dialog
initDialog
show
Overview
overview
7Static
static
32a1afd16e2...18.exe
windows7-x64
32a1afd16e2...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...it.exe
windows7-x64
3$PLUGINSDI...it.exe
windows10-2004-x64
3AddIn/ASBarBroker.exe
windows7-x64
3AddIn/ASBarBroker.exe
windows10-2004-x64
3AddIn/QvodAddr.dll
windows7-x64
6AddIn/QvodAddr.dll
windows10-2004-x64
6Baidu-Tool...cb.exe
windows7-x64
3Baidu-Tool...cb.exe
windows10-2004-x64
3$PROGRAM_F...rX.dll
windows7-x64
7$PROGRAM_F...rX.dll
windows10-2004-x64
7QvodInit.exe
windows7-x64
3QvodInit.exe
windows10-2004-x64
3QvodPlayer.exe
windows7-x64
6QvodPlayer.exe
windows10-2004-x64
6QvodTerminal.exe
windows7-x64
3QvodTerminal.exe
windows10-2004-x64
3kugou_2382.exe
windows7-x64
3kugou_2382.exe
windows10-2004-x64
3Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
2a1afd16e2281b15b9d8c4913e8744d9_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2a1afd16e2281b15b9d8c4913e8744d9_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/QvodInit.exe
Resource
win7-20240729-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/QvodInit.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
AddIn/ASBarBroker.exe
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
AddIn/ASBarBroker.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
AddIn/QvodAddr.dll
Resource
win7-20240729-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral12
Sample
AddIn/QvodAddr.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral13
Sample
Baidu-Toolbar-utf8kb_cb.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral14
Sample
Baidu-Toolbar-utf8kb_cb.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral15
Sample
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
Resource
win7-20240903-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral16
Sample
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
8 signatures
150 seconds
Behavioral task
behavioral17
Sample
QvodInit.exe
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral18
Sample
QvodInit.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral19
Sample
QvodPlayer.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
QvodPlayer.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
QvodTerminal.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral22
Sample
QvodTerminal.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral23
Sample
kugou_2382.exe
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral24
Sample
kugou_2382.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2a1afd16e2281b15b9d8c4913e8744d9_JaffaCakes118
-
Size
3.3MB
-
MD5
2a1afd16e2281b15b9d8c4913e8744d9
-
SHA1
fc1d7f2cd5f4f6982c476aff071496bada3de6d4
-
SHA256
b8899cfeca1be9fc77ccfffb67e7fcf75ea8c554014cec9bfabfa8597a96e52e
-
SHA512
9788875648a71a99078474239fe75b061ca2fadecfd02dac656213eddee00f5a5ca189aac8b37fe7f45c55321794aa892cfe579e85b350dbceb996b6216f46a0
-
SSDEEP
49152:iwxoTuoL602pzgj9+HxWez9Lk8bnWp8h+JJ5PpvTkKbCjp4yEt3uwODFi+Lt6lsy:iwPmD2efkpJOzp12jpHK3WDbYls7/2/R
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource 2a1afd16e2281b15b9d8c4913e8744d9_JaffaCakes118 unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/$PLUGINSDIR/LangDLL.dll unpack001/kugou_2382.exe -
NSIS installer 3 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2 static1/unpack001/Baidu-Toolbar-utf8kb_cb.exe nsis_installer_1
Files
-
2a1afd16e2281b15b9d8c4913e8744d9_JaffaCakes118.exe windows:4 windows x86 arch:x86
099c0646ea7282d232219f8807883be0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
b1cd0d78f652ce5fc63f0879371af012
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
user32
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
gdi32
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
shell32
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 1012B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/LangDLL.dll.dll windows:4 windows x86 arch:x86
