36f15b198103c4aaad6a26d91ef8f1ff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36f15b198103c4aaad6a26d91ef8f1ff_JaffaCakes118
Size

1.3MB
MD5

36f15b198103c4aaad6a26d91ef8f1ff
SHA1

c371253c329df1706db1be5ff3d602be3df7dc62
SHA256

aa9c460196d565a3104ed1c385e22f03b2928353b3ec547185a18ead23ae662c
SHA512

354eee4304416ed2b1e3f64b0870283493551a2d9fd97cf82ae0c3b53734c905fd4a0d8d005991db206105ebd329d76e29712e4c918c87b32a8d3772c80f338d
SSDEEP

24576:1cWruRUk4OY5vA5ZXzb2OAkV0jHcF4LOoc8QtrNgeVN1q0KdGETidjxeY6IUi:1L1O+yXPuNjy47c8QtrNrq0oGcidjsZA

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll

Files

36f15b198103c4aaad6a26d91ef8f1ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Custom_chs.ini
$PLUGINSDIR/Custom_cht.ini
$PLUGINSDIR/Custom_eng.ini
$PLUGINSDIR/Custom_kor.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GetPrivateProfileIntW
lstrcmpiW
GetModuleHandleW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
GlobalLock
lstrcpynW

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
LoadCursorW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
CharNextW
wsprintfW
MessageBoxW
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyIcon

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Labelselect_chs.ini
$PLUGINSDIR/Labelselect_cht.ini
$PLUGINSDIR/Labelselect_eng.ini
$PLUGINSDIR/Labelselect_kor.ini
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

2be79521ab92f834267b9728a9762af6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
GetModuleHandleW
GlobalAlloc
lstrlenW
lstrcpynW
lstrcpyW
GlobalFree
lstrcmpW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Skinselect_chs.ini
$PLUGINSDIR/Skinselect_cht.ini
$PLUGINSDIR/Skinselect_eng.ini
$PLUGINSDIR/Skinselect_kor.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

bd0c5e2173fde31d22cb05fc3c2a33dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
GetLastError
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/default.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/second.bmp
Extensions/ExtAddons/ExtAddons.dll
.dll windows:4 windows x86 arch:x86

a153a403c11f205fad78eeb37d022073

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
FtpCommandW
InternetReadFile
InternetReadFileExA
InternetCloseHandle
InternetSetStatusCallbackW
InternetQueryOptionW
InternetSetOptionW
HttpEndRequestW
InternetSetOptionA
InternetCrackUrlW
InternetConnectW
InternetOpenW
HttpSendRequestExW
HttpOpenRequestW
FtpGetFileSize
HttpQueryInfoW
InternetGetConnectedState

urlmon

ObtainUserAgentString

shlwapi

PathFindExtensionW
SHDeleteKeyW
PathFindFileNameW
SHEnumKeyExW
SHGetValueW
PathIsRootW
PathFileExistsW
PathCombineW
StrStrIW
PathGetDriveNumberW

kernel32

IsBadWritePtr
IsBadReadPtr
GetTickCount
CancelWaitableTimer
WaitForMultipleObjects
GetLastError
ResetEvent
GetTempFileNameW
GetTempPathW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
CreateFileW
GetDiskFreeSpaceExW
SetFileTime
ReadFile
WriteFile
DeleteFileW
DisableThreadLibraryCalls
InitializeCriticalSection
VirtualAlloc
VirtualFree
RemoveDirectoryW
GetPrivateProfileIntW
GetShortPathNameW
GetModuleFileNameW
FindClose
FindNextFileW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
CreateDirectoryW
SearchPathW
GetVersionExW
GlobalFree
GlobalUnlock
FreeResource
LockResource
TlsSetValue
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
MoveFileW
MoveFileExW
FreeLibrary
GetProcAddress
LoadLibraryW
HeapFree
HeapAlloc
GetProcessHeap
GetVersion
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
InterlockedIncrement
InterlockedDecrement
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
DebugBreak
OutputDebugStringW
CloseHandle
GetCurrentProcess
CreateEventW
SetEvent
Sleep
WaitForSingleObject
GlobalLock

user32

MenuItemFromPoint
GetMenu
IsZoomed
GetAncestor
WindowFromPoint
SetCapture
ReleaseCapture
EqualRect
LoadImageW
IsWindowVisible
GetMessagePos
InsertMenuW
CreatePopupMenu
RegisterClassExW
PeekMessageW
TranslateMessage
DispatchMessageW
MonitorFromWindow
GetMonitorInfoW
CheckMenuItem
LoadMenuW
GetSubMenu
DestroyMenu
SetWindowPlacement
GetWindowPlacement
DrawEdge
CreateWindowExW
GetSysColor
LoadBitmapW
SetFocus
DestroyIcon
GetPropW
UnhookWindowsHookEx
FillRect
GetCursorPos
PtInRect
LoadCursorW
TrackMouseEvent
DefWindowProcW
GetWindowTextW
GetClientRect
CopyRect
ClientToScreen
GetDC
DrawTextW
ReleaseDC
SetPropW
SetWindowLongW
UpdateWindow
GetWindowLongW
GetParent
LoadStringW
PostThreadMessageW
MessageBoxW
GetDesktopWindow
GetMessageW
SetWindowsHookExW
GetClassNameW
CallNextHookEx
GetWindowDC
OffsetRect
SetMenuInfo
SetMenuItemInfoW
TrackPopupMenuEx
TrackPopupMenu
SetRectEmpty
ShowWindow
SetForegroundWindow
IsWindow
DestroyWindow
PostMessageW
CharNextW
wvsprintfW
SendMessageW
InvalidateRect
SetDlgItemTextW
SetWindowTextW
GetDlgItem
RegisterClipboardFormatW
SubtractRect
PostQuitMessage
GetWindowRect
SetWindowPos
IsDlgButtonChecked
EndDialog
BeginPaint
ScreenToClient
LoadIconW
DrawIcon
EndPaint
DialogBoxParamW
GetMenuItemCount
GetMenuItemInfoW
GetScrollPos
SetScrollPos
GetKeyState
CallWindowProcW
CheckRadioButton
InflateRect
EnableWindow
RedrawWindow
RemovePropW
DrawIconEx
SetCursor

gdi32

GetTextMetricsW
CreateRectRgnIndirect
CombineRgn
FillRgn
EnumFontsW
Rectangle
MoveToEx
LineTo
SetBkColor
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
BitBlt
DeleteDC
CreateSolidBrush
SetBkMode
SetTextColor
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
CreatePen
DeleteObject

advapi32

RegCloseKey
RegOpenKeyW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetSpecialFolderPathW
DragQueryFileW
ExtractIconExW

ole32

CreateStreamOnHGlobal
RegisterDragDrop
CoUninitialize
CoCreateInstance
CoInitialize
OleInitialize
OleUninitialize
ReleaseStgMedium
OleDuplicateData
DoDragDrop

oleaut32

SysAllocString
SysFreeString

msvcrt

fclose
fread
ftell
fseek
_wcsnicmp
wcschr
_snprintf
_snwprintf
wcslen
__CxxFrameHandler
free
??2@YAPAXI@Z
malloc
iswdigit
_wtoi
_beginthreadex
_wtol
wcsstr
wcscpy
_ui64tow
wcsncpy
memmove
time
_ftol
wcsncat
_wtoi64
_wfopen
fwrite
_except_handler3
wcscmp
_wcsicmp
wcscat
wcsrchr
swprintf
swscanf
fwprintf
iswspace
wcstok
realloc
wcsncmp
_purecall
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_Destroy
InitCommonControlsEx
ImageList_Draw
ImageList_GetImageCount

Exports

Exports

Ext_GetExtensionInfo
Ext_GetExtensionType
Ext_Init
Ext_UnInit
Frame_onCreate
Frame_onFontChange
Frame_onSkinChange

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 832KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Extensions/ExtAdfilter/ExtAdfilter.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a094058cf79c719befa9c0500ad64b73

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSARecv
recv
send
closesocket
connect

urlmon

CoInternetCombineUrl

shlwapi

StrStrW
PathMatchSpecW
PathFileExistsW
StrStrIW

wininet

InternetCrackUrlW

kernel32

WriteProcessMemory
ReadProcessMemory
VirtualProtect
GetCurrentProcess
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetTickCount
lstrlenW
Sleep
InterlockedIncrement
InterlockedDecrement
MoveFileW
GetModuleFileNameW
CreateDirectoryW
MultiByteToWideChar
lstrlenA
DeleteFileW
OpenProcess
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
LocalFree
MoveFileExW

user32

CharNextW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
InsertMenuW
LoadMenuW
GetSubMenu
CheckMenuItem
EnableMenuItem
DestroyMenu
ClientToScreen
ReplyMessage
IsDlgButtonChecked
EndDialog
CheckDlgButton
SendMessageW
ShowWindow
SetForegroundWindow
GetDesktopWindow
DialogBoxParamW
LoadStringW
GetCursorPos
ScreenToClient
LoadCursorW
SetCursor
GetClassNameW
GetKeyState
IsChild
IsWindow
GetDlgItem

shell32

SHGetSpecialFolderPathW

oleaut32

SysAllocString
SysFreeString

msvcrt

wcscat
wcsrchr
memcpy
??2@YAPAXI@Z
_snwprintf
__CxxFrameHandler
_ftol
_wtoi
wcscmp
_wcsicmp
wcslen
_wcsnicmp
vswprintf
_except_handler3
memset
wcstod
iswspace
fclose
wcsncpy
iswdigit
malloc
memmove
free
fwrite
fread
ftell
fseek
_wfopen
fwprintf
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
wcsstr
memcmp
strlen
swprintf

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Ext_GetExtensionCLSID
Ext_GetExtensionInfo
Ext_GetExtensionType
Ext_Init
Frame_onCreate

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taihang
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Extensions/ExtDownload/ExtDownload.dll
.dll windows:4 windows x86 arch:x86

c4835bf3da5e6e9ed42c11a6573abfce

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

ObtainUserAgentString
CoInternetCombineUrl

wininet

InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
HttpEndRequestW
InternetReadFile
InternetReadFileExA
InternetSetOptionA
InternetCloseHandle
InternetCrackUrlW
FtpOpenFileW
GetUrlCacheEntryInfoW
InternetConnectW
InternetOpenW
HttpSendRequestExW
HttpOpenRequestW
HttpQueryInfoW
FtpGetFileSize
InternetSetStatusCallbackW

