561d93353e3dc94e30d2a4138d7cb1c3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

561d93353e3dc94e30d2a4138d7cb1c3_JaffaCakes118
Size

10.0MB
MD5

561d93353e3dc94e30d2a4138d7cb1c3
SHA1

a2db3ab8a3a484ba16fc187fb2843f8f448e0075
SHA256

2c29f7443f2334ba0830a60190ed25f8e48a40c60a608d8906a53245b453fc01
SHA512

f98b24ae40267844e9faf7413f38d416b202252aa5c483dc840e1cfe29a789d91371ee2ffc6de826070f32fa5e95e9c39994621deebe7a10414280e52b706caa
SSDEEP

196608:vO5SkAR7SHnS3i70JhHefk9xEozTnl8bdrsqMg9npt+o0bK3K1JsEFKulJ6zoiTu:Us2Sy7C+ezDl8bdrsjgpt30Me7FREz9C

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/SetupLib.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/SogouPY.ime~
unpack001/$SYSDIR/SogouPy.ime
unpack001/out.upx

Files

561d93353e3dc94e30d2a4138d7cb1c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupLib.dll
.dll windows:4 windows x86 arch:x86

277527a2d53f2e5d7a108da500f31b2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\渠道版本\sogouime30f\Src2\InstallScript\SetupLib.pdb

Imports

shlwapi

SHDeleteKeyW

kernel32

GlobalFree
LoadLibraryW
GetSystemDefaultLangID
GetVersion
GlobalAlloc
FreeLibrary
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
MoveFileExW
LocalFree
FindClose
FindNextFileW
FindFirstFileW
CompareStringW
GetProcAddress
GetCPInfo
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
SetEnvironmentVariableA
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetFullPathNameW
GetCurrentDirectoryA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CloseHandle
FlushFileBuffers
CompareStringA

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

Exports

Exports

AddAccess
AddAccessExec
AddAccessOnReg
AppVersionCheck
BeVista
CheckAccess
CorrectFileName
Debug
Downgrade
GetHWID
GetLocaleID
InstalledIMEIsPre30b1
IsRegisteredId
NeedReboot
OSSupported
RemoveDir
SetLowLabel
SetReboot
UninstallReg
UninstallUsrReg

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/SogouPY.ime~
.dll windows:4 windows x86 arch:x86

bd1b513211ee801e8ad4a2764e19a733

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmCreateSoftKeyboard
ImmDestroySoftKeyboard
ImmShowSoftKeyboard
ImmCreateIMCC
ImmGetIMCCSize
ImmGenerateMessage
ImmReSizeIMCC
ImmLockIMC
ImmUnlockIMCC
ImmLockIMCC
ImmUnlockIMC

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

IsValidCodePage
CreateEventW
ReleaseMutex
OpenMutexW
CreateMutexW
CloseHandle
OpenEventW
GetLastError
GetCurrentProcess
GetModuleHandleW
GetCommandLineW
CreateProcessW
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
WideCharToMultiByte
GetCurrentThreadId
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
WaitForSingleObject
LCMapStringW
GetVersionExW
SetEnvironmentVariableA
GetDriveTypeA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetDateFormatA
GetTimeFormatA
SetFilePointer
LCMapStringA
CompareStringW
CompareStringA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
FindFirstFileW
LoadResource
FindClose
LockResource
SizeofResource
FindResourceW
LoadLibraryExW
GetTickCount
GetFileSize
ReadFile
CreateFileW
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
LocalFree
MultiByteToWideChar
SetWaitableTimer
GetFullPathNameW
OpenWaitableTimerW
CreateThread
InterlockedExchange
InterlockedExchangeAdd
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
RaiseException
GetTimeZoneInformation
GetModuleHandleA
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
CreateWaitableTimerW
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode

user32

SetMenuItemInfoW
DestroyMenu
PtInRect
LoadMenuW
GetSubMenu
GetMenuItemInfoW
CheckMenuItem
AppendMenuW
DefWindowProcW
GetWindowLongW
UnregisterClassW
RegisterClassExW
LoadCursorW
SetWindowLongW
SetCursor
SetTimer
GetCursor
SetClipboardData
CloseClipboard
MonitorFromPoint
GetMonitorInfoW
GetKeyState
EmptyClipboard
keybd_event
GetFocus
OpenClipboard
GetCaretPos
ClientToScreen
SetCaretPos
GetWindowRect
IsWindow
SetWindowRgn
CreateWindowExW
BeginPaint
DrawTextW
EndPaint
FillRect
InflateRect
SetCursorPos
SetRect
OffsetRect
SubtractRect
ShowWindow
IntersectRect
RedrawWindow
FindWindowW
ReleaseCapture
UpdateLayeredWindow
KillTimer
SetCapture
DialogBoxParamW
CreateDialogParamW
LoadImageW
GetDesktopWindow
SendMessageW
MapVirtualKeyW
MessageBeep
PostMessageW
MessageBoxW
GetSystemMetrics
SetWindowPos
MoveWindow
TrackPopupMenuEx
ReleaseDC
GetDC
GetCursorPos
SetWindowTextW
GetDlgItem
EndDialog
EnableMenuItem

gdi32

CreateFontIndirectW
ExtCreateRegion
StretchBlt
GetTextExtentPoint32W
DeleteObject
TextOutW
SetBkMode
CombineRgn
OffsetRgn
LineTo
BitBlt
CreateCompatibleDC
GdiFlush
SetPixel
DeleteDC
GetPixel
CreateDIBSection
GetDeviceCaps
CreateCompatibleBitmap
MoveToEx
CreatePen
Rectangle
CreateSolidBrush
SetTextColor
GetTextExtentPointW
GetObjectW
SelectObject

advapi32

RegCreateKeyExW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
GetNamedSecurityInfoW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueW
RegSetValueExW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
SHGetFolderPathW
SHFileOperationW

comctl32

InitCommonControlsEx

ws2_32

htonl

wininet

InternetGetCookieW
InternetSetCookieW

msimg32

TransparentBlt

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
_ImeGetImeMenuItems@24

Sections

.text
Size: 516KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SogouPy.ime
.dll windows:4 windows x86 arch:x86

bd1b513211ee801e8ad4a2764e19a733

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmCreateSoftKeyboard
ImmDestroySoftKeyboard
ImmShowSoftKeyboard
ImmCreateIMCC
ImmGetIMCCSize
ImmGenerateMessage
ImmReSizeIMCC
ImmLockIMC
ImmUnlockIMCC
ImmLockIMCC
ImmUnlockIMC

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

IsValidCodePage
CreateEventW
ReleaseMutex
OpenMutexW
CreateMutexW
CloseHandle
OpenEventW
GetLastError
GetCurrentProcess
GetModuleHandleW
GetCommandLineW
CreateProcessW
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
WideCharToMultiByte
GetCurrentThreadId
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
WaitForSingleObject
LCMapStringW
GetVersionExW
SetEnvironmentVariableA
GetDriveTypeA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetDateFormatA
GetTimeFormatA
SetFilePointer
LCMapStringA
CompareStringW
CompareStringA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
FindFirstFileW
LoadResource
FindClose
LockResource
SizeofResource
FindResourceW
LoadLibraryExW
GetTickCount
GetFileSize
ReadFile
CreateFileW
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
LocalFree
MultiByteToWideChar
SetWaitableTimer
GetFullPathNameW
OpenWaitableTimerW
CreateThread
InterlockedExchange
InterlockedExchangeAdd
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
RaiseException
GetTimeZoneInformation
GetModuleHandleA
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
CreateWaitableTimerW
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode

user32

SetMenuItemInfoW
DestroyMenu
PtInRect
LoadMenuW
GetSubMenu
GetMenuItemInfoW
CheckMenuItem
AppendMenuW
DefWindowProcW
GetWindowLongW
UnregisterClassW
RegisterClassExW
LoadCursorW
SetWindowLongW
SetCursor
SetTimer
GetCursor
SetClipboardData
CloseClipboard
MonitorFromPoint
GetMonitorInfoW
GetKeyState
EmptyClipboard
keybd_event
GetFocus
OpenClipboard
GetCaretPos
ClientToScreen
SetCaretPos
GetWindowRect
IsWindow
SetWindowRgn
CreateWindowExW
BeginPaint
DrawTextW
EndPaint
FillRect
InflateRect
SetCursorPos
SetRect
OffsetRect
SubtractRect
ShowWindow
IntersectRect
RedrawWindow
FindWindowW
ReleaseCapture
UpdateLayeredWindow
KillTimer
SetCapture
DialogBoxParamW
CreateDialogParamW
LoadImageW
GetDesktopWindow
SendMessageW
MapVirtualKeyW
MessageBeep
PostMessageW
MessageBoxW
GetSystemMetrics
SetWindowPos
MoveWindow
TrackPopupMenuEx
ReleaseDC
GetDC
GetCursorPos
SetWindowTextW
GetDlgItem
EndDialog
EnableMenuItem

gdi32

CreateFontIndirectW
ExtCreateRegion
StretchBlt
GetTextExtentPoint32W
DeleteObject
TextOutW
SetBkMode
CombineRgn
OffsetRgn
LineTo
BitBlt
CreateCompatibleDC
GdiFlush
SetPixel
DeleteDC
GetPixel
CreateDIBSection
GetDeviceCaps
CreateCompatibleBitmap
MoveToEx
CreatePen
Rectangle
CreateSolidBrush
SetTextColor
GetTextExtentPointW
GetObjectW
SelectObject

advapi32

RegCreateKeyExW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
GetNamedSecurityInfoW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueW
RegSetValueExW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
SHGetFolderPathW
SHFileOperationW

comctl32

InitCommonControlsEx

ws2_32

htonl

wininet

InternetGetCookieW
InternetSetCookieW

msimg32

TransparentBlt

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
_ImeGetImeMenuItems@24

Sections

.text
Size: 516KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/FC_Puncture.exe
.exe windows:4 windows x86 arch:x86

bdc7e0ac178acec87d8f24fb080cb21e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\FC_Puncture.pdb

Imports

kernel32

FindFirstFileW
FindClose
CreateMutexW
WaitForSingleObject
OpenMutexW
GetCurrentThreadId
ReleaseMutex
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalFree
GetVersionExW
GetModuleFileNameW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
TlsGetValue
TlsAlloc
CloseHandle
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
Sleep
InitializeCriticalSection
HeapSize
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetLocaleInfoA
SetFilePointer
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
ReadFile
GetLastError
CreateDirectoryW
WideCharToMultiByte
TlsSetValue
MultiByteToWideChar

user32

MessageBoxW

advapi32

SetSecurityInfo
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityInfo
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
SetEntriesInAclW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Install.exe
.exe windows:4 windows x86 arch:x86

ecd614d365036c60cca8416288449c89

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmInstallIMEW
ImmGetIMEFileNameW

kernel32

CloseHandle
FlushFileBuffers
GlobalFree
GetLastError
GetSystemDirectoryW
GlobalAlloc
CreateFileA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
Sleep
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
ReadFile

user32

UnloadKeyboardLayout
MessageBoxW
GetKeyboardLayoutList
LoadKeyboardLayoutW

advapi32

RegEnumValueW
RegFlushKey
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/check.exe
.exe windows:4 windows x86 arch:x86

a700d2b44e57167a082b1ea05b531095

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

advapi32

RegQueryValueExA
RegFlushKey
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA

kernel32

Process32First
GetVersionExA
CloseHandle
GetCurrentProcessId
Module32First
OpenProcess
Process32Next
CreateToolhelp32Snapshot
Module32Next
TerminateProcess
FlushFileBuffers
CreateFileA
ReadFile
HeapAlloc
GetLastError
HeapFree
GetCommandLineA
GetProcessHeap
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

DialogBoxParamA
GetDlgItem
EndDialog
SendMessageA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AllSkin/tmp/ţг.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuangpin1.bmp
shuangpin2.bmp
shuangpin3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
AllSkin/tmp/.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuangpin1.bmp
shuangpin2.bmp
shuangpin3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
AllSkin/tmp/ɫ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuang1.bmp
shuang2.bmp
shuang3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin2.bmp
AllSkin/tmp/ɫռ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuangpin1.bmp
shuangpin2.bmp
shuangpin3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
AllSkin/tmp/ɫռȫť.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuangpin1.bmp
shuangpin2.bmp
shuangpin3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
AllSkin/tmp/״̬ĬƤ.ssf
.zip
1.bmp
10.bmp
11.bmp
12.bmp
13.bmp
14.bmp
15.bmp
16.bmp
17.bmp
18.bmp
19.bmp
2.bmp
20.bmp
21.bmp
22.bmp
23.bmp
24.bmp
25.bmp
26.bmp
27.bmp
28.bmp
29.bmp
3.bmp
30.bmp
31.bmp
32.bmp
33.bmp
34.bmp
35.bmp
36.bmp
37.bmp
38.bmp
39.bmp
4.bmp
40.bmp
41.bmp
42.bmp
5.bmp
6.bmp
7.bmp
8.bmp
9.bmp
bar.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
AllSkin/tmp/ѹ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuangpin1.bmp
shuangpin2.bmp
shuangpin3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
AllSkin/tmp/ѹȫť.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuangpin1.bmp
shuangpin2.bmp
shuangpin3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
AllSkin/ţг.ssf
.zip
AllSkin/.ssf
.zip
AllSkin/ɫ.ssf
.zip
AllSkin/ɫռ.ssf
.zip
AllSkin/ɫռȫť.ssf
.zip
AllSkin/״̬ĬƤ.ssf
.zip
AllSkin/ѹ.ssf
.zip
AllSkin/ѹȫť.ssf
.zip
ConfigMover30b2.exe
.exe windows:4 windows x86 arch:x86

23c66f324e0bfa41a56200360ba3ef41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\ConfigMover30b2.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateDirectoryW
GetVersionExW
CompareStringW
CompareStringA
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

shell32

SHFileOperationW
SHGetFolderPathAndSubDirW
SHGetFolderPathW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Correction.ini
HWSignature.dll
.dll windows:4 windows x86 arch:x86

3805775f1dde052333909932d791dd7f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime30f\Bin\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
GetProcessHeap
CopyFileA
DeviceIoControl
CloseHandle
HeapAlloc
HeapFree
GetSystemDirectoryA
lstrcatA
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/ConfigMover30b2.exe
.exe windows:4 windows x86 arch:x86

23c66f324e0bfa41a56200360ba3ef41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\ConfigMover30b2.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateDirectoryW
GetVersionExW
CompareStringW
CompareStringA
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

shell32

SHFileOperationW
SHGetFolderPathAndSubDirW
SHGetFolderPathW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/HWSignature.dll
.dll windows:4 windows x86 arch:x86

3805775f1dde052333909932d791dd7f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\sogouime30f\Bin\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
GetProcessHeap
CopyFileA
DeviceIoControl
CloseHandle
HeapAlloc
HeapFree
GetSystemDirectoryA
lstrcatA
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/PinyinUp.exe
.exe windows:4 windows x86 arch:x86

fbed6d3cdca258546bf123861efb423a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\PinyinUp.pdb

Imports

wininet

HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

comctl32

ord17

shlwapi

StrCmpIW

imm32

ImmDisableIME

kernel32

WriteFile
GetCurrentProcess
HeapFree
ReadFile
CreateFileW
CreateEventW
CreateProcessW
MoveFileExW
DeleteFileW
OpenEventW
GetPrivateProfileStringW
GetVersionExW
SetEnvironmentVariableA
ResumeThread
CompareStringA
GetDriveTypeA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
HeapAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
SuspendThread
CloseHandle
WaitForSingleObject
MultiByteToWideChar
FindFirstFileW
CopyFileW
CreateDirectoryW
FindClose
FindNextFileW
GetTempPathW
LocalFree
FormatMessageW
GetLastError
GetCommandLineW
CreateFileMappingW
GetProcessHeap
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
GetConsoleCP
GetFullPathNameW
CompareStringW
WideCharToMultiByte
GetModuleFileNameW
CreateMutexW
OpenMutexW
GetCurrentThreadId
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
FreeEnvironmentStringsW
OpenFileMappingW
GetTickCount
QueryPerformanceFrequency
InterlockedExchange
InterlockedExchangeAdd
Sleep
CreateThread
GetFileSize
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
LoadLibraryA
GetCommandLineA
GetVersionExA
GetStartupInfoA
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeZoneInformation
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentDirectoryA

user32

SetTimer
ExitWindowsEx
GetWindowTextW
DispatchMessageW
GetMessageW
TranslateMessage
GetClassLongW
GetWindowLongW
PostQuitMessage
EndPaint
MessageBoxW
BeginPaint
CreateWindowExW
GetSystemMetrics
DefWindowProcW
SetWindowLongW
LoadCursorW
LoadIconW
ShowWindow
SetWindowTextW
SetWindowPos
SendMessageW
RegisterClassW

gdi32

GetStockObject
CreateFontIndirectW
DeleteObject

advapi32

LookupAccountSidW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
RegQueryValueW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetSecurityInfo

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW

ws2_32

htonl

hwsignature

GenHWID

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/Plugin/SgImeWord.dll
.dll windows:4 windows x86 arch:x86

f91f5cbdb7900bcd01edd1ba46fa5f65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
OutputDebugStringW
MulDiv
lstrlenA
lstrcpynW
DebugBreak
Sleep
GlobalLock
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadResource
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryA
InitializeCriticalSection
FreeLibrary
GetFileAttributesW
GetVersion
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
FindResourceW
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
EnterCriticalSection
SizeofResource
lstrlenW
SetLastError
GetLastError
MultiByteToWideChar
OutputDebugStringA
GetCurrentThreadId
RaiseException
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
GetCommandLineA
HeapDestroy
HeapCreate

user32

CharNextW
IsWindow
ShowWindow
GetClassLongW
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
keybd_event
EmptyClipboard
GetClipboardData
PtInRect
ScreenToClient
SetCursor
LoadCursorW
GetCursorPos
LoadStringW
DrawTextW
GetSystemMetrics
GetWindow
GetClientRect
DestroyWindow
GetParent
SetFocus
GetDC
ReleaseDC
SendMessageW
GetDlgItem
GetWindowLongW
LoadImageW
DestroyIcon
MapWindowPoints
SetWindowTextW
GetWindowTextW
CallWindowProcW
DefWindowProcW
GetKeyState
SystemParametersInfoW
wvsprintfW
GetWindowRect
InvalidateRect
CreateDialogParamW
SetWindowLongW
SetWindowPos
UnregisterClassA

gdi32

SetTextColor
SetBkMode
LineTo
CreateFontIndirectW
ExtTextOutW
MoveToEx
SelectObject
DPtoLP
CreateCompatibleBitmap
CreatePen
DeleteDC
BitBlt
CreateCompatibleDC
SetBkColor
DeleteObject
GetDeviceCaps

advapi32

RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

msimg32

TransparentBlt

Exports

Exports

fnCreateMain
fnCreateSimple
fnDestroyMain
fnDestroySimple
fnGetMainWindowPos
fnGetSimpleWindowPos
fnPutWords
fnPutWordsSimple
fnSetCloseMainCb
fnSetMainIMEWnd
fnSetMainPutInWnd
fnSetSimpleIMEWnd
fnSetSimplePutInWnd
fnSetWindowPos
fnSetWindowWords
fnShowMain
fnShowSimple

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/Resource.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/ScdMaker.exe
.exe windows:4 windows x86 arch:x86

88abcbd1a51141f0301cfd296d17116b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\ScdMaker.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateFileMappingW
OpenFileMappingW
LocalFree
FindFirstFileW
FindClose
OpenMutexW
GetCurrentThreadId
ReleaseMutex
CreateMutexW
WaitForSingleObject
MoveFileExW
GetVersionExW
GetModuleFileNameW
ReadFile
GetTickCount
QueryPerformanceFrequency
InterlockedExchangeAdd
Sleep
CreateThread
InterlockedExchange
GetFileSize
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetFullPathNameW
GetCurrentDirectoryA
UnmapViewOfFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
GetLocaleInfoW
CreateFileA
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
MapViewOfFile
CreateFileW
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
CreateDirectoryW
DeleteFileW
GetLastError

user32

MessageBoxW

advapi32

RegQueryValueW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ScdReg.exe
.exe windows:4 windows x86 arch:x86

c9669d1f462715324739c7822f9ffad6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\ScdReg.pdb

Imports

imm32

ImmDisableIME

kernel32

GetModuleFileNameW
GetLastError
WaitForSingleObject
OpenMutexW
GetCurrentThreadId
ReleaseMutex
CloseHandle
CreateMutexW
CreateEventW
OpenEventW
MultiByteToWideChar
ReadFile
CreateFileW
MoveFileExW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
CreateThread
InterlockedExchange
InterlockedExchangeAdd
GetTickCount
QueryPerformanceFrequency
GetFileSize
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetVersionExW
LCMapStringW
GetCPInfo
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
WideCharToMultiByte
CopyFileW
CreateDirectoryW
GetCurrentDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
LCMapStringA

user32

MessageBoxW

advapi32

SetNamedSecurityInfoW
RegQueryValueW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ScdViewer.exe
.exe windows:4 windows x86 arch:x86

8683975be732665dbe929ba4bf34d476

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\ScdViewer.pdb

Imports

user32

GetSystemMetrics
SendMessageW
GetDlgItem
EndDialog
DialogBoxParamW
GetWindowRect
SetWindowPos
MessageBoxW

gdi32

GetStockObject

kernel32

CompareStringA
CreateFileA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
CompareStringW
SetLastError
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
CloseHandle
GetTimeZoneInformation
ReadFile
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CreateFileW
LoadLibraryA
GetLocaleInfoW

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/SkinReg.exe
.exe windows:4 windows x86 arch:x86

6c4067b0ae40cc2321708c248c817f5f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\SkinReg.pdb

Imports

kernel32

GetLongPathNameW
DeleteFileW
SetEnvironmentVariableA
CompareStringW
WideCharToMultiByte
CreateDirectoryW
CopyFileW
GetLastError
FindFirstFileW
FindClose
FindNextFileW
LocalFree
CloseHandle
CreateMutexW
WaitForSingleObject
OpenMutexW
GetCurrentThreadId
ReleaseMutex
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetVersionExW
GetModuleFileNameW
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryW
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
InitializeCriticalSection
Sleep
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetFilePointer
HeapSize
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA

user32

DialogBoxParamW
GetDlgItem
EndPaint
MonitorFromPoint
IsDlgButtonChecked
EndDialog
BeginPaint
GetCursorPos
GetWindowRect
ShowWindow
MessageBoxW
SetWindowTextW
GetMonitorInfoW
MoveWindow

ws2_32

htonl

advapi32

SetEntriesInAclW
RegQueryValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegCloseKey
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW

shell32

SHGetFolderPathW

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/SpeedMeter.exe
.exe windows:4 windows x86 arch:x86

fa9b040212519faa86a622267b04a35e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\SpeedMeter.pdb

Imports

kernel32

LocalFree
GetVersionExW
MapViewOfFile
GetLastError
WideCharToMultiByte
CreateDirectoryW
CloseHandle
ReadFile
CreateFileW
Sleep
CreateThread
InterlockedExchange
InterlockedExchangeAdd
GetFileSize
MoveFileExW
GetTickCount
QueryPerformanceFrequency
GetCurrentThreadId
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GlobalAlloc
LCMapStringA
LCMapStringW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
HeapSize
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
GlobalLock
GlobalUnlock
GetCPInfo
GlobalFree

user32

CreateDialogParamW
SetWindowPos
DialogBoxParamW
SetWindowLongW
GetWindowLongW
DefWindowProcW
SetTimer
EmptyClipboard
GetDlgItem
EndDialog
SetClipboardData
OpenClipboard
CloseClipboard
MessageBoxW
SetWindowTextW
SetForegroundWindow
IsIconic
FindWindowW
ShowWindow

comctl32

InitCommonControlsEx

ws2_32

htonl

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueW
BuildExplicitAccessWithNameW
RegQueryValueExW
RegCreateKeyExW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW

shell32

SHGetFolderPathW

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/UserLogon.exe
.exe windows:4 windows x86 arch:x86

3179030321644109eec00300c261565d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

msimg32

TransparentBlt

kernel32

CreateThread
InterlockedExchange
InterlockedExchangeAdd
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
SetEndOfFile
GetDriveTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
GetCurrentProcessId
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetCurrentDirectoryA
GetFullPathNameW
CompareStringW
CompareStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoW
GetProcessHeap
GetVersionExA
InterlockedDecrement
GetTimeZoneInformation
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessW
GetModuleFileNameW
GetCurrentThreadId
OpenMutexW
WaitForSingleObject
CreateMutexW
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
MoveFileExW
FindFirstFileW
LocalFree
FindNextFileW
FindClose
GetTickCount
GetVersionExW
GetLastError
CloseHandle
CreateFileW
ReadFile
GetFileSize
FreeLibrary
LoadLibraryW
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
SetEnvironmentVariableA

user32

SetWindowLongW
GetWindowLongW
FillRect
CallWindowProcW
CreateDialogParamW
SetWindowPos
EndDialog
DialogBoxParamW
ReleaseDC
GetDC
DefWindowProcW
IsIconic
SetForegroundWindow
LoadIconW
SetFocus
GetDlgCtrlID
GetWindowTextW
SetWindowTextW
DrawFocusRect
EnableWindow
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
LoadBitmapW
GetDlgItem
MessageBoxW
InflateRect
SetCursor
PostMessageW
FindWindowW
GetSystemMetrics
ShowWindow
SetClassLongW
SendMessageW
LoadCursorW

gdi32

DeleteDC
CreateCompatibleDC
GetStockObject
BitBlt
SetTextColor
CreateSolidBrush
CreateFontIndirectW
SetBkMode
CreateCompatibleBitmap
DeleteObject
GetObjectW
SelectObject
GetTextExtentPoint32W

advapi32

RegQueryValueExW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
SetNamedSecurityInfoW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo

shell32

ShellExecuteW
SHGetFolderPathW
SHFileOperationW

comctl32

InitCommonControlsEx

ws2_32

htonl

wininet

InternetConnectW
HttpQueryInfoW
InternetQueryOptionW
InternetOpenW
InternetSetCookieW
InternetGetCookieW
InternetSetOptionW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlW
InternetOpenUrlW
HttpOpenRequestW

Sections

.text
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/UserPage.exe
.exe windows:4 windows x86 arch:x86

c4f00a801eca325d1858b6ed7ce9b0ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalAlloc
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

DispatchMessageW
GetClientRect
GetWindowLongW
SetWindowLongW
LoadIconW
RegisterClassExW
DefWindowProcW
UpdateWindow
GetMessageW
TranslateMessage
CreateWindowExW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
PostMessageW
PostQuitMessage

ole32

OleSetContainedObject
OleCreate
OleUninitialize
OleInitialize

oleaut32

VariantInit
SysAllocString
VariantClear

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/UsrDictUtil.exe
.exe windows:4 windows x86 arch:x86

b44e2ceb2223f9142281857853011198

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\UsrDictUtil.pdb

Imports

imm32

ImmDisableIME

kernel32

FindClose
WaitForSingleObject
OpenMutexW
GetLastError
GetCurrentThreadId
ReleaseMutex
CreateMutexW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
LocalFree
GetVersionExW
GetModuleFileNameW
ReadFile
GetTickCount
QueryPerformanceFrequency
Sleep
CreateThread
InterlockedExchange
InterlockedExchangeAdd
GetFileSize
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
MoveFileExW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindFirstFileW
DeleteFileW
CreateEventW
CloseHandle
OpenEventW
CreateDirectoryW
WideCharToMultiByte
CopyFileW
TlsGetValue

user32

MessageBoxW

ws2_32

htonl

advapi32

RegQueryValueW
RegQueryValueExW
RegCreateKeyExW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ZipLib.dll
.dll windows:4 windows x86 arch:x86

6647bba59701ffc0138cf0511d0bc7af

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexW
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
GetFileTime
FileTimeToLocalFileTime
GetVersion
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrlenW
lstrcmpiW
CreateFileA
GetDriveTypeW
GetFullPathNameW
DosDateTimeToFileTime
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
SetFileTime
GetLocaleInfoW
GetFileAttributesW
CreateFileW
SetVolumeLabelW
GetLocalTime
SetFileAttributesW
LocalFileTimeToFileTime
lstrcpyW
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
CloseHandle
ReleaseMutex
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
GetVolumeInformationA
InitializeCriticalSection
GetDriveTypeA
GetProcessHeap
GetLastError
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
MultiByteToWideChar
MoveFileW
CopyFileW
GetTempPathA
FindClose
FindFirstFileW
FindNextFileW
GetVolumeInformationW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InterlockedDecrement
GetCPInfo
MoveFileA
SetStdHandle
HeapReAlloc
GetFileInformationByHandle
PeekNamedPipe
RtlUnwind
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoA
Sleep
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
GetTimeZoneInformation
HeapSize
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorControl
IsValidAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueW
GetSecurityDescriptorSacl

Exports

Exports

UnZip
ZipFolder

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/config.exe
.exe windows:4 windows x86 arch:x86

2710c672b26a8ab4617dfcaf15a4719f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmSetOpenStatus

comctl32

InitCommonControlsEx

kernel32

IsValidCodePage
FindFirstFileW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
CloseHandle
GetLocalTime
CreateDirectoryW
GetTickCount
GetLastError
CreateProcessW
GetExitCodeProcess
OpenEventW
CopyFileW
DeleteFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
FlushFileBuffers
GetCurrentDirectoryA
GetFullPathNameW
HeapSize
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
FindResourceW
SizeofResource
LockResource
FindClose
LoadResource
LoadLibraryExW
ReadFile
GlobalFree
CreateFileW
GlobalAlloc
GlobalUnlock
GetFileSize
GlobalLock
GetVersionExW
FreeLibrary
LoadLibraryW
GetProcAddress
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
MoveFileExW
LocalFree
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
QueryPerformanceFrequency
Sleep
CreateThread
InterlockedExchange
InterlockedExchangeAdd
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetEnvironmentStringsW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
InitializeCriticalSection
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

GetWindowLongW
SetWindowLongW
GetWindowRect
GetDlgItem
IsIconic
FindWindowW
ClientToScreen
CreateWindowExW
GetWindowTextLengthW
ScreenToClient
SetForegroundWindow
BeginPaint
EndPaint
DrawTextW
FillRect
KillTimer
SetWindowTextW
EndDialog
SetTimer
CheckDlgButton
DefWindowProcW
LoadCursorW
SetWindowRgn
CreateDialogParamW
DialogBoxParamW
SetWindowPos
SetCursorPos
SetRect
PtInRect
LoadImageW
GetMonitorInfoW
MonitorFromPoint
IntersectRect
GetCursorPos
UpdateLayeredWindow
RedrawWindow
SetCapture
SetCursor
ReleaseCapture
GetCursor
SubtractRect
GetDesktopWindow
InflateRect
ShowWindow
LoadIconW
MessageBoxW
SendMessageW
GetClientRect
GetSystemMetrics
LoadStringW
EnableWindow
PostMessageW
SetDlgItemTextW
IsDlgButtonChecked
CheckRadioButton
InvalidateRect
SetFocus
GetWindowTextW
GetDC
ReleaseDC
MoveWindow
GetUpdateRect
OffsetRect

gdi32

GetPixel
SetPixel
CreateDIBSection
GdiFlush
OffsetRgn
CreateCompatibleBitmap
GetTextExtentPointW
ExtCreateRegion
CombineRgn
BitBlt
CreatePen
CreateCompatibleDC
GetDeviceCaps
SetViewportOrgEx
GetTextExtentPoint32W
CreateRectRgn
SelectClipRgn
EnumFontFamiliesExW
CreateSolidBrush
GetObjectW
SetTextColor
MoveToEx
SetBkMode
Rectangle
DeleteObject
DeleteDC
SelectObject
CreateFontIndirectW
TextOutW
StretchBlt
GetStockObject
LineTo

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW

shell32

ShellExecuteW
SHFileOperationW
SHGetFolderPathW

ws2_32

htonl

msimg32

TransparentBlt

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Sections

.text
Size: 452KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/sgim_annex.bin
InstTemp/sgim_bigram.bin
InstTemp/sgim_hz.bin
InstTemp/sgim_py.bin
InstTemp/sgim_sys.bin
InstTemp/userNetSchedule.exe
.exe windows:4 windows x86 arch:x86

452a926ae9d2eb625245455d39b83601

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\userNetSchedule.pdb

Imports

imm32

ImmDisableIME

kernel32

GetStartupInfoA
GetModuleHandleW
MoveFileExW
GetTempFileNameW
CreateDirectoryW
CopyFileW
DeleteFileW
WideCharToMultiByte
FindFirstFileW
FindClose
RemoveDirectoryW
FindNextFileW
CreateMutexW
WaitForSingleObject
OpenMutexW
GetLastError
GetCurrentThreadId
ReleaseMutex
GetTickCount
SleepEx
CreateEventW
OpenEventW
GetVersionExW
GetModuleFileNameW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
LocalFree
ReadFile
InterlockedExchange
CreateThread
InterlockedExchangeAdd
Sleep
GetFileSize
QueryPerformanceFrequency
FreeLibrary
LoadLibraryW
GetProcAddress
MultiByteToWideChar
HeapAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
InterlockedDecrement
HeapFree
GetVersionExA
GetProcessHeap
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeZoneInformation
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
CloseHandle
TlsFree
InterlockedIncrement
SetLastError
LoadLibraryA
InitializeCriticalSection
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
TlsSetValue
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetFilePointer
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateProcessW

user32

EndPaint
AdjustWindowRect
PtInRect
BeginPaint
FindWindowW
GetSystemMetrics
SubtractRect
LoadCursorW
GetLastInputInfo
GetCursorPos
DrawTextW
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
InvalidateRect
GetMessageW
IntersectRect
GetWindowRect
SetTimer
DispatchMessageW
RegisterClassExW
LoadIconW
CreateWindowExW
DestroyWindow
DefWindowProcW
TranslateMessage
PostQuitMessage
SetCursor
MessageBoxW

shell32

SHGetFolderPathW
Shell_NotifyIconW

ws2_32

htonl

ziplib

UnZip
ZipFolder

wininet

HttpAddRequestHeadersW
HttpQueryInfoW
InternetOpenUrlW
HttpEndRequestW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
InternetConnectW
InternetWriteFile
HttpSendRequestW
InternetSetOptionW
InternetGetCookieW
InternetCanonicalizeUrlW
InternetSetCookieW
HttpSendRequestExW
InternetQueryOptionW
InternetOpenW

gdi32

MoveToEx
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
SetViewportOrgEx
LineTo
SetTextColor
DeleteDC
CreateFontIndirectW
CreatePen
SetBkMode
DeleteObject
SelectObject
CreateSolidBrush

advapi32

RegCreateKeyExW
RegQueryValueW
RegQueryValueExW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MoHuYin.ini
PinyinUp.exe
.exe windows:4 windows x86 arch:x86

fbed6d3cdca258546bf123861efb423a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\PinyinUp.pdb

Imports

wininet

HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

comctl32

ord17

shlwapi

StrCmpIW

imm32

ImmDisableIME

kernel32

WriteFile
GetCurrentProcess
HeapFree
ReadFile
CreateFileW
CreateEventW
CreateProcessW
MoveFileExW
DeleteFileW
OpenEventW
GetPrivateProfileStringW
GetVersionExW
SetEnvironmentVariableA
ResumeThread
CompareStringA
GetDriveTypeA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
HeapAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
SuspendThread
CloseHandle
WaitForSingleObject
MultiByteToWideChar
FindFirstFileW
CopyFileW
CreateDirectoryW
FindClose
FindNextFileW
GetTempPathW
LocalFree
FormatMessageW
GetLastError
GetCommandLineW
CreateFileMappingW
GetProcessHeap
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
GetConsoleCP
GetFullPathNameW
CompareStringW
WideCharToMultiByte
GetModuleFileNameW
CreateMutexW
OpenMutexW
GetCurrentThreadId
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
FreeEnvironmentStringsW
OpenFileMappingW
GetTickCount
QueryPerformanceFrequency
InterlockedExchange
InterlockedExchangeAdd
Sleep
CreateThread
GetFileSize
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
LoadLibraryA
GetCommandLineA
GetVersionExA
GetStartupInfoA
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeZoneInformation
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentDirectoryA

user32

SetTimer
ExitWindowsEx
GetWindowTextW
DispatchMessageW
GetMessageW
TranslateMessage
GetClassLongW
GetWindowLongW
PostQuitMessage
EndPaint
MessageBoxW
BeginPaint
CreateWindowExW
GetSystemMetrics
DefWindowProcW
SetWindowLongW
LoadCursorW
LoadIconW
ShowWindow
SetWindowTextW
SetWindowPos
SendMessageW
RegisterClassW

gdi32

GetStockObject
CreateFontIndirectW
DeleteObject

advapi32

LookupAccountSidW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
RegQueryValueW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetSecurityInfo

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW

ws2_32

htonl

hwsignature

GenHWID

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Punctures.ini
Resource.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScdMaker.exe
.exe windows:4 windows x86 arch:x86

88abcbd1a51141f0301cfd296d17116b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\ScdMaker.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateFileMappingW
OpenFileMappingW
LocalFree
FindFirstFileW
FindClose
OpenMutexW
GetCurrentThreadId
ReleaseMutex
CreateMutexW
WaitForSingleObject
MoveFileExW
GetVersionExW
GetModuleFileNameW
ReadFile
GetTickCount
QueryPerformanceFrequency
InterlockedExchangeAdd
Sleep
CreateThread
InterlockedExchange
GetFileSize
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetFullPathNameW
GetCurrentDirectoryA
UnmapViewOfFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
GetLocaleInfoW
CreateFileA
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
MapViewOfFile
CreateFileW
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
CreateDirectoryW
DeleteFileW
GetLastError

user32

MessageBoxW

advapi32

RegQueryValueW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ScdReg.exe
.exe windows:4 windows x86 arch:x86

c9669d1f462715324739c7822f9ffad6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\ScdReg.pdb

Imports

imm32

ImmDisableIME

kernel32

GetModuleFileNameW
GetLastError
WaitForSingleObject
OpenMutexW
GetCurrentThreadId
ReleaseMutex
CloseHandle
CreateMutexW
CreateEventW
OpenEventW
MultiByteToWideChar
ReadFile
CreateFileW
MoveFileExW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
CreateThread
InterlockedExchange
InterlockedExchangeAdd
GetTickCount
QueryPerformanceFrequency
GetFileSize
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetVersionExW
LCMapStringW
GetCPInfo
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
WideCharToMultiByte
CopyFileW
CreateDirectoryW
GetCurrentDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
LCMapStringA

user32

MessageBoxW

advapi32

SetNamedSecurityInfoW
RegQueryValueW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ScdViewer.exe
.exe windows:4 windows x86 arch:x86

8683975be732665dbe929ba4bf34d476

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\ScdViewer.pdb

Imports

user32

GetSystemMetrics
SendMessageW
GetDlgItem
EndDialog
DialogBoxParamW
GetWindowRect
SetWindowPos
MessageBoxW

gdi32

GetStockObject

kernel32

CompareStringA
CreateFileA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
CompareStringW
SetLastError
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
CloseHandle
GetTimeZoneInformation
ReadFile
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CreateFileW
LoadLibraryA
GetLocaleInfoW

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ShuangPinSchemes/ABC.ini
ShuangPinSchemes/MS2003.ini
ShuangPinSchemes/PinyinJiaJia.ini
ShuangPinSchemes/Sogou.ini
ShuangPinSchemes/ZiGuang.ini
ShuangPinSchemes/ZiRanMa.ini
SkinReg.exe
.exe windows:4 windows x86 arch:x86

6c4067b0ae40cc2321708c248c817f5f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\SkinReg.pdb

Imports

kernel32

GetLongPathNameW
DeleteFileW
SetEnvironmentVariableA
CompareStringW
WideCharToMultiByte
CreateDirectoryW
CopyFileW
GetLastError
FindFirstFileW
FindClose
FindNextFileW
LocalFree
CloseHandle
CreateMutexW
WaitForSingleObject
OpenMutexW
GetCurrentThreadId
ReleaseMutex
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetVersionExW
GetModuleFileNameW
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryW
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
InitializeCriticalSection
Sleep
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetFilePointer
HeapSize
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA

user32

DialogBoxParamW
GetDlgItem
EndPaint
MonitorFromPoint
IsDlgButtonChecked
EndDialog
BeginPaint
GetCursorPos
GetWindowRect
ShowWindow
MessageBoxW
SetWindowTextW
GetMonitorInfoW
MoveWindow

ws2_32

htonl

advapi32

SetEntriesInAclW
RegQueryValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegCloseKey
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW

shell32

SHGetFolderPathW

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SpeedMeter.exe
.exe windows:4 windows x86 arch:x86

fa9b040212519faa86a622267b04a35e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\SpeedMeter.pdb

Imports

kernel32

LocalFree
GetVersionExW
MapViewOfFile
GetLastError
WideCharToMultiByte
CreateDirectoryW
CloseHandle
ReadFile
CreateFileW
Sleep
CreateThread
InterlockedExchange
InterlockedExchangeAdd
GetFileSize
MoveFileExW
GetTickCount
QueryPerformanceFrequency
GetCurrentThreadId
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GlobalAlloc
LCMapStringA
LCMapStringW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
HeapSize
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
GlobalLock
GlobalUnlock
GetCPInfo
GlobalFree

user32

CreateDialogParamW
SetWindowPos
DialogBoxParamW
SetWindowLongW
GetWindowLongW
DefWindowProcW
SetTimer
EmptyClipboard
GetDlgItem
EndDialog
SetClipboardData
OpenClipboard
CloseClipboard
MessageBoxW
SetWindowTextW
SetForegroundWindow
IsIconic
FindWindowW
ShowWindow

comctl32

InitCommonControlsEx

ws2_32

htonl

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueW
BuildExplicitAccessWithNameW
RegQueryValueExW
RegCreateKeyExW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW

shell32

SHGetFolderPathW

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
UserLogon.exe
.exe windows:4 windows x86 arch:x86

3179030321644109eec00300c261565d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

msimg32

TransparentBlt

kernel32

CreateThread
InterlockedExchange
InterlockedExchangeAdd
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
SetEndOfFile
GetDriveTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
GetCurrentProcessId
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetCurrentDirectoryA
GetFullPathNameW
CompareStringW
CompareStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoW
GetProcessHeap
GetVersionExA
InterlockedDecrement
GetTimeZoneInformation
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessW
GetModuleFileNameW
GetCurrentThreadId
OpenMutexW
WaitForSingleObject
CreateMutexW
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
MoveFileExW
FindFirstFileW
LocalFree
FindNextFileW
FindClose
GetTickCount
GetVersionExW
GetLastError
CloseHandle
CreateFileW
ReadFile
GetFileSize
FreeLibrary
LoadLibraryW
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
SetEnvironmentVariableA

user32

SetWindowLongW
GetWindowLongW
FillRect
CallWindowProcW
CreateDialogParamW
SetWindowPos
EndDialog
DialogBoxParamW
ReleaseDC
GetDC
DefWindowProcW
IsIconic
SetForegroundWindow
LoadIconW
SetFocus
GetDlgCtrlID
GetWindowTextW
SetWindowTextW
DrawFocusRect
EnableWindow
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
LoadBitmapW
GetDlgItem
MessageBoxW
InflateRect
SetCursor
PostMessageW
FindWindowW
GetSystemMetrics
ShowWindow
SetClassLongW
SendMessageW
LoadCursorW

gdi32

DeleteDC
CreateCompatibleDC
GetStockObject
BitBlt
SetTextColor
CreateSolidBrush
CreateFontIndirectW
SetBkMode
CreateCompatibleBitmap
DeleteObject
GetObjectW
SelectObject
GetTextExtentPoint32W

advapi32

RegQueryValueExW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
SetNamedSecurityInfoW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo

shell32

ShellExecuteW
SHGetFolderPathW
SHFileOperationW

comctl32

InitCommonControlsEx

ws2_32

htonl

wininet

InternetConnectW
HttpQueryInfoW
InternetQueryOptionW
InternetOpenW
InternetSetCookieW
InternetGetCookieW
InternetSetOptionW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlW
InternetOpenUrlW
HttpOpenRequestW

Sections

.text
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UserPage.exe
.exe windows:4 windows x86 arch:x86

c4f00a801eca325d1858b6ed7ce9b0ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalAlloc
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

DispatchMessageW
GetClientRect
GetWindowLongW
SetWindowLongW
LoadIconW
RegisterClassExW
DefWindowProcW
UpdateWindow
GetMessageW
TranslateMessage
CreateWindowExW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
PostMessageW
PostQuitMessage

ole32

OleSetContainedObject
OleCreate
OleUninitialize
OleInitialize

oleaut32

VariantInit
SysAllocString
VariantClear

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UsrDictUtil.exe
.exe windows:4 windows x86 arch:x86

b44e2ceb2223f9142281857853011198

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\UsrDictUtil.pdb

Imports

imm32

ImmDisableIME

kernel32

FindClose
WaitForSingleObject
OpenMutexW
GetLastError
GetCurrentThreadId
ReleaseMutex
CreateMutexW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
LocalFree
GetVersionExW
GetModuleFileNameW
ReadFile
GetTickCount
QueryPerformanceFrequency
Sleep
CreateThread
InterlockedExchange
InterlockedExchangeAdd
GetFileSize
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
MoveFileExW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindFirstFileW
DeleteFileW
CreateEventW
CloseHandle
OpenEventW
CreateDirectoryW
WideCharToMultiByte
CopyFileW
TlsGetValue

user32

MessageBoxW

ws2_32

htonl

advapi32

RegQueryValueW
RegQueryValueExW
RegCreateKeyExW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZipLib.dll
.dll windows:4 windows x86 arch:x86

6647bba59701ffc0138cf0511d0bc7af

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexW
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
GetFileTime
FileTimeToLocalFileTime
GetVersion
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrlenW
lstrcmpiW
CreateFileA
GetDriveTypeW
GetFullPathNameW
DosDateTimeToFileTime
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
SetFileTime
GetLocaleInfoW
GetFileAttributesW
CreateFileW
SetVolumeLabelW
GetLocalTime
SetFileAttributesW
LocalFileTimeToFileTime
lstrcpyW
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
CloseHandle
ReleaseMutex
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
GetVolumeInformationA
InitializeCriticalSection
GetDriveTypeA
GetProcessHeap
GetLastError
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
MultiByteToWideChar
MoveFileW
CopyFileW
GetTempPathA
FindClose
FindFirstFileW
FindNextFileW
GetVolumeInformationW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InterlockedDecrement
GetCPInfo
MoveFileA
SetStdHandle
HeapReAlloc
GetFileInformationByHandle
PeekNamedPipe
RtlUnwind
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoA
Sleep
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
GetTimeZoneInformation
HeapSize
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorControl
IsValidAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueW
GetSecurityDescriptorSacl

Exports

Exports

UnZip
ZipFolder

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.exe
.exe windows:4 windows x86 arch:x86

2710c672b26a8ab4617dfcaf15a4719f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmSetOpenStatus

comctl32

InitCommonControlsEx

kernel32

IsValidCodePage
FindFirstFileW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
CloseHandle
GetLocalTime
CreateDirectoryW
GetTickCount
GetLastError
CreateProcessW
GetExitCodeProcess
OpenEventW
CopyFileW
DeleteFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
FlushFileBuffers
GetCurrentDirectoryA
GetFullPathNameW
HeapSize
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
FindResourceW
SizeofResource
LockResource
FindClose
LoadResource
LoadLibraryExW
ReadFile
GlobalFree
CreateFileW
GlobalAlloc
GlobalUnlock
GetFileSize
GlobalLock
GetVersionExW
FreeLibrary
LoadLibraryW
GetProcAddress
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
MoveFileExW
LocalFree
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
QueryPerformanceFrequency
Sleep
CreateThread
InterlockedExchange
InterlockedExchangeAdd
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetEnvironmentStringsW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
InitializeCriticalSection
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

GetWindowLongW
SetWindowLongW
GetWindowRect
GetDlgItem
IsIconic
FindWindowW
ClientToScreen
CreateWindowExW
GetWindowTextLengthW
ScreenToClient
SetForegroundWindow
BeginPaint
EndPaint
DrawTextW
FillRect
KillTimer
SetWindowTextW
EndDialog
SetTimer
CheckDlgButton
DefWindowProcW
LoadCursorW
SetWindowRgn
CreateDialogParamW
DialogBoxParamW
SetWindowPos
SetCursorPos
SetRect
PtInRect
LoadImageW
GetMonitorInfoW
MonitorFromPoint
IntersectRect
GetCursorPos
UpdateLayeredWindow
RedrawWindow
SetCapture
SetCursor
ReleaseCapture
GetCursor
SubtractRect
GetDesktopWindow
InflateRect
ShowWindow
LoadIconW
MessageBoxW
SendMessageW
GetClientRect
GetSystemMetrics
LoadStringW
EnableWindow
PostMessageW
SetDlgItemTextW
IsDlgButtonChecked
CheckRadioButton
InvalidateRect
SetFocus
GetWindowTextW
GetDC
ReleaseDC
MoveWindow
GetUpdateRect
OffsetRect

gdi32

GetPixel
SetPixel
CreateDIBSection
GdiFlush
OffsetRgn
CreateCompatibleBitmap
GetTextExtentPointW
ExtCreateRegion
CombineRgn
BitBlt
CreatePen
CreateCompatibleDC
GetDeviceCaps
SetViewportOrgEx
GetTextExtentPoint32W
CreateRectRgn
SelectClipRgn
EnumFontFamiliesExW
CreateSolidBrush
GetObjectW
SetTextColor
MoveToEx
SetBkMode
Rectangle
DeleteObject
DeleteDC
SelectObject
CreateFontIndirectW
TextOutW
StretchBlt
GetStockObject
LineTo

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW

shell32

ShellExecuteW
SHFileOperationW
SHGetFolderPathW

ws2_32

htonl

msimg32

TransparentBlt

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Sections

.text
Size: 452KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
phrases.ini
plugin/SgImeWord.dll
.dll windows:4 windows x86 arch:x86

f91f5cbdb7900bcd01edd1ba46fa5f65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
OutputDebugStringW
MulDiv
lstrlenA
lstrcpynW
DebugBreak
Sleep
GlobalLock
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadResource
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryA
InitializeCriticalSection
FreeLibrary
GetFileAttributesW
GetVersion
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
FindResourceW
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
EnterCriticalSection
SizeofResource
lstrlenW
SetLastError
GetLastError
MultiByteToWideChar
OutputDebugStringA
GetCurrentThreadId
RaiseException
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
GetCommandLineA
HeapDestroy
HeapCreate

user32

CharNextW
IsWindow
ShowWindow
GetClassLongW
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
keybd_event
EmptyClipboard
GetClipboardData
PtInRect
ScreenToClient
SetCursor
LoadCursorW
GetCursorPos
LoadStringW
DrawTextW
GetSystemMetrics
GetWindow
GetClientRect
DestroyWindow
GetParent
SetFocus
GetDC
ReleaseDC
SendMessageW
GetDlgItem
GetWindowLongW
LoadImageW
DestroyIcon
MapWindowPoints
SetWindowTextW
GetWindowTextW
CallWindowProcW
DefWindowProcW
GetKeyState
SystemParametersInfoW
wvsprintfW
GetWindowRect
InvalidateRect
CreateDialogParamW
SetWindowLongW
SetWindowPos
UnregisterClassA

gdi32

SetTextColor
SetBkMode
LineTo
CreateFontIndirectW
ExtTextOutW
MoveToEx
SelectObject
DPtoLP
CreateCompatibleBitmap
CreatePen
DeleteDC
BitBlt
CreateCompatibleDC
SetBkColor
DeleteObject
GetDeviceCaps

advapi32

RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

msimg32

TransparentBlt

Exports

Exports

fnCreateMain
fnCreateSimple
fnDestroyMain
fnDestroySimple
fnGetMainWindowPos
fnGetSimpleWindowPos
fnPutWords
fnPutWordsSimple
fnSetCloseMainCb
fnSetMainIMEWnd
fnSetMainPutInWnd
fnSetSimpleIMEWnd
fnSetSimplePutInWnd
fnSetWindowPos
fnSetWindowWords
fnShowMain
fnShowSimple

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scd/ʫ.scel
scd/¸top180.scel
scd/δʾѡ.scel
scd/йƱ.scel
scd/ʫ300.scel
scd/´.scel
scdlist.ini
sgim_annex.bin
sgim_bigram.bin
sgim_hz.bin
sgim_py.bin
sgim_sys.bin
userNetSchedule.exe
.exe windows:4 windows x86 arch:x86

452a926ae9d2eb625245455d39b83601

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime30f\Bin\SogouInput\userNetSchedule.pdb

Imports

imm32

ImmDisableIME

kernel32

GetStartupInfoA
GetModuleHandleW
MoveFileExW
GetTempFileNameW
CreateDirectoryW
CopyFileW
DeleteFileW
WideCharToMultiByte
FindFirstFileW
FindClose
RemoveDirectoryW
FindNextFileW
CreateMutexW
WaitForSingleObject
OpenMutexW
GetLastError
GetCurrentThreadId
ReleaseMutex
GetTickCount
SleepEx
CreateEventW
OpenEventW
GetVersionExW
GetModuleFileNameW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
LocalFree
ReadFile
InterlockedExchange
CreateThread
InterlockedExchangeAdd
Sleep
GetFileSize
QueryPerformanceFrequency
FreeLibrary
LoadLibraryW
GetProcAddress
MultiByteToWideChar
HeapAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
InterlockedDecrement
HeapFree
GetVersionExA
GetProcessHeap
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeZoneInformation
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
CloseHandle
TlsFree
InterlockedIncrement
SetLastError
LoadLibraryA
InitializeCriticalSection
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
TlsSetValue
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetFilePointer
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateProcessW

user32

EndPaint
AdjustWindowRect
PtInRect
BeginPaint
FindWindowW
GetSystemMetrics
SubtractRect
LoadCursorW
GetLastInputInfo
GetCursorPos
DrawTextW
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
InvalidateRect
GetMessageW
IntersectRect
GetWindowRect
SetTimer
DispatchMessageW
RegisterClassExW
LoadIconW
CreateWindowExW
DestroyWindow
DefWindowProcW
TranslateMessage
PostQuitMessage
SetCursor
MessageBoxW

shell32

SHGetFolderPathW
Shell_NotifyIconW

ws2_32

htonl

ziplib

UnZip
ZipFolder

wininet

HttpAddRequestHeadersW
HttpQueryInfoW
InternetOpenUrlW
HttpEndRequestW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
InternetConnectW
InternetWriteFile
HttpSendRequestW
InternetSetOptionW
InternetGetCookieW
InternetCanonicalizeUrlW
InternetSetCookieW
HttpSendRequestExW
InternetQueryOptionW
InternetOpenW

gdi32

MoveToEx
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
SetViewportOrgEx
LineTo
SetTextColor
DeleteDC
CreateFontIndirectW
CreatePen
SetBkMode
DeleteObject
SelectObject
CreateSolidBrush

advapi32

RegCreateKeyExW
RegQueryValueW
RegQueryValueExW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 192KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 7KB - Virtual size: 8KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 22KB

.reloc Size: 1024B - Virtual size: 734B

277527a2d53f2e5d7a108da500f31b2b

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 8KB

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

Imports

kernel32

user32

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

UPX0
Size: - Virtual size: 192KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 22KB

.reloc
Size: 1024B - Virtual size: 734B

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 516KB - Virtual size: 513KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 140KB - Virtual size: 164KB

.rsrc
Size: 84KB - Virtual size: 81KB

.reloc
Size: 36KB - Virtual size: 32KB

.text
Size: 516KB - Virtual size: 513KB