d23fbd09100caad5e10f17163f511668
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GetACP
user32
SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC
gdi32
CreateFontIndirectA
GetDeviceCaps
DeleteObject
Exports
Exports
LangDialog
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 697B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 290B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/QvodInit.exe.exe windows:4 windows x86 arch:x86
0b2a31acea7c8272b8d6e27bd03aa847
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
41:b2:ee:29:f1:9e:a1:8c:3b:4b:85:7d:11:5f:f6:20:7a:73:33:c9Signer
Actual PE Digest41:b2:ee:29:f1:9e:a1:8c:3b:4b:85:7d:11:5f:f6:20:7a:73:33:c9Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateProcessA
GetTickCount
MoveFileA
DeleteFileA
GetFileAttributesA
GetModuleHandleA
TerminateProcess
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
SetSystemTime
GetSystemTime
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
CreateToolhelp32Snapshot
Process32First
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetTempFileNameA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
user32
FindWindowA
PostMessageA
advapi32
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService
shell32
SHChangeNotify
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
psapi
EnumProcessModules
GetModuleFileNameExA
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/kugou_logo.bmp
-
$PLUGINSDIR/left.bmp
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/plugs.ini
-
$PLUGINSDIR/qvod1.ini
-
$PLUGINSDIR/sobar.bmp
-
AddIn/ASBarBroker.exe.exe windows:4 windows x86 arch:x86
8cb73f23fc4ffce04345bba981c347fe
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before31/07/2009, 00:00Not After30/07/2012, 23:59SubjectCN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
psapi
GetModuleFileNameExW
kernel32
OutputDebugStringW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
GetProcAddress
LoadLibraryW
GetLongPathNameW
GetCurrentThreadId
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
DebugBreak
GetShortPathNameW
OpenProcess
CreateFileW
DeviceIoControl
GetVersionExW
GlobalFree
GlobalAlloc
GetCurrentProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
lstrlenA
InterlockedIncrement
GetModuleFileNameW
CreateEventW
CreateThread
SetEvent
lstrcmpiW
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
WaitForSingleObject
CloseHandle
VirtualAllocEx
GetConsoleCP
SetFilePointer
LoadLibraryA
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetVersionExA
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcessHeap
GetStartupInfoW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
user32
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
CharNextW
PostThreadMessageW
UnregisterClassA
CharLowerBuffW
advapi32
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
shell32
ShellExecuteExW
SHGetFolderPathW
ole32
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
oleaut32
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
SysFreeString
VarUI4FromStr
shlwapi
PathFileExistsW
StrCmpNIW
SHGetValueW
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
AddIn/QvodAddr.dll.dll regsvr32 windows:4 windows x86 arch:x86
c6079cff13dd538f8c2b93227d9d6d6c
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before31/07/2009, 00:00Not After30/07/2012, 23:59SubjectCN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\cygwin\home\scmpf\compiler_src\pupeng_213326_win32\app\gensoft\bar\address-search\Res\Chinese\Baidudg\AddressBar.pdb
Imports
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
ws2_32
gethostname
WSAStartup
gethostbyname
inet_ntoa
WSACleanup
shlwapi
StrDupW
PathRemoveFileSpecW
StrCmpNW
UrlCanonicalizeW
UrlUnescapeA
StrCmpIW
PathRemoveFileSpecA
PathIsDirectoryA
SHDeleteValueW
PathFileExistsW
StrStrIW
SHGetValueW
StrCpyNW
SHDeleteKeyW
SHSetValueW
dbghelp
ImageDirectoryEntryToData
winmm
timeGetTime
iphlpapi
GetAdaptersInfo
GetNetworkParams
wininet
InternetConnectA
InternetConnectW
HttpOpenRequestA
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackA
InternetSetStatusCallbackW
HttpSendRequestW
InternetOpenW
InternetQueryOptionW
DeleteUrlCacheEntryW
InternetGetCookieW
InternetCrackUrlW
InternetOpenUrlW
InternetSetOptionW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
GetUrlCacheEntryInfoW
rpcrt4
UuidCreate
setupapi
SetupIterateCabinetW
imm32
ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmGetCompositionWindow
kernel32
GetConsoleCP
GetModuleFileNameA
GetConsoleMode
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
InterlockedIncrement
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
lstrlenA
DebugBreak
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DisableThreadLibraryCalls
LocalFree
CloseHandle
ResumeThread
SetThreadPriority
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetACP
GetCurrentThreadId
WideCharToMultiByte
GetTickCount
GlobalUnlock
GlobalLock
CreateFileW
DeviceIoControl
GetVersionExW
FlushInstructionCache
GetCurrentProcess
lstrcmpW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
MoveFileExW
CreateDirectoryW
GetCurrentDirectoryA
GetSystemDirectoryW
GetLongPathNameW
TerminateThread
CopyFileW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
TryEnterCriticalSection
GetLocalTime
CompareStringW
GetWindowsDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
WriteFile
GetTempFileNameW
GetTempPathW
LockResource
GlobalFree
GlobalAlloc
SetErrorMode
GetFileSize
FileTimeToSystemTime
GetShortPathNameW
lstrcatW
lstrcpyW
WritePrivateProfileStringW
FindNextFileW
FindClose
FindFirstFileW
FreeResource
WriteProcessMemory
ReadProcessMemory
VirtualProtect
VirtualQuery
lstrcmpiA
GetFileInformationByHandle
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
LocalAlloc
GetProcessHeap
GlobalReAlloc
GetFileAttributesA
DeleteFileA
AreFileApisANSI
CreateFileA
GetTempPathA
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
SetCurrentDirectoryA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
CreateThread
FileTimeToLocalFileTime
GetDriveTypeW
GetDriveTypeA
GetEnvironmentStrings
FindFirstFileA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThread
HeapDestroy
HeapCreate
FatalAppExitA
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
SetStdHandle
ExitThread
IsDebuggerPresent
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
UnhandledExceptionFilter
RemoveDirectoryW
SetUnhandledExceptionFilter
user32
GetCapture
CreateIconFromResourceEx
CharLowerBuffW
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
GetClassLongW
KillTimer
SetTimer
wsprintfW
RemovePropW
SetPropW
GetPropW
OffsetRect
SetCursor
IsWindowEnabled
GetWindowDC
ScreenToClient
MoveWindow
GetWindowTextLengthW
SetFocus
GetWindow
MapWindowPoints
SetWindowPos
GetDlgItem
EndDialog
MessageBoxW
CharLowerW
FindWindowW
SetWindowTextW
GetActiveWindow
DialogBoxParamW
FindWindowExW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgCtrlID
IsWindowVisible
EnumChildWindows
GetKeyState
GetClassNameW
GetParent
GetWindowThreadProcessId
WindowFromPoint
GetWindowRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
PtInRect
LoadCursorW
IsWindow
ShowWindow
PostMessageW
UpdateWindow
SetRectEmpty
CreateDialogParamW
BeginPaint
EndPaint
RegisterWindowMessageW
InvalidateRect
FillRect
GetClientRect
SystemParametersInfoW
GetWindowTextW
ReleaseDC
GetDC
GetFocus
CharLowerBuffA
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcW
GetWindowLongW
SetWindowLongW
CharNextW
LoadIconW
GetSysColor
DrawFocusRect
LoadStringW
InflateRect
CopyRect
DrawTextW
SendMessageW
DrawIconEx
SetScrollPos
ReleaseCapture
UpdateLayeredWindow
SetRect
GetSystemMetrics
RegisterClassW
SetCapture
DestroyIcon
GetScrollInfo
SetScrollInfo
ShowScrollBar
PeekMessageW
GetDesktopWindow
CharUpperBuffW
CharUpperW
MonitorFromRect
GetMonitorInfoW
GetCursorPos
LoadImageW
UnregisterClassA
CallWindowProcW
gdi32
GetTextExtentPoint32W
CreateFontIndirectW
DeleteDC
SelectObject
TextOutW
DeleteObject
ExtCreateRegion
CombineRgn
SetStretchBltMode
StretchBlt
GetDIBits
SetTextColor
SetBkMode
SetBkColor
GetPixel
ExtTextOutW
GetTextExtentPointW
BitBlt
CreateCompatibleDC
CreateDIBSection
CreateFontW
GetStockObject
GetCurrentObject
MoveToEx
CreateCompatibleBitmap
LineTo
CreatePen
GetObjectW
CreateSolidBrush
advapi32
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
RegOpenKeyW
RegEnumKeyExA
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
CryptDestroyKey
RegQueryValueExW
RegCreateKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
shell32
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
ExtractIconW
SHGetSpecialFolderPathW
DragQueryFileA
ord85
ole32
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject
RevokeDragDrop
CoInitialize
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
oleaut32
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantInit
SysFreeString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantCopy
SysStringLen
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
msimg32
AlphaBlend
urlmon
CoInternetGetSession
Exports
Exports
DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RemoveOldVersion
RunOnceUpdate
SVCUninstall
UpdateASBar
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12
Sections
.text Size: 872KB - Virtual size: 872KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 155KB - Virtual size: 154KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 27KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AddIn/conf.xml.xml
-
Baidu-Toolbar-utf8kb_cb.exe.exe windows:4 windows x86 arch:x86
73b73e00f465fa1a2a3bf6377a40219b
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before31/07/2009, 00:00Not After30/07/2012, 23:59SubjectCN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA
user32
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 32KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll.dll regsvr32 windows:4 windows x86 arch:x86
78760b90e51e152ef6c8a33a5e909edc
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before31/07/2009, 00:00Not After30/07/2012, 23:59SubjectCN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\cygwin\home\scmpf\compiler_src\zhonghua_169623_win32\app\gensoft\bar\toolbar\chinese_unicode_release\BaiduBarX.pdb
Imports
setupapi
SetupIterateCabinetW
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
imm32
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
shlwapi
PathFindFileNameW
SHDeleteKeyW
SHSetValueW
SHGetValueW
PathRemoveExtensionW
PathFileExistsW
SHDeleteValueW
UrlCombineW
StrCpyW
PathIsDirectoryA
PathRemoveFileSpecA
StrCmpIW
StrStrIW
UrlUnescapeA
StrRetToStrW
StrRetToStrA
UrlEscapeW
UrlCanonicalizeW
SHCopyKeyW
UrlUnescapeW
PathIsDirectoryW
PathRemoveFileSpecW
wininet
InternetQueryDataAvailable
InternetQueryOptionW
InternetCrackUrlW
FindFirstUrlCacheGroup
DeleteUrlCacheGroup
FindNextUrlCacheGroup
FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetOpenUrlW
InternetGetCookieW
HttpSendRequestExW
HttpEndRequestW
InternetGetConnectedState
InternetOpenA
InternetSetCookieW
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
DeleteUrlCacheEntryW
HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
GetUrlCacheEntryInfoW
InternetCanonicalizeUrlW
InternetSetOptionA
urlmon
URLDownloadToFileW
CoInternetGetSession
rpcrt4
UuidCreate
iphlpapi
GetNetworkParams
GetAdaptersInfo
ws2_32
gethostbyname
gethostname
kernel32
VirtualAlloc
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
lstrlenW
lstrlenA
DebugBreak
OutputDebugStringW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
InterlockedIncrement
CreateProcessW
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
CreateFileW
CloseHandle
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceW
LocalFree
FreeLibrary
lstrcmpiW
TryEnterCriticalSection
LoadLibraryExW
MultiByteToWideChar
DisableThreadLibraryCalls
ReleaseMutex
DeleteFileW
GetTempFileNameW
WaitForSingleObject
GetSystemTimeAsFileTime
CreateThread
GetVersionExW
LoadLibraryA
CopyFileW
DeviceIoControl
GetSystemDirectoryW
ResumeThread
SetThreadPriority
GetPrivateProfileStringW
GetTickCount
GetACP
CompareStringW
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalAlloc
FindClose
FindNextFileW
FindFirstFileW
TerminateThread
GetExitCodeThread
OpenMutexW
GetFullPathNameW
GlobalFree
MulDiv
RemoveDirectoryW
Sleep
ReadFile
GetFileSize
Thread32Next
SuspendThread
OpenThread
Thread32First
VirtualFree
UnmapViewOfFile
SetUnhandledExceptionFilter
MapViewOfFile
CreateFileMappingW
TerminateProcess
OpenProcess
SwitchToThread
GetCommandLineW
ExpandEnvironmentStringsW
GetPrivateProfileIntW
WritePrivateProfileStringW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFileAttributesW
lstrcmpW
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
GlobalSize
MoveFileExW
SetErrorMode
GetShortPathNameW
InterlockedExchange
Process32NextW
Process32FirstW
ReadProcessMemory
SetFilePointer
lstrcatW
lstrcpyW
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetFileAttributesA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThread
GetStdHandle
GetModuleFileNameA
FatalAppExitA
HeapDestroy
HeapCreate
HeapSize
ExitProcess
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
GetFullPathNameA
CompareStringA
IsProcessorFeaturePresent
InterlockedCompareExchange
CreateToolhelp32Snapshot
GetVersionExA
SetEnvironmentVariableA
CreateMutexW
user32
GetSysColorBrush
SetScrollPos
SetScrollInfo
GetScrollInfo
SetWindowRgn
GetMenuItemRect
RemovePropW
GetPropW
SetPropW
GetForegroundWindow
SetWindowLongA
IsWindowUnicode
GetWindowLongA
SetMenuItemInfoW
DrawStateW
TrackPopupMenuEx
ModifyMenuW
MessageBeep
FrameRect
GetMessagePos
GetSystemMetrics
LoadBitmapW
PeekMessageW
GetSubMenu
MonitorFromRect
CharLowerBuffA
AttachThreadInput
SetForegroundWindow
WaitForInputIdle
CreateIconFromResourceEx
CharNextA
EqualRect
SetActiveWindow
SetClassLongW
ScrollWindow
EmptyClipboard
SetClipboardData
CloseClipboard
CharUpperW
CreateMenu
InsertMenuW
TrackPopupMenu
MonitorFromPoint
RemoveMenu
AppendMenuW
CreatePopupMenu
CopyRect
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetCapture
ReleaseCapture
GetSysColor
SetCursor
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
DrawFocusRect
SetRectEmpty
InsertMenuItemW
EnableWindow
RedrawWindow
GetWindowTextLengthW
DrawTextW
DestroyIcon
FindWindowW
CharLowerBuffW
ScreenToClient
AdjustWindowRectEx
GetCursorPos
GetWindowThreadProcessId
GetGUIThreadInfo
GetClassNameW
PtInRect
MessageBoxW
MoveWindow
FillRect
GetFocus
ReleaseDC
TranslateMessage
DispatchMessageW
InvalidateRect
GetWindowTextW
GetActiveWindow
LoadIconW
IsWindowVisible
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SendMessageW
DialogBoxParamW
DestroyMenu
IsMenu
GetKeyState
CharLowerW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
LoadCursorW
KillTimer
GetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
SetRect
CharUpperBuffW
DrawIconEx
GetMessageW
IsIconic
PostThreadMessageW
FindWindowExW
GetClassLongW
GetClassLongA
CallWindowProcA
UnregisterClassA
EnumChildWindows
WindowFromPoint
InflateRect
SendMessageA
GetUpdateRect
ClientToScreen
DeleteMenu
GetTopWindow
MenuItemFromPoint
GetMenuItemID
RegisterWindowMessageW
IsRectEmpty
GetDlgItemTextW
AdjustWindowRect
GetWindowDC
CreateDialogParamW
SetDlgItemTextW
SetTimer
PostMessageW
CharNextW
EndPaint
BeginPaint
DefWindowProcW
LoadStringW
SetWindowPos
IsWindow
GetDlgItem
ShowWindow
GetDC
SetWindowTextW
GetWindowLongW
SetWindowLongW
CallWindowProcW
EndDialog
EnumWindows
IsChild
IsDialogMessageW
LoadImageW
OffsetRect
OpenClipboard
GetMonitorInfoW
gdi32
PatBlt
GetTextColor
Rectangle
CreateRoundRectRgn
GetObjectW
CreatePen
LineTo
MoveToEx
SelectObject
CreateRectRgn
CreateBitmap
ExcludeClipRect
GetDeviceCaps
DPtoLP
BitBlt
GetClipBox
CreateCompatibleBitmap
SetViewportOrgEx
CreateCompatibleDC
ExtTextOutW
RestoreDC
SaveDC
GetCurrentObject
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
FillRgn
TextOutW
GetPixel
SetTextColor
DeleteDC
SetBkMode
SetBkColor
GetStockObject
DeleteObject
advapi32
SetTokenInformation
GetSecurityDescriptorSacl
SetSecurityInfo
EqualSid
GetUserNameW
RegSetKeySecurity
RegEnumKeyW
AllocateAndInitializeSid
InitializeAcl
AddAce
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
CreateProcessAsUserW
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
RegOpenKeyW
RegCreateKeyW
CopySid
GetTokenInformation
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
shell32
ShellExecuteW
ExtractIconW
DuplicateIcon
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetMalloc
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
DragQueryFileA
ole32
OleInitialize
OleUninitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
OleDraw
RegisterDragDrop
CLSIDFromProgID
RevokeDragDrop
CoCreateGuid
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
ReleaseStgMedium
oleaut32
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocStringLen
VarBstrCmp
VariantCopy
VarBstrCat
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
LoadRegTypeLi
SetErrorInfo
SysStringLen
VariantChangeType
GetErrorInfo
CreateErrorInfo
msimg32
AlphaBlend
Exports
Exports
ClearDefSearch
ClearHomePage
CloseIEUpdate
DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
RunOnceRemove
RunOnceUpdate
SVCUninstall
SetDefSearch
SetHomePageToBaidu
Uninstall
UpdateBaiduToolbar
UpdateBaiduToolbarWithUI
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 276KB - Virtual size: 275KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.Shared Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 622KB - Virtual size: 621KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
QvodInit.exe.exe windows:4 windows x86 arch:x86
0b2a31acea7c8272b8d6e27bd03aa847
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
41:b2:ee:29:f1:9e:a1:8c:3b:4b:85:7d:11:5f:f6:20:7a:73:33:c9Signer
Actual PE Digest41:b2:ee:29:f1:9e:a1:8c:3b:4b:85:7d:11:5f:f6:20:7a:73:33:c9Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateProcessA
GetTickCount
MoveFileA
DeleteFileA
GetFileAttributesA
GetModuleHandleA
TerminateProcess
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
SetSystemTime
GetSystemTime
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
CreateToolhelp32Snapshot
Process32First
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetTempFileNameA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
user32
FindWindowA
PostMessageA
advapi32
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService
shell32
SHChangeNotify
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
psapi
EnumProcessModules
GetModuleFileNameExA
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
QvodPlayer.exe.exe windows:4 windows x86 arch:x86
fbaaa8fb1dee2a4bfa547dd01236945d
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
fc:3c:f1:a6:b4:30:40:38:47:9d:f3:a3:f4:7f:0a:fd:67:f4:82:28Signer
Actual PE Digestfc:3c:f1:a6:b4:30:40:38:47:9d:f3:a3:f4:7f:0a:fd:67:f4:82:28Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindFirstChangeNotificationW
GlobalSize
CreateProcessW
OpenSemaphoreW
GetDiskFreeSpaceExW
SystemTimeToTzSpecificLocalTime
RemoveDirectoryW
FileTimeToSystemTime
GetWindowsDirectoryA
MoveFileW
GetLongPathNameW
GetTickCount
GetTempPathW
CreateMutexW
OpenMutexW
HeapDestroy
LocalFree
SetEnvironmentVariableA
GetOEMCP
GetACP
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
SetEndOfFile
GetStartupInfoA
GetStdHandle
SetHandleCount
SetStdHandle
FindNextChangeNotification
CompareStringA
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
UnhandledExceptionFilter
HeapSize
TerminateProcess
WriteFile
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
SetLastError
TlsAlloc
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
CreateFileA
GetFileType
GetFileAttributesA
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetTimeZoneInformation
RtlUnwind
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
FindCloseChangeNotification
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleHandleW
GetDriveTypeW
GetVolumeInformationW
lstrcatW
SetSystemPowerState
SetThreadExecutionState
lstrcpynA
lstrcpynW
SetEnvironmentVariableW
GetSystemDirectoryW
CopyFileW
GetSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
DeviceIoControl
GetProcessHeap
HeapAlloc
HeapFree
lstrcpyW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
WaitForSingleObject
ResetEvent
Sleep
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
FindNextFileW
FindClose
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
GetLocalTime
DeleteFileW
InterlockedIncrement
GetUserDefaultLangID
lstrlenW
InterlockedDecrement
GetProcAddress
GetVersionExW
FreeLibrary
LoadLibraryW
CompareStringW
RaiseException
user32
GetActiveWindow
DrawTextW
SetDlgItemInt
CheckRadioButton
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
EndDialog
DialogBoxParamW
ClientToScreen
EnumDisplayDevicesW
EnumDisplaySettingsW
SetParent
SetMenuItemInfoW
DeleteMenu
EnableWindow
IsMenu
CloseClipboard
GetClipboardData
OpenClipboard
GetDlgItemInt
GetDlgItemTextA
OffsetRect
UpdateWindow
SetForegroundWindow
CreateMenu
MessageBeep
TrackPopupMenuEx
GetMonitorInfoW
MoveWindow
ShowWindow
PostMessageW
DestroyAcceleratorTable
CallNextHookEx
GetWindowRect
GetDesktopWindow
MessageBoxW
LoadStringW
CharNextW
CopyAcceleratorTableW
LoadAcceleratorsW
DefWindowProcW
MonitorFromPoint
MapWindowPoints
PeekMessageW
RemoveMenu
WindowFromPoint
GetKeyState
DestroyIcon
UnionRect
DispatchMessageW
TranslateMessage
GetMessageW
GetScrollInfo
GetMenuStringW
ModifyMenuW
GetMenuItemID
GetClientRect
ReleaseDC
FillRect
GetDC
SendMessageW
wsprintfW
IsWindow
SetCapture
ReleaseCapture
SetWindowPos
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
DestroyWindow
SetRectEmpty
LoadCursorW
SetTimer
RegisterClassExW
SetWindowsHookExW
GetClassInfoExW
InvalidateRect
FindWindowExW
ShowCursor
CharLowerW
RegisterWindowMessageW
LoadMenuW
SetRect
GetWindow
SetWindowTextW
ExitWindowsEx
GetMenuItemInfoW
GetSystemMetrics
GetSystemMenu
TrackPopupMenu
SystemParametersInfoW
CopyRect
IsZoomed
IsIconic
UnregisterHotKey
FindWindowW
LoadIconW
CheckMenuItem
CheckMenuRadioItem
EnableMenuItem
CreateDialogParamW
GetSubMenu
UnhookWindowsHookEx
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
RegisterHotKey
TranslateAcceleratorW
GetKeyboardState
PostQuitMessage
LoadStringA
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
InvalidateRgn
RedrawWindow
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
GetDlgItem
wvsprintfW
SetWindowRgn
LoadBitmapW
GetClassNameW
LoadImageW
EnumChildWindows
GetSysColor
SetSysColors
GetParent
SetCursor
GetCursorPos
ScreenToClient
PtInRect
BringWindowToTop
KillTimer
gdi32
SetViewportOrgEx
Rectangle
CreatePatternBrush
GetTextExtentPoint32W
SetDIBits
SetBkColor
ExtTextOutW
GetCurrentObject
GetPixel
CreatePen
MoveToEx
LineTo
CreateDIBSection
SetStretchBltMode
StretchDIBits
SetTextColor
GetDIBits
SetBkMode
CreateFontIndirectW
GetStockObject
GetDeviceCaps
CreateRectRgn
CombineRgn
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
DeleteDC
RoundRect
SelectObject
DeleteObject
comdlg32
ChooseColorW
ChooseFontA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW
shell32
SHFileOperationW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHChangeNotify
SHAppBarMessage
DragQueryFileW
DragFinish
DragAcceptFiles
ShellExecuteW
ExtractIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ole32
CLSIDFromProgID
CoTaskMemFree
OleUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
CoFreeUnusedLibraries
CoUninitialize
CoInitializeSecurity
OleInitialize
oleaut32
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
LoadRegTypeLi
SysStringLen
OleCreatePropertyFrame
VariantInit
VariantCopy
VariantClear
SysAllocString
SysFreeString
GetErrorInfo
ws2_32
gethostbyname
inet_ntoa
ntohl
WSAStartup
WSACleanup
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAEventSelect
gethostname
htonl
inet_addr
htons
recv
send
WSAGetLastError
socket
setsockopt
connect
closesocket
ntohs
WSAWaitForMultipleEvents
winmm
mciSendStringW
timeGetTime
quartz
AMGetErrorTextW
iphlpapi
GetAdaptersInfo
comctl32
_TrackMouseEvent
ImageList_Destroy
ord16
ImageList_Draw
ImageList_GetImageInfo
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_BeginDrag
ImageList_LoadImageW
InitCommonControlsEx
msimg32
AlphaBlend
TransparentBlt
urlmon
CoInternetGetSession
Sections
.text Size: 1000KB - Virtual size: 996KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 72KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 80KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
QvodTerminal.exe.exe windows:4 windows x86 arch:x86
bbb186246f69308aa3f7a8e426b54162
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/06/2009, 00:00Not After02/06/2011, 23:59SubjectCN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6d:6e:bb:fa:62:89:b9:32:98:4f:29:e4:38:8e:d6:7a:d1:1a:86:5bSigner
Actual PE Digest6d:6e:bb:fa:62:89:b9:32:98:4f:29:e4:38:8e:d6:7a:d1:1a:86:5bDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
recvfrom
gethostname
inet_ntoa
ntohs
gethostbyname
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
accept
htonl
connect
recv
setsockopt
ioctlsocket
htons
bind
listen
WSACreateEvent
WSAEventSelect
ntohl
send
WSAStartup
getpeername
WSAJoinLeaf
WSASocketA
inet_addr
__WSAFDIsSet
socket
select
WSAGetLastError
WSACloseEvent
sendto
closesocket
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
iphlpapi
GetAdaptersInfo
ole32
CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize
oleaut32
SysStringLen
VariantClear
SysAllocString
SysFreeString
shell32
ShellExecuteA
kernel32
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
GetStdHandle
SetHandleCount
SetEndOfFile
SetStdHandle
SetLastError
TlsAlloc
GetCurrentThreadId
GetVersion
GetCommandLineA
GetModuleHandleA
GetCurrentProcess
ExitProcess
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MoveFileExA
Sleep
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetTickCount
WaitForSingleObject
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
CompareFileTime
SystemTimeToFileTime
GetLocalTime
lstrlenA
WideCharToMultiByte
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedDecrement
QueryPerformanceCounter
GetSystemTime
InterlockedIncrement
CopyFileA
CreateSemaphoreA
OpenSemaphoreA
HeapFree
HeapAlloc
GetProcessHeap
MoveFileA
LocalFree
LocalAlloc
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
GetTempPathA
CreateProcessA
GetDiskFreeSpaceExA
GetLastError
TerminateProcess
ReadFile
PeekNamedPipe
GetWindowsDirectoryA
GetStartupInfoA
CreatePipe
CreateThread
RtlUnwind
GetFileType
CreateFileA
CreateDirectoryA
DeleteFileA
FlushFileBuffers
WriteFile
SetFilePointer
ResumeThread
TlsSetValue
TlsGetValue
ExitThread
GetTimeZoneInformation
CreateDirectoryW
CreateFileW
GetSystemTimeAsFileTime
RaiseException
user32
PostQuitMessage
CreateWindowExA
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
FindWindowA
PostMessageA
advapi32
RegOpenKeyA
RegCloseKey
Sections
.text Size: 424KB - Virtual size: 423KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 56KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
kugou_2382.exe.exe windows:1 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