kernel32

MultiByteToWideChar
SystemTimeToFileTime
GetLastError
CreateDirectoryW
GetCurrentProcess
WideCharToMultiByte
CreateEventW
SetEvent
Sleep
WaitForSingleObject
TlsSetValue
CancelWaitableTimer
WaitForMultipleObjects
ResetEvent
SetWaitableTimer
ReadProcessMemory
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceExW
SetFileTime
ReadFile
WriteFile
GetShortPathNameW
SetFileAttributesW
GetFileAttributesW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
LocalFree
GetWindowsDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
GetVersion
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
OpenProcess
lstrlenA
OutputDebugStringW
DebugBreak
InitializeCriticalSection
GetCurrentProcessId
DisableThreadLibraryCalls
GlobalAlloc
GlobalLock
GlobalUnlock
CopyFileW
lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
lstrlenW
CreateFileW
CloseHandle
DeleteFileW
GetSystemDirectoryW
GetTempPathW
GetTempFileNameW
GetTickCount
MoveFileW
MoveFileExW
IsBadReadPtr
IsBadWritePtr
InterlockedDecrement
CreateWaitableTimerW

user32

MonitorFromWindow
GetMonitorInfoW
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
TrackMouseEvent
ClientToScreen
CallWindowProcW
UpdateWindow
CharNextW
wvsprintfW
PeekMessageW
TranslateMessage
DispatchMessageW
GetAncestor
GetMenuItemInfoW
RegisterClipboardFormatW
MoveWindow
GetWindowLongW
SetWindowLongW
InSendMessageEx
ReplyMessage
IsWindowVisible
CharUpperW
LoadMenuW
GetSubMenu
EnableMenuItem
GetKeyState
ReleaseCapture
SetCapture
WindowFromPoint
IsZoomed
GetMenu
SetMenuItemInfoW
MenuItemFromPoint
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
CallNextHookEx
OffsetRect
PtInRect
InflateRect
DestroyIcon
GetParent
CreatePopupMenu
InsertMenuItemW
InsertMenuW
GetCursorPos
DestroyMenu
LoadCursorW
SetCursor
CopyRect
FillRect
DrawEdge
SetWindowPlacement
GetWindowPlacement
KillTimer
DestroyWindow
InvalidateRect
GetSysColor
SetForegroundWindow
GetPropW
EnableWindow
GetWindowTextW
GetDlgItemTextW
SetFocus
SetPropW
CheckRadioButton
RemovePropW
CreateWindowExW
SetTimer
LoadBitmapW
SetWindowTextW
DefWindowProcW
LoadStringW
MessageBoxW
IsWindow
PostMessageW
SetDlgItemTextW
GetDlgItem
ShowWindow
CheckDlgButton
SendMessageW
GetDC
DrawTextW
ReleaseDC
GetClientRect
GetWindowRect
SetWindowPos
GetDesktopWindow
MapWindowPoints
IsDlgButtonChecked
EndDialog
BeginPaint
ScreenToClient
LoadIconW
DrawIcon
EndPaint
DialogBoxParamW
DrawIconEx
SetRectEmpty
TrackPopupMenu
TrackPopupMenuEx
SetMenuInfo
RegisterClassExW
GetMessagePos
LoadImageW
GetWindowDC
EqualRect
GetMenuItemCount

gdi32

CreateCompatibleDC
Rectangle
CreatePen
MoveToEx
SetBkMode
SetTextColor
FillRgn
EnumFontsW
CreateDIBSection
LineTo
GetObjectW
CreateFontIndirectW
GetStockObject
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
GetTextMetricsW
CreateRectRgnIndirect
CombineRgn
DeleteObject

shell32

SHGetSpecialFolderPathW
ExtractIconExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHFileOperationW
DragQueryFileW
ShellExecuteW
SHGetFileInfoW

ole32

RevokeDragDrop
CoCreateInstance
ReleaseStgMedium
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
OleDuplicateData
DoDragDrop
RegisterDragDrop

oleaut32

SysFreeString
SysAllocString
SafeArrayCreateVector

msvcrt

time
??2@YAPAXI@Z
_wtoi
wcscpy
wcscmp
_itow
__CxxFrameHandler
_purecall
wcslen
_snwprintf
fprintf
towupper
towlower
fwprintf
swscanf
fgets
rewind
swprintf
realloc
_CxxThrowException
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
wcsncpy
_ftol
wcsftime
gmtime
wcscat
wcsrchr
_wcsicmp
wcsncat
wcspbrk
_i64tow
localtime
_ui64tow
_ltow
wcsncmp
_wtoi64
_wtol
memmove
wcsstr
free
_wcsnicmp
malloc
iswdigit
_snprintf
fclose
fread
ftell
fseek
_wfopen
fwrite
_beginthreadex
wcschr
iswspace
_except_handler3
_strnicmp

shlwapi

UrlEscapeW
StrStrW
PathIsRootW
PathFileExistsW
StrStrIW
PathMatchSpecW
StrCmpIW
SHGetValueW
PathGetDriveNumberW
PathFindExtensionW
PathIsURLW
StrCmpW
StrRetToBufW
PathIsDirectoryW
PathCombineW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipCreateImageAttributes
GdipAlloc
GdipDisposeImageAttributes
GdipFree
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageHeight
GdiplusShutdown

comctl32

ImageList_Duplicate
InitCommonControlsEx
ImageList_Draw
ImageList_GetImageInfo
ImageList_DrawEx
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_AddMasked
ImageList_Remove

Exports

Exports

Ext_ExecContextMenu
Ext_GetExtensionInfo
Ext_GetExtensionType
Ext_HaveExtensionPos
Ext_Init
Ext_InitContextMenu
Ext_UnInit
Extension_OnEnable
Extension_OnUnInstall
Frame_ShowDownloadManager
Frame_onCreate
Frame_onFontChange
Frame_onSkinChange

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SimpleW
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Extensions/ExtMinibar/ExtMinibar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6e38273d3963ce42e1a9fb08379e06f6

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathMatchSpecW

kernel32

GetStringTypeW
GetStringTypeA
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
LocalFree
FlushFileBuffers
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
CloseHandle
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
SetStdHandle

user32

SendMessageW
CheckMenuItem
GetSubMenu
ClientToScreen
DestroyMenu
GetAncestor
LoadStringW
LoadMenuW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Ext_GetExtensionCLSID
Ext_GetExtensionInfo
Ext_GetExtensionType
Ext_Init

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Extensions/ExtPages/ExtPages.dll
.dll .js windows:4 windows x86 arch:x86 polyglot

17a8c8c20136a339d4330a49c023d4ac

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
DisableThreadLibraryCalls
GetShortPathNameW

user32

LoadStringW

shlwapi

UrlEscapeW

msvcrt

_initterm
_adjust_fdiv
malloc
free
_snwprintf
wcschr
_wcsnicmp
wcslen

Exports

Exports

Ext_GetExtensionInfo
Ext_GetExtensionType
Ext_Init

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Extensions/ExtSuggest/ExtSuggest.dll
.dll windows:4 windows x86 arch:x86

6b34c1640879dc113c48e3f9f0e46058

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
GetCurrentThreadId
HeapFree
HeapAlloc
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
MultiByteToWideChar
lstrlenA
CloseHandle
GetCurrentProcess
CreateEventW
SetEvent
Sleep
WaitForSingleObject
TlsSetValue
IsBadWritePtr
IsBadReadPtr
CancelWaitableTimer
WaitForMultipleObjects
GetTickCount
GetLastError
ResetEvent
GetTempFileNameW
GetTempPathW
lstrlenW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
CreateFileW
GetDiskFreeSpaceExW
SetFileTime
ReadFile
WriteFile
DeleteFileW
InitializeCriticalSection
WideCharToMultiByte

user32

GetWindowRect
DefWindowProcW
LoadStringW
BeginPaint
GetClientRect
FillRect
EndPaint
CreateWindowExW
SendMessageW
DrawTextW
SetWindowPos
OffsetRect
GetWindowDC
SetCursor
LoadCursorW
PtInRect
PostQuitMessage
InvalidateRect
GetDC
ReleaseDC
PostMessageW
MoveWindow
SetWindowTextW
ScreenToClient
GetMessagePos
SetFocus
InflateRect
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
IsWindowVisible
SetWindowLongW
RegisterClassExW

gdi32

CreatePen
GetStockObject
Rectangle
DeleteObject
CreateSolidBrush
SetTextColor
SelectObject
GetTextExtentPoint32W

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

shlwapi

StrCmpIW
StrStrW
PathGetDriveNumberW
StrStrIW

wininet

InternetReadFile
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
CreateUrlCacheEntryW
HttpEndRequestW
FtpOpenFileW
InternetWriteFile
InternetGetLastResponseInfoW

urlmon

ObtainUserAgentString

msvcrt

isalnum
sprintf
strstr
strtok
wcsncpy
_wfopen
fseek
ftell
??2@YAPAXI@Z
fread
fclose
wcslen
swprintf
_snwprintf
wcscpy
_ui64tow
wcsstr
time
_wtol
_ftol
wcsncat
_wtoi64
wcscmp
_wcsicmp
__CxxFrameHandler
wcsrchr
strncpy
_except_handler3
free
malloc
memmove
_purecall
__dllonexit
_onexit
_initterm
_adjust_fdiv
_beginthreadex

Exports

Exports

Ext_GetExtensionInfo
Ext_GetExtensionType
Ext_Init

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 802KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Import.exe
.exe windows:4 windows x86 arch:x86

47cdcefe37a6cab3f233d04ecc39e6d2

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRootW

mfc42u

ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord815
ord2506
ord2613
ord1131
ord641
ord5261
ord4370
ord4847
ord4992
ord4704
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord2546
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord4229
ord1143
ord1165
ord4294
ord6211
ord2078
ord823
ord4155
ord2858
ord2371
ord755
ord470
ord3614
ord3087
ord1634
ord5871
ord3084
ord4470
ord1569
ord3658
ord3621
ord2406
ord2606
ord6868
ord927
ord538
ord535
ord5568
ord2910
ord2293
ord2362
ord6330
ord4219
ord2859
ord4270
ord4480
ord6371
ord4269
ord4667
ord2756
ord4273
ord4272
ord925
ord922
ord940
ord537
ord861
ord858
ord825
ord540
ord860
ord800
ord4435
ord942

msvcrt

?terminate@@YAXXZ
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_onexit
_XcptFilter
_exit
wcscmp
_wcsicmp
_wtoi
_snwprintf
wcslen
wcsstr
memset
wcsncpy
__dllonexit
_except_handler3
__set_app_type
exit
__p__fmode
__CxxFrameHandler

kernel32

GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetCurrentDirectoryW
GetLastError
CreateDirectoryW
GetFileAttributesW
WritePrivateProfileStringW
OpenProcess
GetProcAddress
LoadLibraryW
Sleep
GetModuleHandleW
GetStartupInfoW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW

user32

GetWindowThreadProcessId
FindWindowExW
DispatchMessageW
TranslateMessage
PeekMessageW
PtInRect
BeginPaint
GetDlgItem
MapWindowPoints
FillRect
EndPaint
InvalidateRect
GetParent
EnableWindow
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuW
SendMessageW
GetClientRect
LoadIconW
IsIconic

