3f541b27e013ea79fde74b04694ac74e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f541b27e013ea79fde74b04694ac74e_JaffaCakes118
Size

1.9MB
MD5

3f541b27e013ea79fde74b04694ac74e
SHA1

6d0d1d9bde3291a1abda15eccbc0739868409526
SHA256

b5e45bdf2a964fb052fbb3afcf696745769a9bd0381116e310af5d803e4753cd
SHA512

b13508ff3dbaa860ab140cdf688c612d8b8674165df274df2f6a87a6c66c3b9aee16797be6eb996122f6f5cde4a2aab27d208de5b082759b67a657a316c548c7
SSDEEP

49152:lFj+PkApAol48pcV1sQRIrh/PaTqX84Ikek:lFjmZ+V1sQRIt/PaTz4IR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$_2_/curllib.dll

Files

3f541b27e013ea79fde74b04694ac74e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a4:45:93:cc:8a:69:12:fb:0d:03:10:10:d7:f2:54:c9:75:94:61
Signer

Actual PE Digest

70:a4:45:93:cc:8a:69:12:fb:0d:03:10:10:d7:f2:54:c9:75:94:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/DownloadProxyPS.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b177dcb186702f9a4775e053e2fa1e17

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7a:35:cb:44:b7:2e:21:5d:d6:84:e7:d1:f8:8e:f8:16:21:09:90:9f
Signer

Actual PE Digest

7a:35:cb:44:b7:2e:21:5d:d6:84:e7:d1:f8:8e:f8:16:21:09:90:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

rpcrt4

NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_AddRef

oleaut32

BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Extract.dll
.dll windows:4 windows x86 arch:x86

102033a12b8cf17a451a9e9760020138

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2e
Signer

Actual PE Digest

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\vcoutput\Release\7z\Extract.pdb

Imports

kernel32

GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
SetCurrentDirectoryA
AreFileApisANSI
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryW
GetSystemDirectoryW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryW
DeleteFileW
GetShortPathNameA
lstrlenA
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetFullPathNameW
SearchPathW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindFirstChangeNotificationW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
GetFileInformationByHandle
ReadFile
WriteFile
SetEndOfFile
CreateFileA
CompareFileTime
GetSystemInfo
GlobalMemoryStatus
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
FatalAppExitA
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
SetEnvironmentVariableA

user32

CharPrevA
CharToOemA
CharNextA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharPrevExA

oleaut32

VariantCopy
SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/MiniQQDL.exe
.exe windows:4 windows x86 arch:x86

12cfd45218c2cbbea262b05569699034

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:8c:52:fc:d2:d6:22:25:32:c1:f9:e8:fc:c9:f5:03:c7:ac:ce:8e
Signer

Actual PE Digest

09:8c:52:fc:d2:d6:22:25:32:c1:f9:e8:fc:c9:f5:03:c7:ac:ce:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\游戏高速下载器代码\OldVersion\Src\bin\QQGameDown.pdb

Imports

comctl32

_TrackMouseEvent
InitCommonControlsEx

curllib

curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_global_init
curl_easy_init
curl_formfree
curl_formadd
curl_version_info
curl_global_cleanup

kernel32

InterlockedDecrement
InterlockedIncrement
lstrcmpA
SetThreadPriority
ResumeThread
SuspendThread
GlobalFlags
GlobalGetAtomNameA
GetAtomNameA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
MoveFileA
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetCurrentDirectoryA
GetFullPathNameW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
VirtualFree
HeapCreate
HeapDestroy
FatalAppExitA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetACP
GetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
GetDateFormatA
GetTimeFormatA
CreateDirectoryA
GetDriveTypeA
GetSystemInfo
VirtualAlloc
VirtualProtect
MoveFileW
GetStartupInfoW
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
RaiseException
InterlockedCompareExchange
OutputDebugStringW
IsBadReadPtr
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
FindFirstFileW
ExpandEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
GetModuleHandleW
WideCharToMultiByte
lstrcatW
lstrcpynW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetThreadLocale
CloseHandle
DeviceIoControl
CreateFileW
GetModuleFileNameW
GetLastError
CreateMutexW
GetCommandLineW
GetCurrentThread
GlobalFree
GlobalAlloc
lstrcmpiW
GetFileAttributesW
GetVersionExW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetProcessHeap
HeapFree
MultiByteToWideChar
lstrlenA
TerminateThread
WaitForSingleObject
Sleep
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
CreateThread
CreateDirectoryW
SetEvent
CreateEventW
HeapAlloc
GetFileSize
FlushFileBuffers
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
FindClose
DeleteFileW
CopyFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetTickCount
CreateEventA
ResetEvent
InterlockedExchange
GetVersion
CompareStringA
CompareStringW
lstrcmpiA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetCurrentProcess
GetCurrentProcessId
LoadLibraryA
GetSystemDirectoryA
CreateFileA
OutputDebugStringA
WritePrivateProfileStringA
DeleteFileA
SetUnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
GetThreadContext
GetThreadSelectorEntry
ReadProcessMemory
GlobalUnlock
GlobalLock
FreeResource
SetLastError
MulDiv
FindResourceA
LocalFree
FormatMessageA
GlobalSize
CopyFileA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleA

user32

GetWindowTextLengthA
GetFocus
GetDesktopWindow
GetDlgCtrlID
GetClassNameA
GetWindowTextA
SetWindowTextA
UnregisterClassA
SetWindowsHookExA
GetMessageA
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
LoadCursorA
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
DrawIcon
EnumThreadWindows
FillRect
WindowFromPoint
IsZoomed
SetWindowRgn
GetActiveWindow
RedrawWindow
GetClassInfoExW
GetSystemMetrics
DrawIconEx
GetSystemMenu
GetMenuState
GetWindowTextW
FindWindowExW
IsWindowVisible
IntersectRect
GetWindowDC
GetCapture
SetCapture
ReleaseCapture
OffsetRect
GetDC
ReleaseDC
PtInRect
GetClassInfoW
SetWindowsHookExW
CreateWindowExW
UnhookWindowsHookEx
CallNextHookEx
LoadImageW
EndPaint
DrawTextW
BeginPaint
GetUpdateRect
SetCursor
GetWindow
RegisterClassA
MapWindowPoints
DrawFocusRect
InflateRect
GetParent
ScreenToClient
ClientToScreen
RegisterClassExW
SetWindowLongW
CheckMenuItem
CreateDialogParamW
EndDialog
GetWindowLongW
CharUpperW
CharUpperA
LoadCursorW
UpdateWindow
InvalidateRect
SendMessageW
ShowWindow
IsIconic
FindWindowA
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowPlacement
SystemParametersInfoA
SetWindowLongA
CallWindowProcA
DefWindowProcA
SetWindowPlacement
GetMessageW
BringWindowToTop
SetForegroundWindow
FindWindowW
SetRect
GetWindowRect
GetClassNameW
DrawAnimatedRects
EnumChildWindows
MessageBoxW
PostMessageW
CallWindowProcW
DestroyWindow
PostQuitMessage
IsWindow
SetWindowTextW
FlashWindow
SetWindowPos
RegisterWindowMessageW
GetClientRect
EnableWindow
GetDlgItem
GetClassInfoA
GetClassInfoExA
CreateWindowExA
PostMessageA
GetMenu
ShowScrollBar
GetScrollPos
SetActiveWindow
SetScrollPos
GetScrollRange
SetScrollRange
TrackPopupMenuEx
ScrollWindow
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetDialogBaseUnits
CreateDialogIndirectParamA
GetNextDlgTabItem
DestroyIcon
DeleteMenu
ShowOwnedPopups
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuItemInfoA
ScrollWindowEx
MoveWindow
IsDialogMessageA
SetDlgItemTextA
GetDlgItemTextA
CheckRadioButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
SetScrollInfo
GetScrollInfo
CopyRect
DeferWindowPos
EqualRect
DialogBoxParamW
AdjustWindowRectEx
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
SetFocus
CheckDlgButton
SendDlgItemMessageW
GetDlgItemTextW
SetTimer
KillTimer
LoadIconW
DestroyMenu
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuW
DefWindowProcW
CharLowerA
CharLowerW
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SystemParametersInfoW

gdi32

GetTextMetricsA
DPtoLP
PatBlt
GetMapMode
SetRectRgn
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
OffsetClipRgn
IntersectClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
CreateFontIndirectA
GetObjectA
GetDCOrgEx
CreateBitmap
CreateDCA
CopyMetaFileA
GetDeviceCaps
SetViewportOrgEx
CreateSolidBrush
CombineRgn
CreateRoundRectRgn
CreateRectRgn
ExcludeClipRect
CreateDIBSection
GetClipBox
CreateCompatibleBitmap
StretchBlt
DeleteDC
CreateRectRgnIndirect
SelectClipRgn
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject
RoundRect
Rectangle
SetBkColor
ExtTextOutW
DeleteObject
GetObjectW
CreateFontW
SelectObject
SetTextColor
SetBkMode
CreatePen
MoveToEx
LineTo
CreateCompatibleDC
BitBlt

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegSetValueA
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
RevertToSelf
MapGenericMask
AccessCheck

shell32

SHGetFileInfoA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteExW
ExtractIconA
ShellExecuteW
SHGetSpecialFolderPathA
Shell_NotifyIconW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CLSIDFromProgID
CoLoadLibrary
CoFreeLibrary
CoCreateGuid

oleaut32

VariantInit
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
SafeArrayGetUBound

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
wnsprintfW
PathIsUNCA

dbghelp

SymLoadModule
SymFunctionTableAccess
SymInitialize
SymSetOptions
StackWalk
SymGetModuleInfo

ws2_32

select
__WSAFDIsSet
listen
connect
recv
send
inet_ntoa
accept
getpeername
WSAGetLastError
WSACleanup
WSACloseEvent
WSAStartup
closesocket
htons
gethostbyname
inet_addr
htonl
ntohl
ioctlsocket
setsockopt
ntohs
recvfrom
socket
sendto
bind

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

NetWkstaTransportEnum
Netbios
NetApiBufferFree

gdiplus

GdipLoadImageFromStreamICM
GdipCreatePen1
GdipDeletePen
GdipReleaseDC
GdipDrawLineI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipDrawImageRectI
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipCreateSolidFill
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCloneImage
GdipCloneBrush
GdipCloneBitmapAreaI
GdipCreateFont
GdipDrawImageRectRectI
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipGetImageWidth

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 872KB - Virtual size: 868KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/SkinConfig.ini
$_2_/TNProxy.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5b6be223aae9558de13dd3a8d5d553f3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:30:e9:58:b6:b6:9e:50:34:77:30:46:b9:49:1a:ea:e0:66:aa:a2
Signer

Actual PE Digest

b9:30:e9:58:b6:b6:9e:50:34:77:30:46:b9:49:1a:ea:e0:66:aa:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryA
InterlockedIncrement
GetProcAddress
FreeLibrary
GetTickCount
CloseHandle
Sleep
TlsSetValue
TlsFree
TlsAlloc
TlsGetValue

ws2_32

htonl
sendto
connect
htons
ntohs
ntohl
gethostbyname
WSAStartup
WSACleanup
select
closesocket
ioctlsocket
setsockopt
socket
bind
recvfrom
recv
send
getpeername
listen
accept
inet_ntoa
__WSAFDIsSet
WSAGetLastError
gethostname
inet_addr

msvcrt

memcmp
strcmp
??1type_info@@UAE@XZ
isdigit
memchr
fgetc
malloc
_adjust_fdiv
__dllonexit
_ftol
atoi
_CxxThrowException
strncpy
strstr
memmove
free
calloc
memset
rand
srand
_beginthreadex
memcpy
strlen
_initterm
_onexit
time
strcpy
_iob
fputc
sprintf
printf
_purecall
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z

msvcp60

??1_Winit@std@@QAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xran@std@@YAXXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Xlen@std@@YAXXZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

iphlpapi

GetAdaptersInfo
GetIfEntry

wininet

InternetGetConnectedState

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Tencentdl.exe
.exe windows:4 windows x86 arch:x86

1421e96a9ea3b3d1dc3c79fbda3f723c

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

35:f6:6d:c8:90:50:17:8a:c0:9d:77:7f:aa:7b:0c:af:69:da:7a:1b
Signer

Actual PE Digest

35:f6:6d:c8:90:50:17:8a:c0:9d:77:7f:aa:7b:0c:af:69:da:7a:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\downloadplugin\tencentdl_v120\output\release\Tencentdl.pdb

Imports

kernel32

PostQueuedCompletionStatus
HeapAlloc
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
InterlockedCompareExchange
FlushInstructionCache
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
SleepEx
CreateEventW
CreateWaitableTimerW
DeleteFileW
lstrcpynW
OpenProcess
CreateToolhelp32Snapshot
CopyFileW
Sleep
CreateThread
GetCommandLineW
LoadLibraryW
GetVersionExW
lstrlenA
DeviceIoControl
CreateFileW
RemoveDirectoryW
SetFileAttributesW
MoveFileW
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
WideCharToMultiByte
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
GetVersionExA
GetStartupInfoW
GetCurrentThread
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
SetWaitableTimer
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryA
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
FormatMessageA
LocalFree
CreateWaitableTimerA
SystemTimeToFileTime
ResumeThread
OpenEventA
GetThreadLocale
IsProcessorFeaturePresent
ReadProcessMemory
GetThreadSelectorEntry
VirtualQueryEx
DeleteFileA
WritePrivateProfileStringA
OutputDebugStringA
GetSystemDirectoryA
TlsSetValue
SetFileTime
TlsGetValue
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
TlsAlloc
InterlockedExchangeAdd
GetCurrentThreadId
SetEvent
WaitForSingleObject
CreateEventA
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
TlsFree
InterlockedExchange
CloseHandle
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
GetModuleHandleW
GetProcAddress
InterlockedIncrement
lstrlenW
GetCurrentDirectoryA
InterlockedDecrement

user32

FindWindowW
RedrawWindow
SetWindowLongW
GetWindowLongW
DrawTextW
LoadBitmapW
EndDialog
GetDlgItem
GetClientRect
GetWindowRect
PostMessageW
GetActiveWindow
DialogBoxParamW
GetWindow
SystemParametersInfoW
MapWindowPoints
GetSysColor
WindowFromPoint
SetWindowTextW
LoadStringW
GetCapture
ReleaseCapture
DestroyWindow
IsWindow
SendMessageW
CharNextW
PostThreadMessageW
CreateDialogParamW
CharUpperW
TranslateMessage
DispatchMessageW
GetMessageW
CreateWindowExW
PtInRect
SetRect
GetParent
CallWindowProcW
DefWindowProcW
ShowWindow
EnableWindow
GetSystemMetrics
IsIconic
MoveWindow
BringWindowToTop
ClientToScreen
InvalidateRect
IsWindowVisible
ShowOwnedPopups
SetForegroundWindow
GetLastActivePopup
DrawIconEx
LoadMenuW
DestroyMenu
GetMonitorInfoW
GetWindowTextW
LoadImageW
GetCursorPos
GetSubMenu
UnregisterClassA
SetWindowPos
GetIconInfo
DestroyIcon
TrackPopupMenu
MonitorFromPoint
LoadIconW

gdi32

RestoreDC
SaveDC
DeleteDC
CreateCompatibleDC
SelectObject
SetBkMode
SetTextColor
BitBlt
StretchBlt
CreateCompatibleBitmap
DeleteObject
CreateFontW
GetObjectW
ExtTextOutW
SetBkColor
CreateSolidBrush

advapi32

RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
IsTextUnicode

shell32

ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW

ole32

CoFreeLibrary
CoLoadLibrary
CoCreateGuid
CoInitializeEx
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

shlwapi

wnsprintfW

comctl32

_TrackMouseEvent

ws2_32

recvfrom
htonl
ntohl
WSAStartup
WSACleanup
closesocket
htons
gethostbyname
inet_addr
select
__WSAFDIsSet
ntohs
inet_ntoa
accept
getpeername
WSAGetLastError
listen
connect
recv
ioctlsocket
bind
sendto
socket
send
setsockopt

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

psapi

GetModuleFileNameExW

imagehlp

SymLoadModule
SymGetModuleInfo
SymFunctionTableAccess
SymInitialize
SymSetOptions
StackWalk

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/config.ini
$_2_/curllib.dll
.dll windows:4 windows x86 arch:x86

e7e76bacda92f81d0eefd0a58978a370

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recvfrom
sendto
send
select
__WSAFDIsSet
ioctlsocket
listen
accept
WSAStartup
WSACleanup
gethostname
getservbyport
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
WSASetLastError
recv
socket
closesocket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
WSAGetLastError

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

kernel32

GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
Sleep
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsA
WaitForSingleObject
CloseHandle
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
SleepEx
GetTickCount

msvcr80

_malloc_crt
tolower
fseek
__sys_nerr
strerror
fflush
_gmtime64
fputc
sprintf
memmove
memchr
getenv
_errno
strstr
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_strdup
_close
_fileno
_open
_read
_stricmp
_encode_pointer
strchr
memcpy
memset
_time64
_strtoi64
strncmp
strrchr
strtol
sscanf
_strnicmp
fclose
fgets
fopen
__iob_func
qsort
fputs
strcpy_s
calloc
free
strncpy_s
strtoul
sprintf_s
strcat_s
islower
isalpha
isupper
isdigit
isprint
isalnum
isgraph
isspace
isxdigit
_beginthreadex
malloc
realloc
fwrite
_fstat64
_lseeki64
_stat64
fread
strncpy

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/dlcore.dll
.dll regsvr32 windows:4 windows x86 arch:x86

78144f1fefa069ec947207f08b730f6c

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b3:d5:11:e4:4f:0e:02:06:d2:3f:9b:67:95:ec:6f:a3:34:43:a3:12
Signer

Actual PE Digest

b3:d5:11:e4:4f:0e:02:06:d2:3f:9b:67:95:ec:6f:a3:34:43:a3:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\vcoutput\releasestatic\xdownload\dlcore.pdb

Imports

ws2_32

recv
send
inet_addr
gethostbyname
bind
sendto
socket
WSAGetLastError
setsockopt
connect
getpeername
listen
accept
ioctlsocket
closesocket
inet_ntoa
ntohl
ntohs
htonl
__WSAFDIsSet
gethostname
WSAStartup
recvfrom
WSACleanup
getsockname
select
WSASetLastError
htons

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
OutputDebugStringA
GetTickCount
CloseHandle
FindClose
FindFirstFileW
GetFileAttributesW
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
TerminateThread
DeleteFileW
MultiByteToWideChar
InterlockedDecrement
InitializeCriticalSection
InterlockedIncrement
InterlockedExchangeAdd
ReleaseSemaphore
GetCurrentThreadId
CreateSemaphoreA
GetModuleFileNameA
WaitForMultipleObjects
MoveFileW
CreateFileW
CopyFileA
GetDiskFreeSpaceExA
GetLogicalDrives
InterlockedExchange
OpenMutexA
GetLastError
CreateMutexA
ReleaseMutex
CopyFileW
RemoveDirectoryW
WideCharToMultiByte
lstrlenW
RaiseException
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
OpenMutexW
CreateFileMappingW
LocalFree
OpenSemaphoreW
MapViewOfFile
SetFilePointerEx
GetVolumeInformationA
lstrlenA
CreateEventW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
GetTimeZoneInformation
GetFullPathNameW
QueryPerformanceCounter
GetEnvironmentStringsW
GetVersionExA
GetCurrentThread
GlobalFree
GlobalAlloc
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindFirstFileA
GetModuleFileNameW
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentDirectoryA
GetTempPathA
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
GetVolumeInformationW
GetProcAddress
CreateFileA
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
DeviceIoControl
LoadLibraryA
GetSystemDirectoryA
InterlockedCompareExchange
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetDriveTypeW
CreateDirectoryW
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

UnregisterClassA
CharNextA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
IsTextUnicode
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
GetFileSecurityA
ImpersonateSelf
OpenThreadToken
RevertToSelf
MapGenericMask
AccessCheck
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoFreeLibrary
CoLoadLibrary
CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleRun

oleaut32

SafeArrayDestroy
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SafeArrayCreate
SafeArrayCreateVector
GetErrorInfo
SafeArrayPutElement

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseCommLib

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/image/button.png
.png
$_2_/image/checked.png
.png
$_2_/image/close.png
.png
$_2_/image/loading.png
.png
$_2_/image/mainbnd.png
.png
$_2_/image/mainwnd.jpg
.jpg
$_2_/image/min.png
.png
$_2_/image/unchecked.png
.png
$_2_/image/xf.png
.png
$_2_/image/xfabout.bmp
$_2_/xf-logo.ico
$_2_/xzqdl.ico

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

70:a4:45:93:cc:8a:69:12:fb:0d:03:10:10:d7:f2:54:c9:75:94:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 580KB

.rsrc Size: 21KB - Virtual size: 21KB

b177dcb186702f9a4775e053e2fa1e17

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

7a:35:cb:44:b7:2e:21:5d:d6:84:e7:d1:f8:8e:f8:16:21:09:90:9fSigner

Headers

File Characteristics

Imports

kernel32

rpcrt4

oleaut32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.orpc Size: 4KB - Virtual size: 576B

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

102033a12b8cf17a451a9e9760020138

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

70:a4:45:93:cc:8a:69:12:fb:0d:03:10:10:d7:f2:54:c9:75:94:61
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 580KB

.rsrc
Size: 21KB - Virtual size: 21KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

7a:35:cb:44:b7:2e:21:5d:d6:84:e7:d1:f8:8e:f8:16:21:09:90:9f
Signer

.text
Size: 28KB - Virtual size: 25KB

.orpc
Size: 4KB - Virtual size: 576B

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2e
Signer

.text
Size: 274KB - Virtual size: 273KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 10KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

09:8c:52:fc:d2:d6:22:25:32:c1:f9:e8:fc:c9:f5:03:c7:ac:ce:8e
Signer

.text
Size: 872KB - Virtual size: 868KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 20KB - Virtual size: 54KB

.tls
Size: 4KB - Virtual size: 13B

.rsrc
Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate