FilterSid
GetAppDataPath
GetArm32SysPath
GetBDInfo
GetCheckBoxState
GetFeedBackContact
GetFeedBackReason
GetFinishIds
GetFinishStats
GetHWID
GetHandleVerifier
GetHwndImage
GetHwndMain
GetImeInstallMutex
GetInstallPath
GetOSVersionTime
GetPPName
GetQQStatistics
GetSmartInfoOption
GetVerifyText
GuiInitAndAttach
HideChildWindows
ImageInstallingStart
InitResource
InstSuccessUserNetSchedule
InstallIME
InstalledIMEIsPre30b1
IsArmArch
IsBeforeWin10
IsFinishCheckBoxShow
IsFinishCloseBtnClicked
IsFullScreenActivated
IsInWin8
IsInX64
IsInXP
IsReadScreenEnable
IsRecommendTimeout
IsShowOpenMedal
IsSmartInfoEnable
IsSogouExplorerInstalled
IsSogouMobileInstalled
KillProcess
MonitorUninstallCompleted
MonitorVerifyUninstallSelect
MoveImeDir
MoveUrlGuideIcon
OnAbort
OnPageLeave
OnPagePre
OnPageShow
OpenPage
Ping
PluginToComp
QQMgrSetIESP
ReadIniStr
ReadSmartInfoOption
RegisterPluginUnloadCallback
RemoveAppDataDir
RemoveCommonDir
RemoveDir
RemoveFireWall
RemoveIE7ElevationPolicy
RemoveSogouImeMgrSchTasks
SECheckOSInstalled
SaveInstallTime
SendInstallInfo2Beacon
SetCheckBoxState
SetGuideQQUrl
SetLowLabel
SetMutex
SetPingbackCommonParam
SetQQShowType
SetReboot
SetRecommendTime
SetShowQQ
SetSmartInfoOption
SetUrlInvite
SetWithType
ShowQQOrNot
SwitchIme
UnGuiInitAndAttach
UninstallInstPath
UninstallReg
UninstallUsrReg
UpdateFireWall
WaitAccountThread

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupUi.cupf
$PLUGINSDIR/SogouPY.ime
.dll windows:6 windows x86 arch:x86

9a1abc92837bbdfedf80eccefc6a6ddf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:37:8b:b9:de:4d:5f:f6:f7:f3:69:b8:35:5f:0e:45:36:74:0c:91:69:5b:a4:2e:f7:65:69:5c:51:97:2f:4e
Signer

Actual PE Digest

0d:37:8b:b9:de:4d:5f:f6:f7:f3:69:b8:35:5f:0e:45:36:74:0c:91:69:5b:a4:2e:f7:65:69:5c:51:97:2f:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouPy.pdb

Imports

kernel32

SetEvent
CreateEventW
OpenMutexW
CreateFileMappingW
CreateThread
ReleaseMutex
WaitForSingleObject
GetProcAddress
DecodePointer
WaitNamedPipeW
GetSystemTimeAsFileTime
CreateFileW
WriteFile
SetNamedPipeHandleState
ReadFile
GetACP
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GlobalUnlock
TlsGetValue
DeleteCriticalSection
GlobalLock
GetCurrentThread
QueryPerformanceFrequency
LCMapStringW
QueryPerformanceCounter
SetFileAttributesW
ReleaseSemaphore
OpenWaitableTimerW
SetWaitableTimer
CreateWaitableTimerW
GetLocalTime
SwitchToThread
CreateSemaphoreW
LoadLibraryW
FreeLibrary
DeleteFileW
GetCurrentProcess
GlobalFree
GlobalAlloc
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
EnterCriticalSection
TlsSetValue
GetModuleFileNameA
GlobalAddAtomW
GlobalGetAtomNameW
OpenEventW
DebugBreak
GetTickCount
ResumeThread
GetTickCount64
VirtualFreeEx
GetModuleHandleW
GetCurrentProcessId
ReadProcessMemory
VirtualAllocEx
CloseHandle
OpenProcess
GetCurrentThreadId
HeapWalk
DuplicateHandle
HeapValidate
GetProcessHeaps
VirtualQuery
InitializeCriticalSectionEx
OpenThread
OutputDebugStringW
SetThreadPriority
GetSystemWow64DirectoryW
AttachConsole
GetConsoleDisplayMode
FreeConsole
SetLastError
GetCurrentDirectoryW
GetSystemInfo
LocalFree
LocalAlloc
CreateMutexW
GetStartupInfoW
MoveFileExW
CopyFileW
GetSystemTime
SetFilePointer
GetTempFileNameW
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
GlobalHandle
LoadLibraryA
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapSize
SetConsoleCtrlHandler
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetTempPathW
GetLastError
Sleep
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
RaiseException
VirtualProtect
LoadLibraryExA
ExitThread
FormatMessageW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryDosDeviceW
RemoveDirectoryW
GetLogicalDriveStringsW
FileTimeToSystemTime
CreateDirectoryW
GetProcessId
GetFileAttributesExW
CreateProcessW
GetFileTime
GetExitCodeProcess
lstrlenW
LoadLibraryExW
TlsAlloc
TlsFree
SizeofResource
LockResource
LoadResource
FindResourceW
HeapFree
GetFullPathNameW
lstrlenA
HeapAlloc
GetProcessHeap
GetVersionExW
GetWindowsDirectoryW
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TerminateProcess
IsProcessorFeaturePresent
PeekNamedPipe
ExpandEnvironmentStringsW
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
OutputDebugStringA
MulDiv
ReleaseSRWLockExclusive
GetUserDefaultLangID
FormatMessageA
QueryThreadCycleTime
GetThreadPriority
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
GetThreadId
IsDebuggerPresent
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
GetProcessTimes
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ResetEvent
PostQueuedCompletionStatus
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
lstrcatW
lstrcpyW
GlobalReAlloc
GetWindowsDirectoryA
CreateFileA
CreateFileMappingA
OpenFileMappingA
InitializeSRWLock
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
GetStringTypeW
EncodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetDriveTypeW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleFileNameW

user32

GetMenuItemID
GetWindowRect
GetWindow
GetWindowTextLengthW
GetGUIThreadInfo
SetRectEmpty
ReleaseDC
IsIconic
SetClipboardData
EmptyClipboard
CloseClipboard
GetMonitorInfoW
OpenClipboard
MonitorFromWindow
MonitorFromRect
SetWindowPos
GetDC
MonitorFromPoint
CharNextW
LoadStringW
WindowFromPoint
wsprintfW
MsgWaitForMultipleObjectsEx
SetPropW
ReplyMessage
LoadCursorW
RegisterClassW
GetClassInfoW
RemovePropW
CreateWindowExW
DefWindowProcW
EnableWindow
EndPaint
BeginPaint
ReleaseCapture
AppendMenuW
GetClientRect
SetCursor
SetCapture
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
TrackPopupMenu
GetWindowPlacement
RegisterClassExW
CreatePopupMenu
ScreenToClient
InsertMenuItemW
CallWindowProcW
DrawTextW
UpdateLayeredWindow
IntersectRect
SubtractRect
SetCaretPos
GetQueueStatus
wvsprintfW
FillRect
OffsetRect
DestroyIcon
GetKeyboardLayoutList
GetProcessWindowStation
GetUserObjectInformationW
GetClassLongW
RedrawWindow
SetClassLongW
GetCursor
SetWindowRgn
SetCursorPos
InflateRect
CopyRect
DialogBoxParamW
CreateDialogParamW
IsWindowVisible
SetScrollInfo
EqualRect
IsRectEmpty
DrawIconEx
PostQuitMessage
GetWindowThreadProcessId
GetWindowLongW
GetDesktopWindow
GetTopWindow
GetKeyState
SendInput
mouse_event
SetWindowsHookExW
UnhookWindowsHookEx
GetForegroundWindow
GetAsyncKeyState
GetSystemMetrics
CallNextHookEx
keybd_event
GetWindowTextW
GetAncestor
UnhookWinEvent
PtInRect
RegisterWindowMessageW
GetParent
SetWinEventHook
SetRect
GetClassNameW
FindWindowW
IsWindow
GetClassInfoExW
NotifyWinEvent
SendMessageW
GetFocus
LoadImageW
SystemParametersInfoW
EndDialog
LoadIconW
SetForegroundWindow
FindWindowExW
GetCaretPos
GetPropW
ClientToScreen
SendMessageTimeoutW
EnumWindows
DispatchMessageW
TranslateMessage
DestroyMenu
GetCursorPos
UnregisterClassW
GetMessageW
SetTimer
PeekMessageW
PostThreadMessageW
MessageBoxW
GetKeyboardState
SetWindowLongW
UnregisterHotKey
RegisterHotKey
KillTimer
DestroyWindow
InvalidateRect
ShowWindow
MoveWindow
GetMessageExtraInfo
PostMessageW

gdi32

GetObjectW
GetDeviceCaps
StretchBlt
BitBlt
CreateDCW
SetTextCharacterExtra
SetBkMode
SetTextColor
CreateFontIndirectW
GetFontData
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
MoveToEx
LineTo
GetStockObject
SelectClipRgn
CreatePen
CreateRectRgn
GetClipRgn
GetTextExtentExPointW
GetFontUnicodeRanges
CreateCompatibleBitmap
Rectangle
SelectObject
CreateDIBSection
CreateCompatibleDC
GetPixel
DeleteDC
SetBkColor
DeleteObject
CombineRgn
OffsetRgn
ExtCreateRegion
GetCharABCWidthsFloatW
GetTextExtentPoint32W
StretchDIBits
SetMapMode
CreateFontW

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
GetTokenInformation
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
LookupAccountSidW
SystemFunction036
RegisterEventSourceW
EventUnregister
EventRegister
EventWrite
RegQueryValueW
DeregisterEventSource
CryptEnumProvidersW

imm32

ImmLockIMC
ImmUnlockIMC
ImmAssociateContextEx
ImmUnlockIMCC
ImmDisableIME
ImmLockIMCC
ImmGetHotKey
ImmNotifyIME
ImmGetIMCCSize
ImmReSizeIMCC
ImmGenerateMessage
ImmCreateIMCC

msimg32

TransparentBlt
AlphaBlend
GradientFill

ws2_32

WSACleanup
WSAGetLastError
recv
send
WSASetLastError
closesocket

oleacc

LresultFromObject
AccessibleObjectFromPoint
AccessibleObjectFromEvent
AccessibleObjectFromWindow

winhttp

WinHttpReadData
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeExtension
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
NotifyIMEComMsg

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SogouPY64.ime
.dll windows:6 windows x64 arch:x64

00c656aa78a016a2a3083255ee253f17

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:9b:c3:e5:e7:2a:22:fb:60:a4:dc:3e:ed:db:b8:bf:79:1e:4a:83:f9:23:a6:a0:1d:b7:4a:2c:a5:14:f1:76
Signer

Actual PE Digest

d7:9b:c3:e5:e7:2a:22:fb:60:a4:dc:3e:ed:db:b8:bf:79:1e:4a:83:f9:23:a6:a0:1d:b7:4a:2c:a5:14:f1:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_x64\SogouPy64.pdb

Imports

kernel32

CreateFileMappingW
CreateThread
ReleaseMutex
WaitForSingleObject
GetProcAddress
DecodePointer
WaitNamedPipeW
GetSystemTimeAsFileTime
CreateFileW
WriteFile
SetNamedPipeHandleState
ReadFile
GetACP
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GlobalUnlock
TlsGetValue
DeleteCriticalSection
GlobalLock
GetCurrentThread
QueryPerformanceFrequency
LCMapStringW
QueryPerformanceCounter
SetFileAttributesW
OutputDebugStringW
OpenWaitableTimerW
SetWaitableTimer
CreateEventW
GetLocalTime
SwitchToThread
GetModuleHandleA
FindClose
FindFirstFileW
SetEvent
OpenThread
ReleaseSemaphore
GlobalFree
GlobalAlloc
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
EnterCriticalSection
TlsSetValue
GetModuleFileNameA
GlobalAddAtomW
GlobalGetAtomNameW
OpenEventW
DebugBreak
GetTickCount
ResumeThread
GetTickCount64
VirtualFreeEx
GetModuleHandleW
GetCurrentProcessId
ReadProcessMemory
VirtualAllocEx
CloseHandle
OpenProcess
GetCurrentThreadId
CreateSemaphoreW
LoadLibraryW
FreeLibrary
DeleteFileW
GetCurrentProcess
DuplicateHandle
OpenMutexW
VirtualQuery
InitializeCriticalSectionEx
CreateWaitableTimerW
SetThreadPriority
GetSystemWow64DirectoryW
AttachConsole
GetConsoleDisplayMode
FreeConsole
SetLastError
GetCurrentDirectoryW
GetSystemInfo
LocalFree
LocalAlloc
CreateMutexW
GetStartupInfoW
MoveFileExW
CopyFileW
GetSystemTime
SetFilePointer
GetTempFileNameW
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
GlobalHandle
LoadLibraryA
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapSize
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetTempPathW
GetLastError
Sleep
WideCharToMultiByte
MultiByteToWideChar
FindNextFileW
RaiseException
VirtualProtect
LoadLibraryExA
ExitThread
FormatMessageW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryDosDeviceW
RemoveDirectoryW
GetLogicalDriveStringsW
FileTimeToSystemTime
CreateDirectoryW
GetProcessId
GetFileAttributesExW
CreateProcessW
GetFileTime
GetExitCodeProcess
lstrlenW
LoadLibraryExW
TlsAlloc
TlsFree
SizeofResource
LockResource
LoadResource
FindResourceW
HeapFree
GetFullPathNameW
lstrlenA
HeapAlloc
GetProcessHeap
GetVersionExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
TerminateProcess
IsProcessorFeaturePresent
PeekNamedPipe
ExpandEnvironmentStringsW
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
OutputDebugStringA
MulDiv
ReleaseSRWLockExclusive
GetUserDefaultLangID
FormatMessageA
QueryThreadCycleTime
GetThreadPriority
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
GetThreadId
IsDebuggerPresent
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
GetNativeSystemInfo
GetProcessTimes
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ResetEvent
PostQueuedCompletionStatus
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
lstrcatW
lstrcpyW
GetEnvironmentVariableW
GlobalReAlloc
GetWindowsDirectoryA
CreateFileA
CreateFileMappingA
OpenFileMappingA
InitializeSRWLock
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
GetStringTypeW
EncodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
UnhandledExceptionFilter
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetDriveTypeW
SetEnvironmentVariableW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetModuleFileNameW

user32

GetClassNameW
FindWindowW
IsWindow
GetGUIThreadInfo
SetRectEmpty
ReleaseDC
IsIconic
SetClipboardData
EmptyClipboard
CloseClipboard
GetMonitorInfoW
OpenClipboard
MonitorFromWindow
MonitorFromRect
SetWindowPos
GetDC
MonitorFromPoint
CharNextW
LoadStringW
WindowFromPoint
wsprintfW
MsgWaitForMultipleObjectsEx
SetPropW
ReplyMessage
LoadCursorW
RegisterClassW
GetClassInfoW
RemovePropW
CreateWindowExW
DefWindowProcW
EnableWindow
EndPaint
BeginPaint
ReleaseCapture
AppendMenuW
GetClientRect
SetCursor
SetCapture
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
TrackPopupMenu
GetWindowPlacement
RegisterClassExW
CreatePopupMenu
ScreenToClient
InsertMenuItemW
CallWindowProcW
DrawTextW
SetWinEventHook
IntersectRect
SubtractRect
SetCaretPos
GetQueueStatus
wvsprintfW
FillRect
OffsetRect
DestroyIcon
GetKeyboardLayoutList
GetProcessWindowStation
GetUserObjectInformationW
RedrawWindow
GetCursor
SetWindowRgn
SetCursorPos
InflateRect
CopyRect
DialogBoxParamW
CreateDialogParamW
GetClassInfoExW
SetScrollInfo
EqualRect
IsRectEmpty
DrawIconEx
PostQuitMessage
NotifyWinEvent
SendMessageW
IsWindowVisible
GetWindowRect
GetWindow
GetWindowTextLengthW
GetWindowThreadProcessId
GetWindowLongW
GetDesktopWindow
GetTopWindow
GetKeyState
SendInput
SetWindowsHookExW
UnhookWindowsHookEx
GetForegroundWindow
GetParent
RegisterWindowMessageW
PtInRect
UnhookWinEvent
GetAncestor
GetWindowTextW
mouse_event
GetClassLongPtrW
SetClassLongPtrW
SetRect
GetMenuItemID
UpdateLayeredWindow
GetAsyncKeyState
LoadImageW
SystemParametersInfoW
EndDialog
LoadIconW
SetForegroundWindow
FindWindowExW
GetCaretPos
GetPropW
ClientToScreen
SendMessageTimeoutW
EnumWindows
DispatchMessageW
TranslateMessage
DestroyMenu
GetCursorPos
UnregisterClassW
GetMessageW
SetTimer
PeekMessageW
PostThreadMessageW
MessageBoxW
GetKeyboardState
GetWindowLongPtrW
SetWindowLongPtrW
UnregisterHotKey
RegisterHotKey
KillTimer
DestroyWindow
InvalidateRect
ShowWindow
MoveWindow
GetMessageExtraInfo
PostMessageW
GetFocus
keybd_event
CallNextHookEx
GetSystemMetrics

gdi32

GetObjectW
GetDeviceCaps
StretchBlt
BitBlt
CreateDCW
SetTextCharacterExtra
SetBkMode
SetTextColor
CreateFontIndirectW
GetFontData
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
MoveToEx
LineTo
GetStockObject
SelectClipRgn
CreatePen
CreateRectRgn
GetClipRgn
GetTextExtentExPointW
GetFontUnicodeRanges
CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GetPixel
DeleteDC
SetBkColor
DeleteObject
Rectangle
CombineRgn
OffsetRgn
ExtCreateRegion
GetCharABCWidthsFloatW
GetTextExtentPoint32W
StretchDIBits
SetMapMode
CreateFontW

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
GetTokenInformation
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
LookupAccountSidW
SystemFunction036
RegisterEventSourceW
EventUnregister
EventRegister
EventWrite
RegQueryValueW
DeregisterEventSource
CryptEnumProvidersW

imm32

ImmNotifyIME
ImmGetIMCCSize
ImmLockIMCC
ImmLockIMC
ImmUnlockIMC
ImmAssociateContextEx
ImmUnlockIMCC
ImmDisableIME
ImmGetHotKey
ImmReSizeIMCC
ImmGenerateMessage
ImmCreateIMCC

msimg32

AlphaBlend
TransparentBlt
GradientFill

oleacc

AccessibleObjectFromPoint
AccessibleObjectFromEvent
AccessibleObjectFromWindow
LresultFromObject

winhttp

WinHttpCrackUrl
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeExtension
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
NotifyIMEComMsg

Sections

.text
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/setuppage.zip
.zip
$SYSDIR/SogouPY.ime
.dll windows:6 windows x86 arch:x86

9a1abc92837bbdfedf80eccefc6a6ddf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:37:8b:b9:de:4d:5f:f6:f7:f3:69:b8:35:5f:0e:45:36:74:0c:91:69:5b:a4:2e:f7:65:69:5c:51:97:2f:4e
Signer

Actual PE Digest

0d:37:8b:b9:de:4d:5f:f6:f7:f3:69:b8:35:5f:0e:45:36:74:0c:91:69:5b:a4:2e:f7:65:69:5c:51:97:2f:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouPy.pdb

Imports

kernel32

SetEvent
CreateEventW
OpenMutexW
CreateFileMappingW
CreateThread
ReleaseMutex
WaitForSingleObject
GetProcAddress
DecodePointer
WaitNamedPipeW
GetSystemTimeAsFileTime
CreateFileW
WriteFile
SetNamedPipeHandleState
ReadFile
GetACP
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GlobalUnlock
TlsGetValue
DeleteCriticalSection
GlobalLock
GetCurrentThread
QueryPerformanceFrequency
LCMapStringW
QueryPerformanceCounter
SetFileAttributesW
ReleaseSemaphore
OpenWaitableTimerW
SetWaitableTimer
CreateWaitableTimerW
GetLocalTime
SwitchToThread
CreateSemaphoreW
LoadLibraryW
FreeLibrary
DeleteFileW
GetCurrentProcess
GlobalFree
GlobalAlloc
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
EnterCriticalSection
TlsSetValue
GetModuleFileNameA
GlobalAddAtomW
GlobalGetAtomNameW
OpenEventW
DebugBreak
GetTickCount
ResumeThread
GetTickCount64
VirtualFreeEx
GetModuleHandleW
GetCurrentProcessId
ReadProcessMemory
VirtualAllocEx
CloseHandle
OpenProcess
GetCurrentThreadId
HeapWalk
DuplicateHandle
HeapValidate
GetProcessHeaps
VirtualQuery
InitializeCriticalSectionEx
OpenThread
OutputDebugStringW
SetThreadPriority
GetSystemWow64DirectoryW
AttachConsole
GetConsoleDisplayMode
FreeConsole
SetLastError
GetCurrentDirectoryW
GetSystemInfo
LocalFree
LocalAlloc
CreateMutexW
GetStartupInfoW
MoveFileExW
CopyFileW
GetSystemTime
SetFilePointer
GetTempFileNameW
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
GlobalHandle
LoadLibraryA
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapSize
SetConsoleCtrlHandler
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetTempPathW
GetLastError
Sleep
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
RaiseException
VirtualProtect
LoadLibraryExA
ExitThread
FormatMessageW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryDosDeviceW
RemoveDirectoryW
GetLogicalDriveStringsW
FileTimeToSystemTime
CreateDirectoryW
GetProcessId
GetFileAttributesExW
CreateProcessW
GetFileTime
GetExitCodeProcess
lstrlenW
LoadLibraryExW
TlsAlloc
TlsFree
SizeofResource
LockResource
LoadResource
FindResourceW
HeapFree
GetFullPathNameW
lstrlenA
HeapAlloc
GetProcessHeap
GetVersionExW
GetWindowsDirectoryW
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TerminateProcess
IsProcessorFeaturePresent
PeekNamedPipe
ExpandEnvironmentStringsW
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
OutputDebugStringA
MulDiv
ReleaseSRWLockExclusive
GetUserDefaultLangID
FormatMessageA
QueryThreadCycleTime
GetThreadPriority
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
GetThreadId
IsDebuggerPresent
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
GetProcessTimes
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ResetEvent
PostQueuedCompletionStatus
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
lstrcatW
lstrcpyW
GlobalReAlloc
GetWindowsDirectoryA
CreateFileA
CreateFileMappingA
OpenFileMappingA
InitializeSRWLock
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
GetStringTypeW
EncodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetDriveTypeW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleFileNameW

user32

GetMenuItemID
GetWindowRect
GetWindow
GetWindowTextLengthW
GetGUIThreadInfo
SetRectEmpty
ReleaseDC
IsIconic
SetClipboardData
EmptyClipboard
CloseClipboard
GetMonitorInfoW
OpenClipboard
MonitorFromWindow
MonitorFromRect
SetWindowPos
GetDC
MonitorFromPoint
CharNextW
LoadStringW
WindowFromPoint
wsprintfW
MsgWaitForMultipleObjectsEx
SetPropW
ReplyMessage
LoadCursorW
RegisterClassW
GetClassInfoW
RemovePropW
CreateWindowExW
DefWindowProcW
EnableWindow
EndPaint
BeginPaint
ReleaseCapture
AppendMenuW
GetClientRect
SetCursor
SetCapture
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
TrackPopupMenu
GetWindowPlacement
RegisterClassExW
CreatePopupMenu
ScreenToClient
InsertMenuItemW
CallWindowProcW
DrawTextW
UpdateLayeredWindow
IntersectRect
SubtractRect
SetCaretPos
GetQueueStatus
wvsprintfW
FillRect
OffsetRect
DestroyIcon
GetKeyboardLayoutList
GetProcessWindowStation
GetUserObjectInformationW
GetClassLongW
RedrawWindow
SetClassLongW
GetCursor
SetWindowRgn
SetCursorPos
InflateRect
CopyRect
DialogBoxParamW
CreateDialogParamW
IsWindowVisible
SetScrollInfo
EqualRect
IsRectEmpty
DrawIconEx
PostQuitMessage
GetWindowThreadProcessId
GetWindowLongW
GetDesktopWindow
GetTopWindow
GetKeyState
SendInput
mouse_event
SetWindowsHookExW
UnhookWindowsHookEx
GetForegroundWindow
GetAsyncKeyState
GetSystemMetrics
CallNextHookEx
keybd_event
GetWindowTextW
GetAncestor
UnhookWinEvent
PtInRect
RegisterWindowMessageW
GetParent
SetWinEventHook
SetRect
GetClassNameW
FindWindowW
IsWindow
GetClassInfoExW
NotifyWinEvent
SendMessageW
GetFocus
LoadImageW
SystemParametersInfoW
EndDialog
LoadIconW
SetForegroundWindow
FindWindowExW
GetCaretPos
GetPropW
ClientToScreen
SendMessageTimeoutW
EnumWindows
DispatchMessageW
TranslateMessage
DestroyMenu
GetCursorPos
UnregisterClassW
GetMessageW
SetTimer
PeekMessageW
PostThreadMessageW
MessageBoxW
GetKeyboardState
SetWindowLongW
UnregisterHotKey
RegisterHotKey
KillTimer
DestroyWindow
InvalidateRect
ShowWindow
MoveWindow
GetMessageExtraInfo
PostMessageW

gdi32

GetObjectW
GetDeviceCaps
StretchBlt
BitBlt
CreateDCW
SetTextCharacterExtra
SetBkMode
SetTextColor
CreateFontIndirectW
GetFontData
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
MoveToEx
LineTo
GetStockObject
SelectClipRgn
CreatePen
CreateRectRgn
GetClipRgn
GetTextExtentExPointW
GetFontUnicodeRanges
CreateCompatibleBitmap
Rectangle
SelectObject
CreateDIBSection
CreateCompatibleDC
GetPixel
DeleteDC
SetBkColor
DeleteObject
CombineRgn
OffsetRgn
ExtCreateRegion
GetCharABCWidthsFloatW
GetTextExtentPoint32W
StretchDIBits
SetMapMode
CreateFontW

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
GetTokenInformation
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
LookupAccountSidW
SystemFunction036
RegisterEventSourceW
EventUnregister
EventRegister
EventWrite
RegQueryValueW
DeregisterEventSource
CryptEnumProvidersW

imm32

ImmLockIMC
ImmUnlockIMC
ImmAssociateContextEx
ImmUnlockIMCC
ImmDisableIME
ImmLockIMCC
ImmGetHotKey
ImmNotifyIME
ImmGetIMCCSize
ImmReSizeIMCC
ImmGenerateMessage
ImmCreateIMCC

msimg32

TransparentBlt
AlphaBlend
GradientFill

ws2_32

WSACleanup
WSAGetLastError
recv
send
WSASetLastError
closesocket

oleacc

LresultFromObject
AccessibleObjectFromPoint
AccessibleObjectFromEvent
AccessibleObjectFromWindow

winhttp

WinHttpReadData
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeExtension
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
NotifyIMEComMsg

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SogouPY.ime~
.dll windows:6 windows x86 arch:x86

9a1abc92837bbdfedf80eccefc6a6ddf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:37:8b:b9:de:4d:5f:f6:f7:f3:69:b8:35:5f:0e:45:36:74:0c:91:69:5b:a4:2e:f7:65:69:5c:51:97:2f:4e
Signer

Actual PE Digest

0d:37:8b:b9:de:4d:5f:f6:f7:f3:69:b8:35:5f:0e:45:36:74:0c:91:69:5b:a4:2e:f7:65:69:5c:51:97:2f:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouPy.pdb

Imports

kernel32

SetEvent
CreateEventW
OpenMutexW
CreateFileMappingW
CreateThread
ReleaseMutex
WaitForSingleObject
GetProcAddress
DecodePointer
WaitNamedPipeW
GetSystemTimeAsFileTime
CreateFileW
WriteFile
SetNamedPipeHandleState
ReadFile
GetACP
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GlobalUnlock
TlsGetValue
DeleteCriticalSection
GlobalLock
GetCurrentThread
QueryPerformanceFrequency
LCMapStringW
QueryPerformanceCounter
SetFileAttributesW
ReleaseSemaphore
OpenWaitableTimerW
SetWaitableTimer
CreateWaitableTimerW
GetLocalTime
SwitchToThread
CreateSemaphoreW
LoadLibraryW
FreeLibrary
DeleteFileW
GetCurrentProcess
GlobalFree
GlobalAlloc
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
EnterCriticalSection
TlsSetValue
GetModuleFileNameA
GlobalAddAtomW
GlobalGetAtomNameW
OpenEventW
DebugBreak
GetTickCount
ResumeThread
GetTickCount64
VirtualFreeEx
GetModuleHandleW
GetCurrentProcessId
ReadProcessMemory
VirtualAllocEx
CloseHandle
OpenProcess
GetCurrentThreadId
HeapWalk
DuplicateHandle
HeapValidate
GetProcessHeaps
VirtualQuery
InitializeCriticalSectionEx
OpenThread
OutputDebugStringW
SetThreadPriority
GetSystemWow64DirectoryW
AttachConsole
GetConsoleDisplayMode
FreeConsole
SetLastError
GetCurrentDirectoryW
GetSystemInfo
LocalFree
LocalAlloc
CreateMutexW
GetStartupInfoW
MoveFileExW
CopyFileW
GetSystemTime
SetFilePointer
GetTempFileNameW
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
GlobalHandle
LoadLibraryA
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapSize
SetConsoleCtrlHandler
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetTempPathW
GetLastError
Sleep
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
RaiseException
VirtualProtect
LoadLibraryExA
ExitThread
FormatMessageW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryDosDeviceW
RemoveDirectoryW
GetLogicalDriveStringsW
FileTimeToSystemTime
CreateDirectoryW
GetProcessId
GetFileAttributesExW
CreateProcessW
GetFileTime
GetExitCodeProcess
lstrlenW
LoadLibraryExW
TlsAlloc
TlsFree
SizeofResource
LockResource
LoadResource
FindResourceW
HeapFree
GetFullPathNameW
lstrlenA
HeapAlloc
GetProcessHeap
GetVersionExW
GetWindowsDirectoryW
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TerminateProcess
IsProcessorFeaturePresent
PeekNamedPipe
ExpandEnvironmentStringsW
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
OutputDebugStringA
MulDiv
ReleaseSRWLockExclusive
GetUserDefaultLangID
FormatMessageA
QueryThreadCycleTime
GetThreadPriority
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
GetThreadId
IsDebuggerPresent
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
GetProcessTimes
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ResetEvent
PostQueuedCompletionStatus
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
lstrcatW
lstrcpyW
GlobalReAlloc
GetWindowsDirectoryA
CreateFileA
CreateFileMappingA
OpenFileMappingA
InitializeSRWLock
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
GetStringTypeW
EncodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetDriveTypeW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleFileNameW

user32

GetMenuItemID
GetWindowRect
GetWindow
GetWindowTextLengthW
GetGUIThreadInfo
SetRectEmpty
ReleaseDC
IsIconic
SetClipboardData
EmptyClipboard
CloseClipboard
GetMonitorInfoW
OpenClipboard
MonitorFromWindow
MonitorFromRect
SetWindowPos
GetDC
MonitorFromPoint
CharNextW
LoadStringW
WindowFromPoint
wsprintfW
MsgWaitForMultipleObjectsEx
SetPropW
ReplyMessage
LoadCursorW
RegisterClassW
GetClassInfoW
RemovePropW
CreateWindowExW
DefWindowProcW
EnableWindow
EndPaint
BeginPaint
ReleaseCapture
AppendMenuW
GetClientRect
SetCursor
SetCapture
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
TrackPopupMenu
GetWindowPlacement
RegisterClassExW
CreatePopupMenu
ScreenToClient
InsertMenuItemW
CallWindowProcW
DrawTextW
UpdateLayeredWindow
IntersectRect
SubtractRect
SetCaretPos
GetQueueStatus
wvsprintfW
FillRect
OffsetRect
DestroyIcon
GetKeyboardLayoutList
GetProcessWindowStation
GetUserObjectInformationW
GetClassLongW
RedrawWindow
SetClassLongW
GetCursor
SetWindowRgn
SetCursorPos
InflateRect
CopyRect
DialogBoxParamW
CreateDialogParamW
IsWindowVisible
SetScrollInfo
EqualRect
IsRectEmpty
DrawIconEx
PostQuitMessage
GetWindowThreadProcessId
GetWindowLongW
GetDesktopWindow
GetTopWindow
GetKeyState
SendInput
mouse_event
SetWindowsHookExW
UnhookWindowsHookEx
GetForegroundWindow
GetAsyncKeyState
GetSystemMetrics
CallNextHookEx
keybd_event
GetWindowTextW
GetAncestor
UnhookWinEvent
PtInRect
RegisterWindowMessageW
GetParent
SetWinEventHook
SetRect
GetClassNameW
FindWindowW
IsWindow
GetClassInfoExW
NotifyWinEvent
SendMessageW
GetFocus
LoadImageW
SystemParametersInfoW
EndDialog
LoadIconW
SetForegroundWindow
FindWindowExW
GetCaretPos
GetPropW
ClientToScreen
SendMessageTimeoutW
EnumWindows
DispatchMessageW
TranslateMessage
DestroyMenu
GetCursorPos
UnregisterClassW
GetMessageW
SetTimer
PeekMessageW
PostThreadMessageW
MessageBoxW
GetKeyboardState
SetWindowLongW
UnregisterHotKey
RegisterHotKey
KillTimer
DestroyWindow
InvalidateRect
ShowWindow
MoveWindow
GetMessageExtraInfo
PostMessageW

gdi32

GetObjectW
GetDeviceCaps
StretchBlt
BitBlt
CreateDCW
SetTextCharacterExtra
SetBkMode
SetTextColor
CreateFontIndirectW
GetFontData
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
MoveToEx
LineTo
GetStockObject
SelectClipRgn
CreatePen
CreateRectRgn
GetClipRgn
GetTextExtentExPointW
GetFontUnicodeRanges
CreateCompatibleBitmap
Rectangle
SelectObject
CreateDIBSection
CreateCompatibleDC
GetPixel
DeleteDC
SetBkColor
DeleteObject
CombineRgn
OffsetRgn
ExtCreateRegion
GetCharABCWidthsFloatW
GetTextExtentPoint32W
StretchDIBits
SetMapMode
CreateFontW

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
GetTokenInformation
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
LookupAccountSidW
SystemFunction036
RegisterEventSourceW
EventUnregister
EventRegister
EventWrite
RegQueryValueW
DeregisterEventSource
CryptEnumProvidersW

imm32

ImmLockIMC
ImmUnlockIMC
ImmAssociateContextEx
ImmUnlockIMCC
ImmDisableIME
ImmLockIMCC
ImmGetHotKey
ImmNotifyIME
ImmGetIMCCSize
ImmReSizeIMCC
ImmGenerateMessage
ImmCreateIMCC

msimg32

TransparentBlt
AlphaBlend
GradientFill

ws2_32

WSACleanup
WSAGetLastError
recv
send
WSASetLastError
closesocket

oleacc

LresultFromObject
AccessibleObjectFromPoint
AccessibleObjectFromEvent
AccessibleObjectFromWindow

winhttp

WinHttpReadData
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeExtension
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
NotifyIMEComMsg

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/HWSignature.dll
.dll windows:6 windows x86 arch:x86

cdd42c264bacf432f4003380d6c8ce27

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6
Signer

Actual PE Digest

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\HWSignature.pdb

Imports

ws2_32

WSAStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

EnterCriticalSection
CreateFileW
DecodePointer
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
DeviceIoControl
lstrcatA
CopyFileA
CreateFileA
GetSystemDirectoryA
CloseHandle
HeapAlloc
GetProcessHeap
lstrcpyA
lstrlenA
GlobalAlloc
LocalAlloc
GetLastError
LoadLibraryA
GetVersionExA
GetProcAddress
LocalFree
FreeLibrary
HeapReAlloc
SetLastError
GlobalFree
GetTickCount
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
WriteConsoleW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize

user32

IsCharAlphaNumericA
wsprintfA

Exports

Exports

DLLGenHWID
GenHWID
GetDllVersionA

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
14.8.0.9884/HWSignature.dll
.dll windows:6 windows x86 arch:x86

cdd42c264bacf432f4003380d6c8ce27

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6
Signer

Actual PE Digest

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\HWSignature.pdb

Imports

ws2_32

WSAStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

EnterCriticalSection
CreateFileW
DecodePointer
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
DeviceIoControl
lstrcatA
CopyFileA
CreateFileA
GetSystemDirectoryA
CloseHandle
HeapAlloc
GetProcessHeap
lstrcpyA
lstrlenA
GlobalAlloc
LocalAlloc
GetLastError
LoadLibraryA
GetVersionExA
GetProcAddress
LocalFree
FreeLibrary
HeapReAlloc
SetLastError
GlobalFree
GetTickCount
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
WriteConsoleW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize

user32

IsCharAlphaNumericA
wsprintfA

Exports

Exports

DLLGenHWID
GenHWID
GetDllVersionA

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
14.8.0.9884/ImageMagik.dll
.dll windows:6 windows x86 arch:x86

f204f2299a0324f196a8576faef59e72

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:ab:59:bb:f3:13:fc:85:33:e2:9c:a6:b7:5d:4c:d1:84:0c:a2:7d:67:cc:d8:6a:a1:17:d2:68:42:62:57:e3
Signer

Actual PE Digest

59:ab:59:bb:f3:13:fc:85:33:e2:9c:a6:b7:5d:4c:d1:84:0c:a2:7d:67:cc:d8:6a:a1:17:d2:68:42:62:57:e3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\data\landun\workspace\p-a6b81373d56245738becf19644b9638b\src\third_party_build\imagemagick\tmp\x86\RelWithDebInfo\ImageMagik.pdb

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetExitCodeProcess
GetSystemTimeAsFileTime
GetConsoleOutputCP
LoadLibraryA
MultiByteToWideChar
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
ReadFile
WriteFile
PeekNamedPipe
SetEvent
ResetEvent
ReadConsoleInputA
DeviceIoControl
DuplicateHandle
GetConsoleWindow
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventW
WaitForMultipleObjects
GetExitCodeThread
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateMutexA
GetCurrentThreadId
ExitProcess
MoveFileExW
GetFileInformationByHandle
AttachConsole
GetThreadLocale
GetLocaleInfoA
WideCharToMultiByte
GetModuleHandleW
FreeLibrary
GetVersion
CreateProcessA
CreateEventA
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetShortPathNameW
GetCommandLineW
GetStdHandle
GetFileAttributesW
GetCurrentDirectoryW
TerminateProcess
GetSystemInfo
SetConsoleMode
GetConsoleMode
GetFileInformationByHandleEx
IsDebuggerPresent
GetFileType
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetProcessAffinityMask
GetNativeSystemInfo
GetCurrentProcess
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CloseHandle
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AllocConsole
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
RaiseException
GetComputerNameW
GetModuleHandleA
GetModuleFileNameW
VirtualQuery
GetWindowsDirectoryW
GetSystemDirectoryW
DebugBreak
LoadLibraryW
GetProcAddress
FormatMessageW
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateFileW
LocalFree
GetCurrentProcessId
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetLastError
PeekConsoleInputA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EncodePointer
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetEndOfFile
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesExW
SetFileAttributesW
FlushFileBuffers
SetFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetConsoleCP
CreatePipe
CreateProcessW
GetFullPathNameW
FindClose
FindFirstFileExW
FindNextFileW
SetFilePointerEx
ReadConsoleW
HeapFree
HeapAlloc
HeapReAlloc
DecodePointer
GetFileSizeEx
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
GetStringTypeW
GetNumberOfConsoleInputEvents
ReadConsoleInputW
GetOEMCP
GetCommandLineA
GetProcessHeap
OutputDebugStringW
HeapSize
WriteConsoleW
GetTickCount
GetDiskFreeSpaceExW
GetVolumeInformationW
GetVolumePathNameW
GetModuleHandleExA
GetLogicalDrives
GetSystemDirectoryA
GetLongPathNameW
ReadDirectoryChangesW
GetDriveTypeA
GetFileSize

user32

PeekMessageA
MessageBoxA
FillRect
IsWindow
MsgWaitForMultipleObjectsEx
ReleaseDC
GetDC
SystemParametersInfoA
PostMessageA
LoadStringW

gdi32

Polyline
StretchDIBits
CreateSolidBrush
GetDeviceCaps
GdiFlush
CreateDIBSection
GetWorldTransform
Rectangle
SelectClipRgn
IntersectClipRect
GetClipRgn
GetClipBox
ExtCreateRegion
CreateRectRgn
CreateCompatibleBitmap
BitBlt
ExtTextOutW
GetObjectW
ModifyWorldTransform
SetWorldTransform
GetTextMetricsA
SetTextAlign
SetTextColor
SetMapMode
SetGraphicsMode
SetBkMode
SelectObject
SaveDC
RestoreDC
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsA
GetGlyphOutlineW
GetFontData
GetCharWidth32A
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetStockObject
GetGlyphOutlineA
CreatePen
CreateDCA
EnumFontFamiliesExW
ExtSelectClipRgn
GetGraphicsMode
CreateFontIndirectA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
CommandLineToArgvW

ole32

CoTaskMemFree

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
LookupAccountSidW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
GetFileSecurityW
GetSecurityDescriptorOwner
RegLoadMUIStringW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
GetUserNameW
BuildExplicitAccessWithNameW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup

ws2_32

ioctlsocket
closesocket
WSAStartup
getsockopt
recv
send
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSASetEvent
getservbyport
getservbyname
inet_pton
inet_ntop
htonl
htons
inet_addr
inet_ntoa
ntohs
gethostbyaddr
gethostbyname
WSASetLastError

dnsapi

DnsFree
DnsQuery_A

iphlpapi

NotifyRouteChange2
CancelMibChangeNotify2
GetIpForwardTable2

Exports

Exports

ImageMagickEx_FreePNGBuffer
ImageMagickEx_SVGToPNGBuffer
ImageMagickEx_SVGToPNGBufferByDpi

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
14.8.0.9884/SetupUi.cupf
SogouExe/HWSignatureEx.dll
.dll windows:6 windows x86 arch:x86

cdd42c264bacf432f4003380d6c8ce27

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6
Signer

Actual PE Digest

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\HWSignature.pdb

Imports

ws2_32

WSAStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

EnterCriticalSection
CreateFileW
DecodePointer
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
DeviceIoControl
lstrcatA
CopyFileA
CreateFileA
GetSystemDirectoryA
CloseHandle
HeapAlloc
GetProcessHeap
lstrcpyA
lstrlenA
GlobalAlloc
LocalAlloc
GetLastError
LoadLibraryA
GetVersionExA
GetProcAddress
LocalFree
FreeLibrary
HeapReAlloc
SetLastError
GlobalFree
GetTickCount
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
WriteConsoleW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize

user32

IsCharAlphaNumericA
wsprintfA

Exports

Exports

DLLGenHWID
GenHWID
GetDllVersionA

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: sogou

Password: sogou

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 133KB - Virtual size: 132KB

Password: sogou

163fdad7b5f915e3a0ca7ad1d08b4ff8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

wininet

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

Password: sogou

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

03:cf:8d:b1:67:fd:57:f4:65:79:a7:31:c0:1c:4f:39:02:9f:88:03:1b:82:ae:4a:f9:2c:47:b3:6d:29:13:2eSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.7MB

UPX1 Size: 23KB - Virtual size: 24KB

.rsrc Size: 133KB - Virtual size: 136KB

Password: sogou

cdd42c264bacf432f4003380d6c8ce27

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 133KB - Virtual size: 132KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

03:cf:8d:b1:67:fd:57:f4:65:79:a7:31:c0:1c:4f:39:02:9f:88:03:1b:82:ae:4a:f9:2c:47:b3:6d:29:13:2e
Signer

UPX0
Size: - Virtual size: 2.7MB

UPX1
Size: 23KB - Virtual size: 24KB

.rsrc
Size: 133KB - Virtual size: 136KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cc:a9:56:b8:ae:6e:3d:d0:d3:95:67:30:79:c3:26:6a:ed:02:dc:34:b5:ee:a9:95:6c:47:bd:c2:c6:d0:c0:c6
Signer

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

59:ab:59:bb:f3:13:fc:85:33:e2:9c:a6:b7:5d:4c:d1:84:0c:a2:7d:67:cc:d8:6a:a1:17:d2:68:42:62:57:e3
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 14KB - Virtual size: 30KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: 1KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 138KB - Virtual size: 138KB