gdi32

GetStockObject
CreateFontW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Skin/Crystal_Chrome/BTN_CLOSE.png
.png
Skin/Crystal_Chrome/BTN_LINE.png
.png
Skin/Crystal_Chrome/BTN_SIDECLOSE.png
.png
Skin/Crystal_Chrome/BTN_SIDEMASK.png
.png
Skin/Crystal_Chrome/BTN_SIDEMENU.png
.png
Skin/Crystal_Chrome/address.png
.png
Skin/Crystal_Chrome/backward.png
.png
Skin/Crystal_Chrome/bg_pagebar.png
.png
Skin/Crystal_Chrome/bg_sidebar_mini.png
.png
Skin/Crystal_Chrome/bg_sidebar_tool.png
.png
Skin/Crystal_Chrome/bg_sidepanel.png
.png
Skin/Crystal_Chrome/bg_sidetoolbar.png
.png
Skin/Crystal_Chrome/bg_toolbar.png
.png
Skin/Crystal_Chrome/borderbottom.png
.png
Skin/Crystal_Chrome/borderleft.png
.png
Skin/Crystal_Chrome/borderright.png
.png
Skin/Crystal_Chrome/btn_sidebar_hide.png
.png
Skin/Crystal_Chrome/btn_sidebar_show.png
.png
Skin/Crystal_Chrome/chevron.png
.png
Skin/Crystal_Chrome/dropdown.png
.png
Skin/Crystal_Chrome/edit.png
.png
Skin/Crystal_Chrome/fav_add.ico
Skin/Crystal_Chrome/fav_directory.ico
Skin/Crystal_Chrome/fav_net_login.ico
Skin/Crystal_Chrome/fav_net_nologin.ico
Skin/Crystal_Chrome/fav_sidebar.ico
Skin/Crystal_Chrome/fav_url.ico
Skin/Crystal_Chrome/favorites.png
.png
Skin/Crystal_Chrome/findbaritem.png
.png
Skin/Crystal_Chrome/forward.png
.png
Skin/Crystal_Chrome/go.png
.png
Skin/Crystal_Chrome/home.png
.png
Skin/Crystal_Chrome/img_lock.png
.png
Skin/Crystal_Chrome/img_progress.png
.png
Skin/Crystal_Chrome/img_sideols.png
.png
Skin/Crystal_Chrome/mask.png
.png
Skin/Crystal_Chrome/menuicon.png
.png
Skin/Crystal_Chrome/navihistory.png
.png
Skin/Crystal_Chrome/new.png
.png
Skin/Crystal_Chrome/preview.png
.png
Skin/Crystal_Chrome/privacy.png
.png
Skin/Crystal_Chrome/rebar.png
.png
Skin/Crystal_Chrome/rebar_grip.png
.png
Skin/Crystal_Chrome/refresh.png
.png
Skin/Crystal_Chrome/refresh_combine.png
.png
Skin/Crystal_Chrome/restore.png
.png
Skin/Crystal_Chrome/scrollbg.png
.png
Skin/Crystal_Chrome/scrollgauge.png
.png
Skin/Crystal_Chrome/search.ico
Skin/Crystal_Chrome/search.png
.png
Skin/Crystal_Chrome/select.png
.png
Skin/Crystal_Chrome/sep.png
.png
Skin/Crystal_Chrome/sizestatus.png
.png
Skin/Crystal_Chrome/skin.ini
Skin/Crystal_Chrome/statusitem.png
.png
Skin/Crystal_Chrome/stop.png
.png
Skin/Crystal_Chrome/stop_combine.png
.png
Skin/Crystal_Chrome/tab_button.png
.png
Skin/Crystal_Chrome/tab_button_close.png
.png
Skin/Crystal_Chrome/tab_close.png
.png
Skin/Crystal_Chrome/tab_color.png
.png
Skin/Crystal_Chrome/tab_drag.png
.png
Skin/Crystal_Chrome/tab_new.png
.png
Skin/Crystal_Chrome/tab_progress.png
.png
Skin/Crystal_Chrome/tabitem.png
.png
Skin/Crystal_Chrome/thumb.png
.png
Skin/Crystal_Chrome/title_close.png
.png
Skin/Crystal_Chrome/title_cus.png
.png
Skin/Crystal_Chrome/title_max.png
.png
Skin/Crystal_Chrome/title_max2.png
.png
Skin/Crystal_Chrome/title_min.png
.png
Skin/Crystal_Chrome/titlebar.png
.png
Skin/Crystal_Chrome/titlebarmax.png
.png
Skin/Crystal_Chrome/tool.png
.png
Skin/Crystal_Chrome/toolbar.png
.png
TheWorld.exe
.exe windows:4 windows x86 arch:x86

a1a3dac473f3b15fa51ad3ac57e55888

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

RegisterBindStatusCallback
CoInternetGetSession
CoGetClassObjectFromURL
CoInternetCombineUrl
ObtainUserAgentString
RevokeBindStatusCallback

psapi

GetProcessMemoryInfo
GetModuleInformation
EnumProcessModules
GetModuleFileNameExW

kernel32

FindNextFileW
FindFirstFileW
OpenEventW
GlobalFree
GetShortPathNameW
GetFileSize
CreateDirectoryW
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
MoveFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
lstrcmpA
CreateThread
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
GetSystemTime
TlsGetValue
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
VirtualProtect
DeviceIoControl
GlobalUnlock
GlobalSize
LocalFree
EnumResourceLanguagesW
GetVersion
MulDiv
LocalAlloc
CreateProcessW
GetSystemInfo
SetProcessWorkingSetSize
ExitProcess
GetWindowsDirectoryW
GetProcessHeap
GetProcessTimes
GetSystemTimeAsFileTime
GlobalDeleteAtom
GlobalAddAtomW
lstrcmpiA
GetFileAttributesExW
CompareFileTime
FlushInstructionCache
LocalFileTimeToFileTime
VirtualQuery
CreateFileA
PostQueuedCompletionStatus
CreateIoCompletionPort
lstrcpynW
SwitchToThread
lstrcpynA
ExitThread
GetExitCodeThread
lstrcmpiW
WritePrivateProfileStringW
FindClose
GetStartupInfoA
GetModuleHandleA
SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
InterlockedCompareExchange
RemoveDirectoryW
GetCurrentThreadId
OpenThread
WaitForSingleObject
InitializeCriticalSection
Sleep
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
CreateEventW
TlsAlloc
GetTickCount
GetTempFileNameW
MoveFileExW
CreateMutexW
GetLastError
OpenProcess
GetCommandLineW
GetVersionExW
WriteFile
SetFileTime
GetDiskFreeSpaceExW
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetSystemDirectoryW
GetTempPathW
CreateFileW
ReadFile
OutputDebugStringW
DebugBreak
MultiByteToWideChar
TerminateThread
SetLastError
lstrlenA
VirtualFreeEx
ReadProcessMemory
GetExitCodeProcess
VirtualAllocEx
WriteProcessMemory
DuplicateHandle
VirtualFree
VirtualAlloc
TlsSetValue
ResetEvent
GetLocaleInfoW
GetPrivateProfileStringW
DeleteFileW
DeleteCriticalSection
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
CopyFileW
SetErrorMode
GetPrivateProfileIntW
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetThreadPriority
SetThreadPriority
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetLongPathNameW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetModuleHandleW
TerminateProcess
GetCurrentProcess
CloseHandle
TlsFree
SetEvent
DosDateTimeToFileTime

user32

RedrawWindow
RemovePropW
SetPropW
GetPropW
EndDialog
SetDlgItemTextW
SetWindowTextW
GetWindowTextW
SetFocus
EndPaint
ShowCursor
wsprintfW
GetClassInfoExW
GetCapture
DrawEdge
RegisterClassW
RegisterClassExW
MonitorFromRect
AdjustWindowRectEx
IsHungAppWindow
LoadImageW
MoveWindow
GetWindowModuleFileNameW
GetActiveWindow
SetWindowRgn
GetWindowRgn
IntersectRect
EnumThreadWindows
GetMenuItemID
GetMenuState
SetLayeredWindowAttributes
SetActiveWindow
GetMessageW
SetWindowPlacement
GetGUIThreadInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
InsertMenuItemW
SetRectEmpty
TrackPopupMenu
TrackPopupMenuEx
SetMenuInfo
GetMenuInfo
MenuItemFromPoint
CheckMenuRadioItem
LoadBitmapW
GetDoubleClickTime
MessageBeep
GetSystemMenu
FillRect
GetClientRect
MapWindowPoints
GetDesktopWindow
GetWindowRect
GetDlgItem
BeginPaint
CopyRect
DestroyIcon
InflateRect
SetWindowPos
SetWindowLongW
GetWindowLongW
CreateWindowExW
IsWindow
SendMessageW
CallWindowProcW
PostMessageW
DefWindowProcW
ReleaseDC
GetDC
PtInRect
GetCursorPos
ScreenToClient
ClientToScreen
SetCursor
DialogBoxParamW
LoadCursorW
GetKeyState
DestroyMenu
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
KillTimer
GetMenu
GetFocus
InvalidateRect
SetTimer
SetRect
RegisterWindowMessageW
LoadStringW
GetWindowThreadProcessId
FindWindowExW
AllowSetForegroundWindow
GetKeyboardLayout
EnumWindows
GetClassNameW
IsWindowVisible
IsDlgButtonChecked
DrawIcon
LoadIconW
DrawTextW
UnregisterHotKey
RegisterHotKey
CheckDlgButton
ShowWindow
DestroyWindow
MessageBoxW
GetForegroundWindow
EnableWindow
GetAncestor
SubtractRect
FindWindowW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
GetClipboardData
GetKeyNameTextW
GetWindowTextLengthW
EnumChildWindows
SetCursorPos
GetMenuStringW
ReleaseCapture
SetCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
GetDlgItemTextW
MapVirtualKeyW
keybd_event
GetMessagePos
RegisterClipboardFormatW
CreatePopupMenu
InsertMenuW
SetMenuItemInfoW
TrackMouseEvent
UpdateWindow
IsChild
LoadStringA
GetWindowDC
WindowFromPoint
GetWindowPlacement
SystemParametersInfoW
ActivateKeyboardLayout
SetClassLongW
GetParent
GetSystemMetrics
DeleteMenu
RemoveMenu
CheckMenuItem
IsZoomed
MsgWaitForMultipleObjects
OffsetRect
CharNextA
DrawIconEx
CopyAcceleratorTableW
IsMenu
GetMenuItemCount
GetMenuItemInfoW
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW
CreateAcceleratorTableW
CharNextW
wvsprintfW
InSendMessageEx
ReplyMessage
PostThreadMessageW
EqualRect
WaitForInputIdle
SendMessageTimeoutW
EndMenu
AttachThreadInput
GetWindow
PostQuitMessage
SetParent
PeekMessageW
DispatchMessageW
TranslateMessage
SetForegroundWindow

gdi32

PatBlt
CreateBitmap
TextOutW
CreateRectRgnIndirect
FillRgn
SetBkColor
CreatePatternBrush
RoundRect
SetPixel
CreatePolygonRgn
CreateRoundRectRgn
CreateRectRgn
GetStockObject
SetBkMode
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBitmapBits
CreateDIBSection
SetTextColor
CreateSolidBrush
StretchBlt
SetStretchBltMode
Rectangle
CreatePen
CreateFontIndirectW
GetObjectW
GetBitmapBits
LineTo
MoveToEx
GetDeviceCaps
GetDIBits
EnumFontsW
GetTextMetricsW
GetTextExtentPoint32W
CombineRgn

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
CopySid
GetTokenInformation

shell32

SHGetMalloc
DragQueryFileW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHFileOperationW
ExtractIconExW
ord680
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

ole32

PropVariantClear
CLSIDFromProgID
OleRun
CLSIDFromString
OleSetContainedObject
ReleaseStgMedium
CoMarshalInterface
GetHGlobalFromStream
OleDraw
OleCreate
OleInitialize
DoDragDrop
RegisterDragDrop
OleUninitialize
CoGetClassObject
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoGetMalloc
OleDuplicateData
RevokeDragDrop
CoCreateInstance
CoInitialize
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysStringLen
VariantClear
SafeArrayCreateVector
SystemTimeToVariantTime
SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData

shlwapi

StrCmpIW
PathFindFileNameW
PathFindExtensionW
StrStrIW
PathFileExistsW
PathIsURLW
PathCombineW
PathGetDriveNumberW
PathIsDirectoryW
UrlIsOpaqueW
UrlGetPartW
StrStrIA
SHDeleteKeyW
SHSetValueW
SHDeleteValueW
SHGetValueW
PathRemoveFileSpecW
UrlEscapeW
PathIsRootW
UrlCanonicalizeW
StrStrW
PathMatchSpecW
StrCmpW
UrlCombineA
PathRemoveExtensionW
PathAppendW
PathRelativePathToW
StrCatW
PathIsUNCW
StrRetToBufW
SHEnumKeyExW
StrStrA
UrlUnescapeW
SHStrDupW

wininet

RetrieveUrlCacheEntryStreamA
InternetSetCookieExW
InternetSetCookieA
UnlockUrlCacheEntryStream
InternetSetCookieW
InternetSetCookieExA
HttpAddRequestHeadersA
InternetTimeToSystemTimeA
InternetQueryOptionA
HttpQueryInfoA
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
InternetCanonicalizeUrlW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetSetStatusCallbackA
HttpOpenRequestA
InternetOpenA
CommitUrlCacheEntryA
CreateUrlCacheEntryA
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
HttpEndRequestW
InternetReadFile
InternetReadFileExA
InternetCloseHandle
InternetSetStatusCallbackW
InternetSetOptionA
InternetConnectW
InternetOpenW
HttpSendRequestExW
HttpOpenRequestW
FtpGetFileSize
HttpQueryInfoW
GetUrlCacheEntryInfoW
InternetGetCookieExA

winmm

waveOutWrite
midiStreamClose
midiStreamOut

dsound

ord1

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

iswdigit
malloc
free
isalnum
sprintf
iswalpha
wcspbrk
_ltow
_ftol
_wtoi
_local_unwind2
_except_handler3
wcsncat
_beginthreadex
time
toupper
wcsrchr
wcsncpy
??2@YAPAXI@Z
wcschr
_itow
isalpha
_wcsnicmp
wcscpy
wcscat
wcsncmp
wcscmp
wcsstr
wcslen
_purecall
_snwprintf
__CxxFrameHandler
_snprintf
_wcsicmp
_wtol
_ui64tow
_wtoi64
_stricmp
fclose
fread
ftell
fseek
fopen
_wfopen
fwrite
memmove
strstr
strchr
wcstok
mktime
_wmakepath
_wsplitpath
atoi
strtok
localtime
fflush
qsort
strncpy
strncmp
wcstod
iswspace
strrchr
fputs
_wcsdup
swscanf
swprintf
fputws
fwprintf
_strlwr
strncat
_CIpow
towlower
_ismbslead
fprintf
_strnicmp
fgets
rewind
_atoi64
isspace
realloc
exit
scanf
printf
memset
memcpy
_CxxThrowException
__dllonexit
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
_onexit

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipFree
GdiplusStartup
GdiplusShutdown
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesGamma
GdipLoadImageFromStream

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

Netbios

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Duplicate
ImageList_SetBkColor
ImageList_DrawEx
ImageList_GetIconSize
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove

Sections

.text
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taihang
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnInst.exe.nsis
WebApp.exe
.exe windows:4 windows x86 arch:x86

7e3202390527c4760fda4da26284da0f

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindFirstUrlCacheEntryA
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
DeleteUrlCacheEntryA
InternetReadFile
InternetReadFileExA
InternetCloseHandle
InternetSetStatusCallbackW
InternetSetOptionA
InternetConnectW
InternetOpenW
HttpSendRequestExW
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
HttpEndRequestW
HttpQueryInfoW
HttpOpenRequestW
FtpGetFileSize
FindCloseUrlCache
CommitUrlCacheEntryA
HttpOpenRequestA
CommitUrlCacheEntryW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW

urlmon

CoInternetCombineUrl
ObtainUserAgentString

wintrust

CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

UrlEscapeW
SHDeleteValueW
PathFindExtensionW
SHGetValueW
PathIsRootW
PathCombineW
PathFindFileNameA
PathFindFileNameW
PathGetDriveNumberW
UrlIsOpaqueW
StrCmpIW
UrlGetPartW
SHSetValueW
StrStrIW
PathFileExistsW

kernel32

GetThreadContext
SetThreadContext
SuspendThread
SetLastError
GetStartupInfoW
ResumeThread
InterlockedCompareExchange
FlushInstructionCache
VirtualProtect
GetCurrentProcess
LoadLibraryW
GetLongPathNameW
GetModuleFileNameW
GetLastError
TerminateProcess
CloseHandle
GetCommandLineW
OpenProcess
GetCurrentProcessId
GetCurrentThreadId
Sleep
WaitForSingleObject
OpenThread
SetEvent
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
CreateProcessW
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
ReadFile
CreateFileW
CreateEventW
TlsSetValue
IsBadWritePtr
IsBadReadPtr
CancelWaitableTimer
WaitForMultipleObjects
ResetEvent
GetTempFileNameW
GetTempPathW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceExW
SetFileTime
WriteFile
TlsFree
TlsAlloc
GetVersionExW
VirtualQuery
SetUnhandledExceptionFilter
SetErrorMode
VirtualFree
VirtualAlloc
FreeLibrary
GetProcAddress
GetShortPathNameW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
CreateThread
ExpandEnvironmentStringsW
HeapFree
HeapAlloc
HeapCreate
GetModuleHandleW
GetCurrentThread
GetSystemTime
GlobalFree
GlobalUnlock
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
LocalAlloc
LocalFree
MoveFileW
MoveFileExW
GetProcessHeap
GetVersion

user32

KillTimer
SetTimer
CreateWindowExW
EnumChildWindows
InsertMenuW
CreatePopupMenu
RegisterClassExW
CloseClipboard
CheckDlgButton
IsDlgButtonChecked
FindWindowW
SetParent
GetWindowPlacement
SystemParametersInfoW
SetWindowPlacement
LoadStringW
RemovePropW
GetCursorPos
PtInRect
LoadCursorW
SetCursor
TrackMouseEvent
GetWindowTextW
ClientToScreen
ScreenToClient
GetDC
DrawTextW
ReleaseDC
SetWindowLongW
UpdateWindow
GetWindowLongW
GetParent
GetSystemMetrics
LoadImageW
EnableWindow
ShowWindow
LoadIconW
DestroyIcon
SetDlgItemTextW
BeginPaint
GetMessagePos
FillRect
EndPaint
EndDialog
GetDlgItem
GetDesktopWindow
DialogBoxParamW
GetMenuItemCount
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW
SetWindowPos
InvalidateRect
EqualRect
WindowFromPoint
ReleaseCapture
SetCapture
GetMenu
MenuItemFromPoint
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetWindowDC
DefWindowProcW
GetClientRect
SetFocus
SetWindowTextW
GetPropW
FindWindowExW
IsWindow
IsChild
PostMessageW
CopyRect
PeekMessageW
SetPropW
GetAncestor
SendMessageW
MessageBoxW
PostQuitMessage
GetWindowRect
IsZoomed
InflateRect
IsIconic
OffsetRect
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
GetMessageW
TranslateMessage
DispatchMessageW
GetClassNameW
GetKeyState
CallWindowProcW
SetMenuInfo
SetMenuItemInfoW
TrackPopupMenuEx
TrackPopupMenu
SetRectEmpty
DestroyMenu
GetSysColor
DrawIconEx
RegisterClipboardFormatW
EmptyClipboard
SetClipboardData
MapWindowPoints
OpenClipboard
GetMenuItemInfoW

gdi32

Rectangle
CreatePen
FillRgn
CombineRgn
CreateRectRgnIndirect
GetTextMetricsW
MoveToEx
DeleteDC
CreateSolidBrush
SetTextColor
GetObjectW
CreateFontIndirectW
LineTo
EnumFontsW
BitBlt
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
GetStockObject
SetBkMode

comdlg32

GetSaveFileNameW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ExtractIconExW
SHFileOperationW
DragQueryFileW
SHGetFolderPathW

ole32

RegisterDragDrop
DoDragDrop
OleInitialize
CoCreateInstance
OleSetContainedObject
OleCreate
RevokeDragDrop
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType

msvcrt

wcscpy
wcsrchr
wcsncpy
_wcsicmp
wcslen
_except_handler3
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_wtoi64
fclose
fread
ftell
fseek
fopen
_snprintf
_wcsnicmp
wcscat
fwrite
_wfopen
memmove
fwprintf
iswspace
_snwprintf
??2@YAPAXI@Z
wcsncmp
__CxxFrameHandler
_beginthreadex
wcscmp
wcsncat
wcspbrk
_initterm
wcschr
_wtoi
_wtol
swscanf
wcsstr
free
malloc
wcstok
swprintf
realloc
_purecall
_ismbslead
memset
memcpy
_CxxThrowException
__dllonexit
_ui64tow
time
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_ftol

gdiplus

GdipCreateFromHDC
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage

comctl32

ImageList_Draw
InitCommonControlsEx

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oem.dat

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 129KB

.ndata Size: - Virtual size: 108KB

.rsrc Size: 22KB - Virtual size: 21KB

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2be79521ab92f834267b9728a9762af6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 777B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 266B

bd0c5e2173fde31d22cb05fc3c2a33dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 129KB

.ndata
Size: - Virtual size: 108KB

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 777B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 266B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 848B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 502B

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 832KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 16KB - Virtual size: 12KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate