387fc8af855e1ccb57f829d88d3f8fbe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

387fc8af855e1ccb57f829d88d3f8fbe_JaffaCakes118
Size

14.2MB
MD5

387fc8af855e1ccb57f829d88d3f8fbe
SHA1

2b60d303d79f2aeefb8ed9cf2be0e28d60a201c3
SHA256

e257136d1a59a2d05d1b37892f1014ba5830495cb24c4f1be42d66bbbaf9b256
SHA512

e7e2dee6c45fc5040b99ee15ca8aa688c2142b29c22a76dc9c0e0e06138bf9ea56159652cea6487b18332c853205fc9aa4fd90b550fb6c1587a3f85703b38d44
SSDEEP

393216:2lZUAXiu/QcczEDZZUldVrQyFXrRB+4HCQlYb9Zq1vG5muyGE:WaAXfQckobUldVkyFXrRB9icYbcvomHX

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
387fc8af855e1ccb57f829d88d3f8fbe_JaffaCakes118
unpack001/$PLUGINSDIR/Base64.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/blowfish.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsRandom.dll
unpack002/out.upx
unpack001/@Install_̻.exe
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

387fc8af855e1ccb57f829d88d3f8fbe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Baidubar.bmp
$PLUGINSDIR/Base64.dll
.dll windows:4 windows x86 arch:x86

1ba6926a1ee4e4cda118768081f528d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
TerminateProcess

msvcr80

memset
atoi
_crt_debugger_hook

Exports

Exports

Decrypt
Encrypt

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/blowfish.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Decrypt
Encrypt

Sections

CODE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/left.bmp
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/regini.ini
@Install_̻.exe
.exe windows:4 windows x86 arch:x86

ed2bd38d75669747b0b3728ca4220079

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
SetFileTime
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
CreateFileA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
RemoveDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
WaitForSingleObject
GetExitCodeProcess
GlobalFree
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
lstrcpyA
DeleteFileA
MulDiv
GlobalAlloc
lstrlenA
ExitProcess

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
DialogBoxParamA
CheckDlgButton
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
GetSysColorBrush
RegisterClassExA
GetWindowLongA
LoadCursorA
SetCursor
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
CharNextA
ExitWindowsEx
CreateDialogParamA
DestroyWindow
SetTimer
GetClassInfoA
SetWindowTextA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
CreateWindowExA
SetWindowLongA
ShowWindow
UpdateWindow
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendDlgItemMessageA

gdi32

SetBkColor
TextOutA
GetStockObject
GetObjectA
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA

comctl32

ImageList_Destroy
ImageList_AddMasked
ord17
_TrackMouseEvent
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AllSkin/ˮ.ssf
.zip
a1.png
.png
a2.png
.png
a3.png
.png
ban1.png
.png
ban2.png
.png
ban3.png
.png
bar.bmp
.png
bar.png
.png
cn1.png
.png
cn2.png
.png
cn3.png
.png
cn_biaodian1.png
.png
cn_biaodian2.png
.png
cn_biaodian3.png
.png
en1.png
.png
en2.png
.png
en3.png
.png
en_biaodian1.png
.png
en_biaodian2.png
.png
en_biaodian3.png
.png
key1.png
.png
key2.png
.png
key3.png
.png
menu1.png
.png
menu2.png
.png
menu3.png
.png
pass1.png
.png
pass2.png
.png
pass3.png
.png
passon1.png
.png
passon2.png
.png
passon3.png
.png
quan1.png
.png
quan2.png
.png
quan3.png
.png
skin.ini
skin1.png
.png
skin1_1.png
.png
skin1_2.png
.png
skin2.png
.png
skin2_1.png
.png
skin2_2.png
.png
AllSkin/־Ը.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu1.png
.png
menu2.bmp
menu2.png
.png
menu3.bmp
menu3.png
.png
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.png
.png
skin1_1.png
.png
skin1_2.png
.png
skin2.png
.png
skin2_1.png
.png
skin2_2.png
.png
AllSkin/ţ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu1.png
.png
menu2.bmp
menu2.png
.png
menu3.bmp
menu3.png
.png
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.png
.png
skin1_1.png
.png
skin1_2.png
.png
skin2.png
.png
skin2_1.png
.png
skin2_2.png
.png
AllSkin/ޱ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu1.png
.png
menu2.png
.png
menu3.png
.png
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.png
.png
skin1_1.png
.png
skin1_2.png
.png
skin2.png
.png
skin2_1.png
.png
skin2_2.png
.png
AllSkin/޻.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu1.png
.png
menu2.png
.png
menu3.png
.png
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.png
.png
skin1_1.png
.png
skin1_2.png
.png
skin2.png
.png
skin2_1.png
.png
skin2_2.png
.png
AllSkin/޾.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu1.png
.png
menu2.png
.png
menu3.png
.png
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.png
.png
skin1_1.png
.png
skin1_2.png
.png
skin2.png
.png
skin2_1.png
.png
skin2_2.png
.png
AllSkin/ӭӭ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu1.png
.png
menu2.png
.png
menu3.png
.png
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.png
.png
skin1_1.png
.png
skin1_2.png
.png
skin2.png
.png
skin2_1.png
.png
skin2_2.png
.png
AllSkin/.ssf
.zip
AllSkin/״̬ĬƤ.ssf
.zip
AllSkin/.ssf
.zip
AllSkin/Ѻ.ssf
.zip
ConfigMover30b2.exe
.exe windows:4 windows x86 arch:x86

23c66f324e0bfa41a56200360ba3ef41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\ConfigMover30b2.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateDirectoryW
GetVersionExW
CompareStringW
CompareStringA
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

shell32

SHFileOperationW
SHGetFolderPathAndSubDirW
SHGetFolderPathW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Correction.ini
ErrorReport.exe
.exe windows:4 windows x86 arch:x86

0583ff613654ddc7571742a04bdd0ad8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\ErrorReport.pdb

Imports

kernel32

OpenMutexW
ReleaseMutex
FindClose
FindFirstFileW
GetTickCount
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
Sleep
HeapSize
GetFullPathNameW
CreateMutexW
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
OpenFileMappingW
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateToolhelp32Snapshot
Process32FirstW
GetModuleHandleW
Process32NextW
GetCurrentProcessId
GetSystemInfo
GetModuleFileNameW
GetVersionExW
GlobalUnlock
GlobalLock
GlobalFree
GetCurrentThreadId
SetLastError
GetLastError
GlobalAlloc
WaitForMultipleObjects
GetCommandLineW
CreateProcessW
MultiByteToWideChar
CreateEventW
CreateThread
LocalFree
FormatMessageW
GetCurrentDirectoryA
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
OpenEventW

imm32

ImmDisableIME

user32

DrawTextW
SetWindowPos
GetCursorPos
GetLastInputInfo
LoadCursorW
SubtractRect
FindWindowW
BeginPaint
PtInRect
CreateWindowExW
GetSystemMetrics
TranslateMessage
GetForegroundWindow
CloseWindow
EndPaint
AdjustWindowRect
DestroyWindow
RegisterClassExW
OffsetRect
GetMonitorInfoW
IntersectRect
DefWindowProcW
SetTimer
InvalidateRect
MonitorFromRect
GetWindowRect
GetWindowLongW
DispatchMessageW
GetMessageW
MonitorFromPoint
PostQuitMessage
SetWindowLongW
EmptyClipboard
OpenClipboard
SetClipboardData
CloseClipboard
MessageBoxW
SetCursor

gdi32

GetStockObject
CreateFontIndirectW
SetTextColor
DeleteDC
SetBkMode
DeleteObject
SelectObject
CreatePen
CreateCompatibleDC
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
Rectangle
SetViewportOrgEx

advapi32

RegQueryValueW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegOpenKeyExW
SetNamedSecurityInfoW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HWSignature.dll
.dll windows:4 windows x86 arch:x86

3805775f1dde052333909932d791dd7f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime35\Bin\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
GetProcessHeap
CopyFileA
DeviceIoControl
CloseHandle
HeapAlloc
HeapFree
GetSystemDirectoryA
lstrcatA
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImeHint.exe
.exe windows:4 windows x86 arch:x86

6ae12826919908a57e2bc0b3e017d0db

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\ImeHint.pdb

Imports

imm32

ImmDisableIME

kernel32

ReleaseMutex
OpenMutexW
WaitForSingleObject
GetProcAddress
WideCharToMultiByte
GetTickCount
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualAlloc
HeapReAlloc
HeapSize
GetFullPathNameW
GetCurrentDirectoryA
ReadFile
SetFilePointer
GetConsoleCP
CreateMutexW
LoadLibraryA
GetLocaleInfoA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSize
RemoveDirectoryW
SetLastError
GlobalFree
GetCommandLineW
CreateEventW
GlobalAlloc
FormatMessageW
WaitForMultipleObjects
CreateProcessW
GetCurrentThreadId
MultiByteToWideChar
CloseHandle
LocalFree
GetLastError
CreateThread
Sleep
OpenEventW
CreateToolhelp32Snapshot
GetVersionExW
GetCurrentProcessId
GetModuleFileNameW
GetSystemInfo
Process32NextW
GetModuleHandleW
Process32FirstW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateFileW
InterlockedCompareExchange
InterlockedIncrement
MoveFileExW
CreateDirectoryW
DeleteFileW
SetFileAttributesW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
GetConsoleMode

user32

DrawTextW
SetWindowPos
GetCursorPos
GetLastInputInfo
LoadCursorW
SubtractRect
FindWindowW
BeginPaint
PtInRect
CreateWindowExW
GetSystemMetrics
TranslateMessage
CloseWindow
GetForegroundWindow
AdjustWindowRect
EndPaint
DestroyWindow
GetMonitorInfoW
SetCursor
OffsetRect
DefWindowProcW
IntersectRect
MonitorFromRect
SetTimer
InvalidateRect
GetWindowRect
GetWindowLongW
DispatchMessageW
GetMessageW
MonitorFromPoint
PostQuitMessage
SetWindowLongW
MessageBoxW
RegisterClassExW

gdi32

CreateCompatibleBitmap
GetStockObject
CreateFontIndirectW
SetTextColor
SetViewportOrgEx
DeleteDC
SetBkMode
DeleteObject
SelectObject
CreatePen
CreateCompatibleDC
BitBlt
CreateSolidBrush
Rectangle

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryValueW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ImeUtil.exe
.exe windows:4 windows x86 arch:x86

5d4620ffc8d2050203813b05cf49505e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\ImeUtil.pdb

Imports

imm32

ImmDisableIME

kernel32

GetProcAddress
LoadLibraryW
SetLastError
CreateEventW
GetCommandLineW
GlobalAlloc
WaitForMultipleObjects
FormatMessageW
GetCurrentThreadId
MultiByteToWideChar
LocalFree
CreateThread
GlobalFree
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
GetVersionExW
GetModuleHandleW
GetSystemInfo
Process32NextW
InterlockedIncrement
InterlockedCompareExchange
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CopyFileW
GetTempFileNameW
MoveFileExW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
OpenMutexW
WaitForSingleObject
CreateMutexW
ReleaseMutex
GetFileSize
SetFilePointer
ReadFile
FlushFileBuffers
GetTickCount
DeleteFileW
GetVersionExA
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
HeapSize
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeLibrary
QueryPerformanceFrequency
HeapAlloc
OpenEventW
Sleep
WriteFile
CreateFileW
SetFileAttributesW
GetLastError
CreateDirectoryW
HeapFree
GetProcessHeap
CreateProcessW
CloseHandle
GetSystemTimeAsFileTime
RemoveDirectoryW

user32

GetWindowRect
DispatchMessageW
GetWindowLongW
SetTimer
InvalidateRect
MonitorFromRect
IntersectRect
SetCursor
DefWindowProcW
OffsetRect
DrawTextW
GetMessageW
LoadCursorW
SubtractRect
FindWindowW
BeginPaint
CreateWindowExW
PtInRect
GetSystemMetrics
CloseWindow
TranslateMessage
GetForegroundWindow
AdjustWindowRect
RegisterClassExW
EndPaint
GetMonitorInfoW
DestroyWindow
MessageBoxW
MonitorFromPoint
SetWindowLongW
PostQuitMessage
SetWindowPos
GetCursorPos
GetKeyboardLayoutList
GetLastInputInfo

advapi32

RegOpenKeyExW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueW
GetSecurityDescriptorSacl

wininet

InternetReadFile
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle

gdi32

CreateFontIndirectW
SetTextColor
GetStockObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
SetViewportOrgEx
DeleteDC
SetBkMode
DeleteObject
CreatePen
SelectObject

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MoHuYin.ini
OlympicNews.exe
.exe windows:4 windows x86 arch:x86

3f0c8581b6ee45900769924ed5f15e45

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\OlympicNews.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetSetOptionW
InternetReadFile

imm32

ImmDisableIME

kernel32

GetDriveTypeA
GetModuleFileNameW
Sleep
GetCurrentThreadId
GetProcessHeap
HeapFree
CreateFileW
SetFileAttributesW
GetCurrentDirectoryW
GetModuleHandleW
Process32FirstW
SetEnvironmentVariableA
CompareStringW
Process32NextW
CreateToolhelp32Snapshot
LoadLibraryW
CloseHandle
HeapAlloc
FreeLibrary
MultiByteToWideChar
GetProcAddress
WriteFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
HeapReAlloc
WriteConsoleA
SetStdHandle
WideCharToMultiByte
LocalFree
CreateThread
CreateProcessW
GetLastError
SetLastError
GlobalFree
CreateEventW
WaitForMultipleObjects
GlobalAlloc
GetCommandLineW
FormatMessageW
OpenEventW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
SetFilePointer
ReadFile
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
ResumeThread
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetVersionExA
GetStartupInfoW
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetFullPathNameW
GetCurrentDirectoryA
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
CompareStringA

user32

LoadBitmapW
MessageBoxW
CreateDialogParamW
DestroyWindow
GetParent
FillRect
PostMessageW
SubtractRect
DefWindowProcW
GetMonitorInfoW
MonitorFromPoint
FindWindowW
IntersectRect
CallWindowProcW
TrackMouseEvent
BeginPaint
GetDC
EndPaint
ReleaseDC
DrawTextW
GetDlgItem
SetWindowLongW
OffsetRect
EndDialog
SetWindowRgn
SendMessageW
GetSubMenu
PostQuitMessage
TrackPopupMenu
SetWindowPos
SystemParametersInfoW
DestroyMenu
SetClassLongW
GetWindowRect
InvalidateRect
DialogBoxParamW
GetCursorPos
LoadMenuW
SetWindowTextW
GetWindowLongW
GetWindowThreadProcessId
GetForegroundWindow
ReleaseCapture
ShowWindow
LoadCursorW
GetSystemMetrics
SetTimer
PostThreadMessageW
PeekMessageW
GetMessageW
DispatchMessageW
TranslateMessage

gdi32

CreateCompatibleBitmap
GetObjectW
SetTextColor
SelectObject
CreateCompatibleDC
CreateRoundRectRgn
SetBkMode
DeleteObject
DeleteDC
CreateFontIndirectW
CreateDIBSection
CreateSolidBrush
GetStockObject
StretchBlt
BitBlt

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

advapi32

GetSecurityInfo
RegOpenKeyExW
SetNamedSecurityInfoW
RegQueryValueW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PinyinUp.exe
.exe windows:4 windows x86 arch:x86

c0b95f126b959c28ee5403dc32b28563

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\PinyinUp.pdb

Imports

wininet

InternetGetLastResponseInfoW
InternetSetCookieW
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle

shlwapi

StrToIntW
StrCmpIW

imm32

ImmDisableIME

ws2_32

gethostbyname

kernel32

GetPrivateProfileStringW
FindNextFileW
MultiByteToWideChar
GetCurrentProcess
FindFirstFileW
SetThreadPriority
FormatMessageW
LocalFree
QueryPerformanceCounter
GetLongPathNameW
CreateProcessW
GetTempPathW
GetVersionExW
GetModuleHandleW
HeapFree
GetProcessHeap
Sleep
HeapAlloc
GetProcAddress
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
CreateFileA
EnterCriticalSection
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
InitializeCriticalSection
WaitForSingleObject
QueryPerformanceFrequency
LeaveCriticalSection
ResumeThread
GetExitCodeThread
CloseHandle
CreateDirectoryW
SuspendThread
FindClose
GetLocalTime
GetLastError
DeleteCriticalSection
GetCurrentDirectoryA
GetFullPathNameW
GetCommandLineA
RemoveDirectoryW
LoadLibraryW
CreateFileW
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
WriteFile
ReadFile
MoveFileExW
GetCurrentThreadId
CopyFileW
DeleteFileW
SetFileAttributesW
WaitForMultipleObjects
CreateThread
GlobalAlloc
GetCommandLineW
GlobalFree
CreateEventW
GetModuleFileNameW
Process32FirstW
GetCurrentProcessId
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
WideCharToMultiByte
CreateMutexW
ReleaseMutex
OpenMutexW
InterlockedIncrement
InterlockedCompareExchange
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LCMapStringW
GetTickCount
GetSystemTimeAsFileTime
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetStartupInfoW
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
RaiseException
GetTimeZoneInformation
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

EnableMenuItem
SendMessageW
DispatchMessageW
TranslateMessage
MessageBoxW
DefWindowProcW
SetCursor
GetSystemMenu
LoadCursorW
RegisterClassW
GetDlgItem
GetSystemMetrics
PostQuitMessage
ShowWindow
GetWindowTextW
CreateWindowExW
SetWindowTextW
ExitWindowsEx
LoadIconW
SetWindowPos
GetWindowLongW
GetMessageW

gdi32

CreateFontIndirectW

advapi32

RegQueryValueExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetTokenInformation
GetSecurityInfo
SetNamedSecurityInfoW
EqualSid
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHFileOperationW
Shell_NotifyIconW
SHGetSpecialFolderPathW

hwsignature

GenHWID

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugin/SgImeWord.dll
.dll windows:4 windows x86 arch:x86

0ffa36faefb0707d5d617bb0165da0ce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
lstrlenA
lstrcpynW
DebugBreak
OutputDebugStringW
MulDiv
GlobalUnlock
Sleep
GlobalLock
GlobalAlloc
WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadResource
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
TlsFree
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
EnterCriticalSection
InterlockedIncrement
FreeLibrary
DeleteCriticalSection
GetFileAttributesW
LeaveCriticalSection
LoadLibraryExW
FindResourceW
GetCurrentThreadId
SetLastError
GetVersion
lstrlenW
GetModuleHandleA
GetLastError
lstrcmpiW
MultiByteToWideChar
InitializeCriticalSection
RaiseException
InterlockedDecrement
SizeofResource
LoadLibraryW
LoadLibraryA
OutputDebugStringA
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapCreate
HeapDestroy
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
GetCommandLineA

user32

CharNextW
IsWindow
ShowWindow
GetClassLongW
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
keybd_event
EmptyClipboard
GetClipboardData
DrawTextW
PtInRect
ScreenToClient
GetCursorPos
SetCursor
LoadCursorW
LoadStringW
wvsprintfW
GetSystemMetrics
GetWindow
PostMessageW
GetClientRect
DestroyWindow
SetFocus
ReleaseDC
GetDC
GetParent
SendMessageW
GetDlgItem
GetWindowLongW
DestroyIcon
LoadImageW
MapWindowPoints
SetWindowTextW
GetWindowTextW
CallWindowProcW
DefWindowProcW
SystemParametersInfoW
GetKeyState
GetWindowRect
InvalidateRect
CreateDialogParamW
SetWindowLongW
SetWindowPos
UnregisterClassA

gdi32

SetBkMode
SetTextColor
CreateCompatibleDC
DeleteObject
LineTo
CreateFontIndirectW
GetDeviceCaps
ExtTextOutW
SelectObject
MoveToEx
DPtoLP
CreateCompatibleBitmap
CreatePen
DeleteDC
BitBlt
SetBkColor

advapi32

RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr

msimg32

TransparentBlt

Exports

Exports

fnCreateMain
fnCreateSimple
fnDestroyMain
fnDestroySimple
fnGetMainWindowPos
fnGetSimpleWindowPos
fnPutWords
fnPutWordsSimple
fnSetCloseMainCb
fnSetMainIMEWnd
fnSetMainPutInWnd
fnSetSimpleIMEWnd
fnSetSimplePutInWnd
fnSetWindowPos
fnSetWindowWords
fnShowMain
fnShowSimple

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/SgImeWord64.dll
.dll windows:4 windows x64 arch:x64

8bb59566f7d43e0e385b652144cb7310

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
lstrlenA
MulDiv
DebugBreak
OutputDebugStringW
GlobalUnlock
Sleep
GlobalLock
GlobalAlloc
WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
RtlPcToFileHeader
ExitProcess
HeapSize
FlsAlloc
FlushInstructionCache
lstrcmpiW
LoadLibraryA
FreeLibrary
FindResourceW
InitializeCriticalSection
LoadLibraryExW
EnterCriticalSection
GetFileAttributesW
LeaveCriticalSection
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
LoadResource
GetProcAddress
lstrlenW
LoadLibraryW
DeleteCriticalSection
SetLastError
MultiByteToWideChar
SizeofResource
GetLastError
GetVersion
RaiseException
GetModuleHandleA
TlsSetValue
FlsFree
TlsFree
FlsGetValue
HeapDestroy
HeapCreate
HeapSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapReAlloc
FlsSetValue
GetCommandLineA
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind

user32

CharNextW
GetClassLongW
ShowWindow
SetWindowPos
SetClassLongW
SetClipboardData
CloseClipboard
EmptyClipboard
GetClipboardData
keybd_event
OpenClipboard
SetCursor
ScreenToClient
PtInRect
LoadCursorW
GetCursorPos
DrawTextW
LoadStringW
SystemParametersInfoW
GetSystemMetrics
PostMessageW
GetParent
GetWindowLongPtrW
SendMessageW
GetClientRect
DestroyIcon
SetWindowTextW
SetFocus
LoadImageW
GetDC
MapWindowPoints
GetDlgItem
CallWindowProcW
DefWindowProcW
ReleaseDC
GetWindowLongW
wvsprintfW
GetKeyState
GetWindow
SetWindowLongW
DestroyWindow
GetWindowTextW
IsWindow
GetWindowRect
SetWindowLongPtrW
CreateDialogParamW
InvalidateRect
UnregisterClassA

gdi32

SetBkMode
CreateCompatibleBitmap
LineTo
SetBkColor
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
DeleteObject
BitBlt
SelectObject
ExtTextOutW
CreatePen
DeleteDC
DPtoLP
MoveToEx
SetTextColor

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

msimg32

TransparentBlt

Exports

Exports

fnCreateMain
fnCreateSimple
fnDestroyMain
fnDestroySimple
fnGetMainWindowPos
fnGetSimpleWindowPos
fnPutWords
fnPutWordsSimple
fnSetCloseMainCb
fnSetMainIMEWnd
fnSetMainPutInWnd
fnSetSimpleIMEWnd
fnSetSimplePutInWnd
fnSetWindowPos
fnSetWindowWords
fnShowMain
fnShowSimple

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Punctures.ini
Resource.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScdMaker.exe
.exe windows:4 windows x86 arch:x86

cce390402c732015bc56a420edfa7059

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\ScdMaker.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateProcessW
CreateEventW
FindFirstFileW
FindClose
FindNextFileW
SetFileAttributesW
MoveFileExW
CreateDirectoryW
GetModuleHandleW
GetModuleFileNameW
Process32FirstW
GetCurrentProcessId
GetSystemInfo
Process32NextW
GetVersionExW
CreateToolhelp32Snapshot
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedCompareExchange
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
WideCharToMultiByte
LCMapStringW
GetTickCount
Sleep
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
HeapReAlloc
RaiseException
GlobalFree
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LoadLibraryA
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetLastError
GetCommandLineW
FormatMessageW
CreateThread
LocalFree
CloseHandle
GlobalAlloc
GetCurrentThreadId
WaitForMultipleObjects
MultiByteToWideChar
DeleteFileW
GetLastError
CopyFileW
RemoveDirectoryW
GetTimeZoneInformation

user32

MessageBoxW

advapi32

GetSecurityInfo
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ScdReg.exe
.exe windows:4 windows x86 arch:x86

040a6629e8ca301f217f3896ef45dad0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\ScdReg.pdb

Imports

imm32

ImmDisableIME

kernel32

Process32NextW
GetModuleFileNameW
Sleep
GetLastError
SetLastError
CreateEventW
OpenEventW
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateFileW
CreateFileMappingW
CopyFileW
SetFileAttributesW
CreateProcessW
MoveFileExW
CreateDirectoryW
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
CreateThread
FormatMessageW
GlobalFree
WaitForMultipleObjects
InterlockedIncrement
InterlockedCompareExchange
ReadFile
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
WaitForSingleObject
ReleaseMutex
CreateMutexW
OpenMutexW
LCMapStringW
GetTickCount
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
RtlUnwind
RaiseException
GetSystemInfo
GetTimeZoneInformation
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcessId
GetVersionExW
GetModuleHandleW
CloseHandle
GetCommandLineW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
FindNextFileW
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
RemoveDirectoryW
GetSystemTimeAsFileTime

user32

MessageBoxW

advapi32

GetSecurityInfo
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ScdViewer.exe
.exe windows:4 windows x86 arch:x86

1f282aebba855f7ad08e3d5be7b4db5c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\ScdViewer.pdb

Imports

user32

SendMessageW
SetWindowPos
GetWindowRect
GetSystemMetrics
EndDialog
GetDlgItem
DialogBoxParamW
MessageBoxW

gdi32

GetStockObject

imm32

ImmDisableIME

kernel32

CreateProcessW
CloseHandle
MultiByteToWideChar
SetLastError
GlobalFree
GetCommandLineW
FormatMessageW
LocalFree
WaitForSingleObject
ReleaseMutex
OpenMutexW
CreateMutexW
FindFirstFileW
FindClose
UnmapViewOfFile
CreateFileW
GetCurrentProcessId
GetModuleFileNameW
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RaiseException
RtlUnwind
GetCPInfo
GetStringTypeA
GetCurrentThreadId
ReadFile
LCMapStringW
GetTimeZoneInformation
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
GetLastError
GetStringTypeW
GetFileSize
LCMapStringA

advapi32

GetSecurityDescriptorSacl
SetSecurityInfo
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ShuangPinSchemes/ABC.ini
ShuangPinSchemes/MS2003.ini
ShuangPinSchemes/PinyinJiaJia.ini
ShuangPinSchemes/Sogou.ini
ShuangPinSchemes/ZiGuang.ini
ShuangPinSchemes/ZiRanMa.ini
Skin.dat
SkinEditor.exe
.exe windows:4 windows x86 arch:x86

ad32eacbae6b866bb8cd8eb14db23746

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
InitializeCriticalSection
CreateFileA
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetLastError
GetLastError
CopyFileW
DeleteFileW
GetTempPathW
GetLongPathNameW
CreateFileW
CloseHandle
RemoveDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindClose
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
DeleteCriticalSection
IsValidCodePage
GetOEMCP
GetStringTypeW
LoadLibraryW
GetACP
GetCPInfo
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GetCommandLineW
FormatMessageW
GetCurrentThreadId
CreateProcessW
LocalFree
GlobalFree
MoveFileExW
SetFileAttributesW
GetTempFileNameW
InterlockedIncrement
InterlockedCompareExchange
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
Process32FirstW
GetCurrentProcessId
GetVersionExW
GetSystemInfo
Process32NextW
GetModuleHandleW
CreateToolhelp32Snapshot
FlushFileBuffers
GetFileSize
TlsFree
WriteFile
ReadFile
FindNextFileW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
GetProcAddress
SetFilePointer
FreeLibrary
GetTickCount
GlobalReAlloc
GlobalUnlock
GlobalLock
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue

user32

DestroyAcceleratorTable
GetSystemMetrics
DestroyMenu
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
SetCursor
SetCapture
SetTimer
KillTimer
PostMessageW
ReleaseCapture
GetCursorPos
DrawIconEx
GetClassLongW
CheckDlgButton
GetWindowTextLengthW
EnableWindow
EndDialog
DialogBoxParamW
CreateDialogParamW
DefWindowProcW
RegisterClassW
SetFocus
ScreenToClient
CreateWindowExW
GetSysColor
GetWindowTextW
FillRect
GetScrollInfo
ScrollWindow
GetWindowLongW
SetWindowLongW
SetScrollInfo
BeginPaint
EndPaint
IsDlgButtonChecked
GetSysColorBrush
OffsetRect
SetWindowPos
GetWindowRect
DrawTextW
GetDesktopWindow
SetCursorPos
SetRect
PtInRect
UpdateLayeredWindow
GetCursor
IntersectRect
SubtractRect
MonitorFromPoint
GetMonitorInfoW
RedrawWindow
SetWindowRgn
TrackMouseEvent
CallWindowProcW
InflateRect
InvalidateRect
GetDC
ReleaseDC
GetDlgCtrlID
MoveWindow
GetDlgItem
DestroyWindow
PostQuitMessage
MessageBoxW
SetWindowTextW
GetClientRect
GetMenu
EnableMenuItem
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
LoadMenuW
SetWindowPlacement
SetMenu
LoadAcceleratorsW
SendMessageW
UpdateWindow
GetMessageW
GetParent
GetClassNameW
TranslateAcceleratorW
IsDialogMessageW
GetWindowPlacement

gdi32

CombineRgn
GetPixel
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
SetViewportOrgEx
CreatePen
CreateFontIndirectW
CreateSolidBrush
SelectObject
Rectangle
SetTextColor
SetBkMode
GetTextExtentPointW
OffsetRgn
GetStockObject
ExtCreateRegion
GetObjectW
MoveToEx
LineTo
TextOutW
CreateDIBSection
SetBkColor
SelectClipRgn
DeleteObject
EnumFontFamiliesExW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseColorW
GetFileTitleW

shell32

SHGetSpecialFolderPathW
DragAcceptFiles
DragFinish
SHFileOperationW
DragQueryFileW

ziplib

UnZip
ZipFolder

imm32

ImmDisableIME

msimg32

GradientFill
TransparentBlt
AlphaBlend

advapi32

BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

Sections

.text
Size: 548KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SkinReg.exe
.exe windows:4 windows x86 arch:x86

c0e2b8b790cc9e6350c88aa79fa57496

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\SkinReg.pdb

Imports

user32

DrawTextW
GetMessageW
MonitorFromPoint
PostQuitMessage
SetWindowLongW
SetForegroundWindow
SetWindowPos
GetCursorPos
GetLastInputInfo
LoadCursorW
SubtractRect
FindWindowW
BeginPaint
PtInRect
CreateWindowExW
GetSystemMetrics
CloseWindow
GetForegroundWindow
AdjustWindowRect
EndPaint
DestroyWindow
RegisterClassExW
SetCursor
GetMonitorInfoW
OffsetRect
DefWindowProcW
IntersectRect
MonitorFromRect
SetTimer
InvalidateRect
GetWindowRect
GetWindowLongW
DispatchMessageW
TranslateMessage
MessageBoxW

imm32

ImmDisableIME

kernel32

OpenMutexW
WaitForSingleObject
CreateMutexW
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GetTickCount
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
InterlockedIncrement
TlsFree
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
Sleep
HeapSize
ReleaseMutex
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindClose
FindFirstFileW
FindNextFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileW
WaitForMultipleObjects
GlobalAlloc
CreateEventW
GlobalFree
SetLastError
CreateThread
LocalFree
MultiByteToWideChar
FormatMessageW
GetCommandLineW
GetVersionExW
CreateToolhelp32Snapshot
GetModuleHandleW
Process32FirstW
GetModuleFileNameW
Process32NextW
GetCurrentProcessId
GetSystemInfo
CloseHandle
GetCurrentThreadId
CopyFileW
GetTempFileNameW
CreateDirectoryW
GetLastError
SetFileAttributesW
MoveFileExW
DeleteFileW
CreateProcessW
RemoveDirectoryW
GetFileSize
ReadFile
InterlockedCompareExchange
TlsSetValue

gdi32

GetStockObject
CreateFontIndirectW
SetTextColor
CreateCompatibleBitmap
Rectangle
SetViewportOrgEx
DeleteDC
SetBkMode
DeleteObject
SelectObject
CreatePen
CreateCompatibleDC
CreateSolidBrush
BitBlt

advapi32

RegQueryValueW
RegOpenKeyExW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SogouPy.ime
.dll windows:4 windows x86 arch:x86

2858c21e1ea16ceebd97810596e56007

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime35\Bin\SogouInput\SogouPy.pdb

Imports

shlwapi

StrStrIW

imm32

ImmGenerateMessage
ImmCreateIMCC
ImmReSizeIMCC
ImmGetIMCCSize
ImmShowSoftKeyboard
ImmCreateSoftKeyboard
ImmDisableIME
ImmLockIMC
ImmLockIMCC
ImmUnlockIMCC
ImmUnlockIMC
ImmDestroySoftKeyboard

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
EnterCriticalSection
GetModuleHandleW
CreateFileA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
ResumeThread
InterlockedIncrement
QueryPerformanceFrequency
WideCharToMultiByte
GetSystemDirectoryW
LCMapStringW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
InterlockedCompareExchange
GlobalUnlock
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringA
WriteConsoleA
OpenEventW
InitializeCriticalSection
LoadLibraryA
GetLastError
GetVersionExW
Sleep
GetCurrentProcess
CloseHandle
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
LoadLibraryW
CreateDirectoryW
FreeLibrary
DeleteFileW
DeleteCriticalSection
TlsAlloc
TlsFree
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateProcessW
MoveFileExW
SetFileAttributesW
CopyFileW
GetTempFileNameW
Process32FirstW
GetCommandLineW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
LocalFree
CreateThread
FormatMessageW
MultiByteToWideChar
SetLastError
CreateEventW
WaitForMultipleObjects
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WriteFile
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GetFileSize
SetFilePointer
ReadFile
FlushFileBuffers
GetTickCount
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
OpenProcess
TerminateProcess
CompareStringW
GlobalReAlloc
HeapFree
HeapReAlloc
HeapAlloc
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetVersionExA
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
GetTimeZoneInformation
RaiseException
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

GetCursor
RegisterClassExW
DefWindowProcW
GetWindowLongW
LoadCursorW
SetCursor
SetTimer
UnregisterClassW
SetCaretPos
OpenClipboard
SetClipboardData
GetCaretPos
ClientToScreen
EmptyClipboard
ReleaseDC
CloseClipboard
GetDC
SystemParametersInfoW
GetCursorPos
GetForegroundWindow
PtInRect
GetMonitorInfoW
GetWindowRect
MonitorFromPoint
GetSystemMetrics
SetWindowPos
MoveWindow
UpdateLayeredWindow
IntersectRect
SetRect
KillTimer
ShowWindow
SubtractRect
SetCapture
DestroyWindow
EndPaint
RedrawWindow
FillRect
BeginPaint
ReleaseCapture
CreateWindowExW
FindWindowW
InvalidateRect
SetWindowRgn
DrawTextW
InflateRect
CreateDialogParamW
DialogBoxParamW
OffsetRect
AppendMenuW
SetCursorPos
GetDesktopWindow
SendMessageW
MessageBoxW
MapVirtualKeyW
SetWindowLongW
SetWindowTextW
EndDialog
GetDlgItem
LoadIconW
PostMessageW
GetFocus
GetClassNameW
GetParent
keybd_event
GetMenuInfo
GetMenuItemCount
IsWindow
GetKeyState
GetSubMenu
TrackPopupMenuEx
CheckMenuItem
DestroyMenu
LoadMenuW
EnableMenuItem
SetMenuItemInfoW
GetMenuItemInfoW

advapi32

GetTokenInformation
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
BuildExplicitAccessWithNameW
LookupAccountSidW
OpenProcessToken
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueW

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

oleaut32

SysAllocString

msimg32

TransparentBlt
GradientFill
AlphaBlend

comctl32

InitCommonControlsEx

gdi32

CreateFontIndirectW
DeleteObject
GetTextExtentPointW
CreateCompatibleDC
LineTo
MoveToEx
DeleteDC
GetPixel
SelectObject
TextOutW
CreateDIBSection
SetBkColor
SetBkMode
SelectClipRgn
GetObjectW
CreatePen
Rectangle
SetTextColor
CreateCompatibleBitmap
CreateSolidBrush
BitBlt
StretchBlt
ExtCreateRegion
OffsetRgn
CombineRgn

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 804KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SogouTSF.dll
.dll regsvr32 windows:4 windows x86 arch:x86

eeaf1cf892d8e72dc6f6ddfd02e103df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime35\Bin\SogouInput\SogouTSF.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW

ole32

CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeedMeter.exe
.exe windows:4 windows x86 arch:x86

28548278f4befd17c3d615b8db13a79a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\SpeedMeter.pdb

Imports

kernel32

SetEnvironmentVariableA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
RemoveDirectoryW
CreateDirectoryW
GetLastError
GetProcAddress
DeleteFileW
GetSystemInfo
Process32NextW
GetVersionExW
GetModuleHandleW
CreateToolhelp32Snapshot
GetModuleFileNameW
Process32FirstW
CloseHandle
GetCommandLineW
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateFileW
OpenFileMappingW
LocalFree
CreateThread
MultiByteToWideChar
SetLastError
CreateProcessW
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
FormatMessageW
InterlockedIncrement
InterlockedCompareExchange
SetFileAttributesW
CopyFileW
MoveFileExW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
WaitForSingleObject
ReleaseMutex
CreateMutexW
OpenMutexW
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
LCMapStringW
Sleep
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
GetTickCount

user32

GetWindowLongW
DestroyWindow
OpenClipboard
SetClipboardData
EmptyClipboard
MessageBoxW
DialogBoxParamW
GetDlgItem
SetWindowTextW
GetWindowTextLengthW
EndDialog
GetWindowTextW
SendMessageW
CloseClipboard
LoadIconW
FindWindowW
ShowWindow
SetWindowLongW
CreateDialogParamW
SetTimer
SetForegroundWindow
IsIconic

imm32

ImmDisableIME

comctl32

InitCommonControlsEx

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo

shell32

SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UserPage.exe
.exe windows:4 windows x86 arch:x86

09a229198a4017973d4becdf3f82cf6e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\UserPage.pdb

Imports

imm32

ImmGetContext
ImmSetConversionStatus
ImmDisableIME

kernel32

CloseHandle
CreateEventW
TlsAlloc
CreateThread
TlsGetValue
TlsSetValue
MultiByteToWideChar
GetModuleFileNameW
GetCurrentThreadId
GetModuleHandleW
SetEnvironmentVariableA
GetLastError
CompareStringA
CreateFileA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
CreateDirectoryW
WideCharToMultiByte
GlobalFree
CreateProcessW
WaitForMultipleObjects
LocalFree
GlobalAlloc
FormatMessageW
GetCommandLineW
SetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
ReleaseMutex
CreateMutexW
OpenMutexW
CopyFileW
MoveFileExW
SetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
InterlockedIncrement
InterlockedCompareExchange
GetVersionExW
GetCurrentProcessId
Process32FirstW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateFileW
Sleep
OpenEventW
RemoveDirectoryW
ReadFile
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
LCMapStringW
GetTickCount
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
ExitThread
ResumeThread
GetSystemTimeAsFileTime
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
HeapSize
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode

user32

GetDlgCtrlID
GetClassNameW
SetCapture
GetCursorPos
MoveWindow
ReleaseCapture
OffsetRect
GetWindowLongW
SendMessageW
GetWindowRect
CreateDialogParamW
CheckDlgButton
DialogBoxParamW
DestroyWindow
GetParent
DefWindowProcW
SetClassLongW
GetCursor
InvalidateRect
CreateWindowExW
SetWindowRgn
SetRect
UpdateLayeredWindow
KillTimer
SubtractRect
RegisterClassExW
GetMonitorInfoW
EndPaint
FillRect
PtInRect
MonitorFromPoint
BeginPaint
GetSystemMetrics
InflateRect
CallWindowProcW
TrackMouseEvent
SetWindowLongW
SetCursorPos
RedrawWindow
ShowWindow
ActivateKeyboardLayout
LoadBitmapW
GetKeyboardLayoutList
GetDlgItemTextW
IsIconic
SetForegroundWindow
SetCursor
LoadCursorW
IsWindowEnabled
EnableWindow
SetTimer
DrawTextW
EndDialog
IntersectRect
IsDlgButtonChecked
SetWindowPos
MessageBoxW
ReleaseDC
FindWindowW
SetFocus
GetDC
PostMessageW
SetDlgItemTextW
GetWindowTextW
GetDlgItem
SetWindowTextW

gdi32

CreateSolidBrush
SetBkMode
GetStockObject
CreateCompatibleDC
DeleteDC
SetTextColor
GetDeviceCaps
GetTextExtentPoint32W
GetObjectW
DeleteObject
CreateFontIndirectW
SelectObject
CombineRgn
OffsetRgn
TextOutW
CreateDIBSection
SetBkColor
SelectClipRgn
StretchBlt
Rectangle
GetTextExtentPointW
CreatePen
CreateCompatibleBitmap
GetPixel
MoveToEx
LineTo
BitBlt

wininet

InternetCloseHandle
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetReadFile
InternetConnectW
HttpEndRequestW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend
GradientFill

advapi32

GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueW
RegOpenKeyExW
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 666KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UsrDictUtil.exe
.exe windows:4 windows x86 arch:x86

5076509a28058bf045e60fbcf7bcdb2f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\UsrDictUtil.pdb

Imports

imm32

ImmDisableIME

user32

MessageBoxW

kernel32

InterlockedCompareExchange
GetVersionExW
GetModuleHandleW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
GetModuleFileNameW
Process32FirstW
GetCurrentProcessId
Sleep
OpenEventW
FindClose
FindNextFileW
FindFirstFileW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
MoveFileExW
CreateDirectoryW
DeleteFileW
SetFileAttributesW
CopyFileW
WriteFile
ReadFile
FlushFileBuffers
GetFileSize
SetFilePointer
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
WideCharToMultiByte
LCMapStringW
GetTickCount
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
InterlockedIncrement
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateEventW
GlobalFree
SetLastError
GetLastError
CreateProcessW
CreateThread
LocalFree
MultiByteToWideChar
CloseHandle
FormatMessageW
GetCurrentThreadId
GetCommandLineW
WaitForMultipleObjects
GlobalAlloc
RemoveDirectoryW
GetTimeZoneInformation

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
GetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Wizard.exe
.exe windows:4 windows x86 arch:x86

2daedbbfd5ce02caf31e61fca4af134d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\Wizard.pdb

Imports

kernel32

DeleteFileW
FreeLibrary
CreateDirectoryW
GetLastError
LocalFree
CreateThread
SetLastError
GlobalFree
CreateEventW
GetCommandLineW
GlobalAlloc
WaitForMultipleObjects
FormatMessageW
GetCurrentThreadId
CreateProcessW
CloseHandle
MultiByteToWideChar
SetFileAttributesW
CopyFileW
GetTempFileNameW
MoveFileExW
LoadLibraryW
InterlockedCompareExchange
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
GetVersionExW
Process32FirstW
GetCurrentProcessId
GetModuleFileNameW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateFileW
WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
ReadFile
InterlockedIncrement
GetFileSize
SetFilePointer
WriteFile
GlobalUnlock
GlobalLock
GlobalReAlloc
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
Sleep
HeapSize
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
RemoveDirectoryW
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetModuleHandleW

user32

TrackMouseEvent
SetRect
SetScrollInfo
GetScrollInfo
CreateWindowExW
SetWindowRgn
GetDesktopWindow
DialogBoxParamW
SetWindowLongW
CheckDlgButton
CreateDialogParamW
DestroyWindow
GetWindowLongW
DrawTextW
DefWindowProcW
GetParent
SetForegroundWindow
IsIconic
InvalidateRect
OffsetRect
GetUpdateRect
GetDC
BeginPaint
EndPaint
ReleaseDC
InflateRect
GetSysColorBrush
FillRect
SetTimer
EndDialog
PostMessageW
SetWindowTextW
ScreenToClient
GetFocus
CallWindowProcW
FindWindowW
LoadCursorW
GetWindowRect
LoadIconW
ShowWindow
KillTimer
GetCursorPos
PtInRect
SetWindowPos
GetMonitorInfoW
SetCapture
RedrawWindow
MonitorFromPoint
SubtractRect
UpdateLayeredWindow
GetSystemMetrics
SetCursor
IntersectRect
ReleaseCapture
GetCursor
SetCursorPos
LoadBitmapW
MessageBoxW
GetClientRect
MoveWindow
EnableWindow
GetDlgCtrlID
IsDlgButtonChecked
GetDlgItem
SendMessageW
SetClassLongW

gdi32

GetStockObject
GetPixel
OffsetRgn
GetTextExtentPointW
SetTextColor
ExtCreateRegion
CombineRgn
CreateRectRgn
GetClipRgn
MoveToEx
SelectClipRgn
GetObjectW
CreateFontIndirectW
CreateCompatibleDC
SelectObject
DeleteObject
CreateSolidBrush
GetTextExtentPoint32W
BitBlt
Rectangle
CreateCompatibleBitmap
CreatePen
DeleteDC
CreateDIBSection
SetBkMode
StretchBlt
TextOutW
SetBkColor
LineTo

imm32

ImmDisableIME

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
GradientFill
AlphaBlend

advapi32

RegOpenKeyExW
SetNamedSecurityInfoW
RegQueryValueW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZipLib.dll
.dll windows:4 windows x86 arch:x86

d3401ea49ff3ec9ca010de149161a375

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
HeapFree
WaitForSingleObject
GetProcessHeap
GetDriveTypeA
InitializeCriticalSection
GetVolumeInformationA
LeaveCriticalSection
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
GetFileTime
FileTimeToLocalFileTime
GetVersion
GetFullPathNameA
FindNextFileA
GlobalLock
HeapAlloc
GlobalUnlock
GlobalFree
lstrcmpiA
lstrlenA
DosDateTimeToFileTime
SetVolumeLabelA
SetFilePointer
GetLocaleInfoA
SetEndOfFile
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetLocalTime
LocalFileTimeToFileTime
lstrcpyA
CreateDirectoryA
RemoveDirectoryA
SetEnvironmentVariableA
lstrcpynA
CreateFileA
CloseHandle
ReleaseMutex
CreateMutexA
EnterCriticalSection
InterlockedExchange
GetTempPathA
GetLastError
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
DeleteFileA
MultiByteToWideChar
MoveFileExW
RemoveDirectoryW
CopyFileW
FindNextFileW
FindClose
FindFirstFileW
GlobalAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InterlockedDecrement
GetCPInfo
MoveFileA
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwind
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoA
Sleep
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

IsValidAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueA
GetSecurityDescriptorSacl
GetSecurityDescriptorControl

Exports

Exports

UnZip
UnZipEx
ZipFolder
ZipFolderEx

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZipLib64.dll
.dll windows:4 windows x64 arch:x64

1daed53ff254ef3ef5b16c3f230a2ef4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetProcessHeap
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
GetFileTime
FileTimeToLocalFileTime
GetVersion
FindNextFileA
GlobalUnlock
GlobalFree
ReleaseMutex
GlobalAlloc
lstrcmpiA
lstrlenA
SetFileAttributesA
GetLocalTime
DosDateTimeToFileTime
SetVolumeLabelA
LocalFileTimeToFileTime
SetFilePointer
GetLocaleInfoA
SetEndOfFile
SystemTimeToFileTime
SetFileTime
lstrcpyA
CreateDirectoryA
RemoveDirectoryA
SetEnvironmentVariableA
CreateFileA
CreateMutexA
EnterCriticalSection
LeaveCriticalSection
GetVolumeInformationA
InitializeCriticalSection
GetDriveTypeA
MoveFileExW
GetLastError
WideCharToMultiByte
GetTempPathW
CreateDirectoryW
DeleteFileA
MultiByteToWideChar
RemoveDirectoryW
GetTempPathA
CopyFileW
FindFirstFileW
FindNextFileW
GlobalLock
FindClose
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
GetCPInfo
MoveFileA
SetStdHandle
HeapReAlloc
GetFileInformationByHandle
PeekNamedPipe
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapSetInformation
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
RtlPcToFileHeader
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
Sleep
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidAcl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueA
GetSecurityDescriptorSacl
GetSecurityDescriptorControl

Exports

Exports

UnZip
UnZipEx
ZipFolder
ZipFolderEx

Sections

.text
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.exe
.exe windows:4 windows x86 arch:x86

5ef0852f61deac2cc9b9783f3fec8ec4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime35\Bin\SogouInput\config.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
OpenEventW
WaitForSingleObject
GetLastError
CreateProcessW
GetTickCount
GetExitCodeProcess
FindFirstFileW
CloseHandle
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
GetStartupInfoA
GetFileType
SetHandleCount
GetLocalTime
SetStdHandle
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileW
CreateDirectoryW
GetProcAddress
FreeLibrary
LoadLibraryW
InterlockedIncrement
InterlockedCompareExchange
GetCurrentThreadId
LocalFree
GlobalAlloc
CreateThread
FormatMessageW
MultiByteToWideChar
SetLastError
GetCommandLineW
GlobalFree
CreateEventW
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
OpenMutexW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
MoveFileExW
SetFileAttributesW
GetModuleFileNameW
GetModuleHandleW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
GetVersionExW
Process32FirstW
GetCurrentProcessId
FindClose
RemoveDirectoryW
FindNextFileW
WideCharToMultiByte
ReadFile
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
LCMapStringW
Sleep
GetCurrentProcess
OpenProcess
TerminateProcess
GlobalLock
GlobalReAlloc
GlobalUnlock
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
GetTimeZoneInformation
RaiseException
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount

user32

GetClientRect
SetWindowPos
OffsetRect
CreateWindowExW
ClientToScreen
GetDC
GetWindowTextLengthW
IsWindowEnabled
GetDlgCtrlID
GetSysColorBrush
ScreenToClient
InvalidateRect
wsprintfW
CheckRadioButton
SetWindowLongW
PostMessageW
CheckDlgButton
ReleaseDC
EnableWindow
GetParent
DestroyWindow
PtInRect
SetCursorPos
SetRect
MonitorFromPoint
ReleaseCapture
SubtractRect
GetCursor
IntersectRect
LoadCursorW
SetWindowRgn
GetCursorPos
IsDlgButtonChecked
DefWindowProcW
GetMonitorInfoW
SetCursor
RedrawWindow
SetCapture
InflateRect
GetDesktopWindow
GetWindowDC
GetWindowTextW
KillTimer
SetTimer
SetWindowTextW
FillRect
DrawTextW
EndPaint
BeginPaint
FindWindowW
IsIconic
DialogBoxParamW
SetForegroundWindow
GetWindowLongW
GetWindowRect
LoadIconW
SetFocus
EndDialog
MessageBoxW
CreateDialogParamW
SendMessageW
GetSystemMetrics
GetDlgItem
MoveWindow
ShowWindow
UpdateLayeredWindow

gdi32

StretchBlt
SetBkMode
GetTextExtentPoint32W
SetViewportOrgEx
CreateRectRgn
EnumFontFamiliesExW
SelectClipRgn
GetDeviceCaps
ExtCreateRegion
OffsetRgn
CombineRgn
CreateDIBSection
BitBlt
CreateCompatibleBitmap
GetPixel
DeleteObject
Rectangle
SelectObject
CreatePen
SetBkColor
GetObjectW
LineTo
GetStockObject
MoveToEx
CreateCompatibleDC
SetTextColor
CreateSolidBrush
GetTextExtentPointW
TextOutW
DeleteDC
CreateFontIndirectW

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

imm32

ImmDisableIME

msimg32

GradientFill
AlphaBlend
TransparentBlt

advapi32

RegCloseKey
BuildExplicitAccessWithNameW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueW
RegOpenKeyExW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegDeleteValueW
GetSecurityDescriptorSacl

Sections

.text
Size: 640KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phrases.ini
pxpnet.dll
.dll windows:5 windows x86 arch:x86

cd356f3abf47cce110e5358528d7102a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\pxp\Bin\Release\pxpnet.pdb

Imports

ws2_32

inet_ntoa
setsockopt
ntohs
select
__WSAFDIsSet
getsockopt
ntohl
WSASend
sendto
gethostbyaddr
gethostbyname
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
connect
WSACloseEvent
WSACreateEvent
accept
ioctlsocket
listen
bind
socket
WSACleanup
WSAStartup
recv
getsockname
getpeername
closesocket
shutdown
send
inet_addr
htons

wininet

InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
FormatMessageA
LocalFree
RaiseException
CloseHandle
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
MultiByteToWideChar
CreateFileA
FileTimeToSystemTime
Sleep
CreateEventA
CreateThread
SuspendThread
ResumeThread
WaitForSingleObject
GetCurrentThreadId
AllocConsole
GetStdHandle
MoveFileExA
GetLocalTime
WriteFile
SetEvent
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InterlockedExchange
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
GetProcessHeap
FormatMessageW
GetModuleFileNameW
OutputDebugStringW
SetStdHandle
SetFilePointer
CreateFileW
DeleteFileW
MoveFileExW
SetLastError
FindClose
FindFirstFileW
CreateDirectoryW
GetLastError
GetFileInformationByHandle
GetFullPathNameW
GetFileAttributesExW
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetTimeZoneInformation
GetSystemTimeAsFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
CancelIo
GetOverlappedResult
ReadFile
PeekNamedPipe
DuplicateHandle
GetDriveTypeA
GetDriveTypeW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetHandleInformation
CreateProcessW
GetHandleInformation
GetExitCodeProcess
SetEnvironmentVariableA
GetVersionExA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameA
TerminateProcess
LockFile
LockFileEx
UnlockFile
UnlockFileEx
CreatePipe
CreateNamedPipeA
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
FlushFileBuffers
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapSize
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
GetFileType
ResetEvent
ExitThread
ExitProcess
HeapReAlloc
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
WideCharToMultiByte

user32

GetMessageA
PostThreadMessageA
PeekMessageA
MsgWaitForMultipleObjectsEx

advapi32

CreateProcessAsUserW
RevertToSelf
RegOpenKeyExA
RegQueryValueExW
LookupAccountSidA
LookupAccountNameA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetNamedSecurityInfoW
GetNamedSecurityInfoA
GetSecurityInfo
AllocateAndInitializeSid
GetEffectiveRightsFromAclW
FreeSid
RegSetValueExW
RegCloseKey
GetLengthSid
ReportEventW
DeregisterEventSource
RegCreateKeyExW
CopySid
GetTokenInformation
OpenProcessToken
RegisterEventSourceW
ImpersonateLoggedOnUser

odbc32

ord9
ord111
ord31
ord24
ord236
ord75
ord141

shlwapi

SHGetValueA

Exports

Exports

InitPXPNet
JoinNet
LeaveNet
ReleaseResource
SendMessageToNetNode

Sections

.text
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scd/ʫ.scel
scd/δʾѡ.scel
scd/йƱ.scel
scd/ʫ300.scel
scd/´.scel
scdlist.ini
sgim_annex.bin
sgim_bigram.bin
sgim_eng.bin
sgim_hz.bin
sgim_py.bin
sgim_pytip.bin
sgim_sys.bin
sgim_tra.bin
sgim_url.bin
sgim_urlGuide.bin
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
userNetSchedule.exe
.exe windows:4 windows x86 arch:x86

5989c471b172ca629406f401d209aad5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

MoveFileExW
CreateDirectoryW
CreateEventW
WaitForMultipleObjects
GlobalAlloc
GetCommandLineW
LocalFree
CreateThread
FormatMessageW
SetLastError
GlobalFree
ReadFile
CreateFileW
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
InterlockedIncrement
InterlockedCompareExchange
OpenMutexW
WaitForSingleObject
CreateMutexW
ReleaseMutex
FindNextFileW
FindFirstFileW
FindClose
GetModuleFileNameW
Process32FirstW
GetCurrentProcessId
GetSystemInfo
Process32NextW
GetVersionExW
CreateToolhelp32Snapshot
Sleep
OpenEventW
LCMapStringW
GetTickCount
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
SetFileAttributesW
ExitProcess
InterlockedDecrement
GetVersionExA
GetProcessHeap
GetStartupInfoW
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
GetFullPathNameW
GetCurrentDirectoryA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
CreateFileA
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentThreadId
GetProcAddress
MultiByteToWideChar
FreeLibrary
LoadLibraryW
WideCharToMultiByte
CreateProcessW
DeleteFileW
CloseHandle
GetTempFileNameW
CopyFileW
GetLastError
GetModuleHandleW
GetModuleHandleA
RemoveDirectoryW

user32

GetLastInputInfo
GetCursorPos
SetWindowPos
PostQuitMessage
SetWindowLongW
MonitorFromPoint
DrawTextW
GetForegroundWindow
GetMonitorInfoW
LoadCursorW
DefWindowProcW
EndPaint
OffsetRect
MonitorFromRect
SetCursor
IntersectRect
InvalidateRect
DispatchMessageW
SetTimer
GetWindowLongW
GetWindowRect
GetMessageW
MessageBoxW
SubtractRect
FindWindowW
BeginPaint
GetSystemMetrics
PtInRect
CloseWindow
LoadIconW
CreateWindowExW
DestroyWindow
AdjustWindowRect
RegisterClassExW
TranslateMessage

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
Shell_NotifyIconW

wininet

InternetQueryOptionW
InternetGetCookieW
HttpEndRequestW
InternetSetOptionW
InternetCanonicalizeUrlW
HttpSendRequestW
InternetWriteFile
InternetOpenW
InternetSetCookieW
InternetConnectW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle

ziplib

UnZip
ZipFolder

gdi32

CreatePen
DeleteObject
SelectObject
CreateCompatibleDC
CreateSolidBrush
BitBlt
Rectangle
CreateCompatibleBitmap
SetBkMode
DeleteDC
SetViewportOrgEx
SetTextColor
CreateFontIndirectW
GetStockObject

advapi32

BuildExplicitAccessWithNameW
RegQueryValueW
RegCloseKey
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 12KB - Virtual size: 11KB

1ba6926a1ee4e4cda118768081f528d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr80

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 828B

.rsrc Size: 512B - Virtual size: 428B

.reloc Size: 512B - Virtual size: 166B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 13KB - Virtual size: 13KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 906B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 828B

.rsrc
Size: 512B - Virtual size: 428B

.reloc
Size: 512B - Virtual size: 166B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

CODE
Size: 13KB - Virtual size: 13KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 906B

.edata
Size: 512B - Virtual size: 89B

.reloc
Size: 1024B - Virtual size: 880B

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 28KB - Virtual size: 28KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB