filename | c6906207826fd8b30a0c4a27b9b50e7f9b1fa55aea8c582ebb4b6a8c6b5fc52e.exe | |
---|---|---|
size | 79608 (0x136f8) | |
md5 | b6021aadc9379c73bdc4ba55bbb6d4d2 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text | 0x1000 | 0xc1d6 | 0xd000 | R-X CODE | |
.rdata | 0xe000 | 0xe44 | 0x1000 | R-- IDATA | |
.data | 0xf000 | 0x6140 | 0x4000 | RW- IDATA |
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0xe768 | 0x64 | |
RESOURCE | 0 | 0 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0x13000 | 0x6f8 | |
BASERELOC | 0 | 0 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0xe000 | 0x158 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.dll | 369 | GetLastError | |
KERNEL32.dll | 372 | GetLocaleInfoA | |
KERNEL32.dll | 381 | GetModuleFileNameA | |
KERNEL32.dll | 96 | CreateMutexA | |
KERNEL32.dll | 350 | GetFileAttributesA | |
KERNEL32.dll | 622 | MoveFileA | |
KERNEL32.dll | 854 | Sleep | |
KERNEL32.dll | 793 | SetFileAttributesA | |
KERNEL32.dll | 371 | GetLocalTime | |
KERNEL32.dll | 67 | CopyFileA | |
KERNEL32.dll | 416 | GetProcAddress | |
KERNEL32.dll | 594 | LoadLibraryA | |
KERNEL32.dll | 489 | GetVersionExA | |
KERNEL32.dll | 276 | GetComputerNameA | |
KERNEL32.dll | 966 | lstrcpyA | |
KERNEL32.dll | 52 | CloseHandle | |
KERNEL32.dll | 693 | ReadFile | |
KERNEL32.dll | 355 | GetFileSize | |
KERNEL32.dll | 83 | CreateFileA | |
KERNEL32.dll | 784 | SetEndOfFile | |
KERNEL32.dll | 823 | SetStdHandle | |
KERNEL32.dll | 445 | GetStringTypeW | |
KERNEL32.dll | 442 | GetStringTypeA | |
KERNEL32.dll | 581 | LCMapStringW | |
KERNEL32.dll | 580 | LCMapStringA | |
KERNEL32.dll | 629 | MultiByteToWideChar | |
KERNEL32.dll | 131 | DeleteFileA | |
KERNEL32.dll | 75 | CreateDirectoryA | |
KERNEL32.dll | 238 | FlushFileBuffers | |
KERNEL32.dll | 534 | HeapFree | |
KERNEL32.dll | 528 | HeapAlloc | |
KERNEL32.dll | 538 | HeapReAlloc | |
KERNEL32.dll | 383 | GetModuleHandleA | |
KERNEL32.dll | 439 | GetStartupInfoA | |
KERNEL32.dll | 272 | GetCommandLineA | |
KERNEL32.dll | 488 | GetVersion | |
KERNEL32.dll | 185 | ExitProcess | |
KERNEL32.dll | 862 | TerminateProcess | |
KERNEL32.dll | 322 | GetCurrentProcess | |
KERNEL32.dll | 260 | GetCPInfo | |
KERNEL32.dll | 253 | GetACP | |
KERNEL32.dll | 403 | GetOEMCP | |
KERNEL32.dll | 152 | EnterCriticalSection | |
KERNEL32.dll | 593 | LeaveCriticalSection | |
KERNEL32.dll | 932 | WriteFile | |
KERNEL32.dll | 547 | InitializeCriticalSection | |
KERNEL32.dll | 344 | GetEnvironmentVariableA | |
KERNEL32.dll | 532 | HeapDestroy | |
KERNEL32.dll | 530 | HeapCreate | |
KERNEL32.dll | 899 | VirtualFree | |
KERNEL32.dll | 897 | VirtualAlloc | |
KERNEL32.dll | 129 | DeleteCriticalSection | |
KERNEL32.dll | 727 | RtlUnwind | |
KERNEL32.dll | 326 | GetCurrentThreadId | |
KERNEL32.dll | 870 | TlsSetValue | |
KERNEL32.dll | 867 | TlsAlloc | |
KERNEL32.dll | 808 | SetLastError | |
KERNEL32.dll | 869 | TlsGetValue | |
KERNEL32.dll | 552 | InterlockedDecrement | |
KERNEL32.dll | 556 | InterlockedIncrement | |
KERNEL32.dll | 878 | UnhandledExceptionFilter | |
KERNEL32.dll | 246 | FreeEnvironmentStringsA | |
KERNEL32.dll | 247 | FreeEnvironmentStringsW | |
KERNEL32.dll | 916 | WideCharToMultiByte | |
KERNEL32.dll | 341 | GetEnvironmentStrings | |
KERNEL32.dll | 343 | GetEnvironmentStringsW | |
KERNEL32.dll | 804 | SetHandleCount | |
KERNEL32.dll | 441 | GetStdHandle | |
KERNEL32.dll | 358 | GetFileType | |
KERNEL32.dll | 795 | SetFilePointer | |
USER32.dll | 727 | wsprintfA | |
SHELL32.dll | 196 | SHGetSpecialFolderPathA | |
WS2_32.dll | 9 | ||
WS2_32.dll | 4 | ||
WS2_32.dll | 52 | ||
WS2_32.dll | 116 | ||
WS2_32.dll | 115 | ||
WS2_32.dll | 3 | ||
WS2_32.dll | 19 | ||
WS2_32.dll | 16 | ||
WS2_32.dll | 23 | ||
WS2_32.dll | 11 |
Signers (1)
issuer: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2
serial: 54D0350CA95FC41971A142D59D767FBA
Certificates (1)
Certificate: Data: Version: 3 (0x2) Serial Number: 54:d0:35:0c:a9:5f:c4:19:71:a1:42:d5:9d:76:7f:ba Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA - G2 Validity Not Before: Jul 31 00:00:00 2013 GMT Not After : Jul 30 23:59:59 2014 GMT Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Manha Plaza Xingwangbotongxunchanpin Firm, CN=Shenzhen Manha Plaza Xingwangbotongxunchanpin Firm Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:81:75:49:82:6c:bc:8e:5d:77:ab:b4:17:07:1a: 8b:8b:7f:3e:ac:5b:c7:35:3c:59:ec:0e:01:d9:87: 60:eb:df:f0:83:01:2d:8c:9e:36:6c:85:e9:0d:32: db:99:ff:75:68:8e:e8:cb:2b:6e:25:57:d5:d6:d4: 20:23:8c:00:25:4f:8c:ab:87:06:9e:8e:ff:db:4e: a4:5d:3d:19:53:38:8e:7c:4c:c4:c3:54:f2:e2:4b: d4:88:ad:da:f8:1a:24:8a:1c:4f:15:24:71:52:c8: 38:de:5f:4d:85:4c:5c:05:d5:d2:84:1e:23:18:bc: 62:84:80:82:d5:a7:2f:9f:7a:5e:80:2d:df:a6:25: ae:d3:f4:ab:4e:bc:46:dd:6a:2a:5a:38:70:51:ed: 88:bf:83:1c:06:13:1a:16:19:12:6e:fa:d1:35:52: c7:ba:a4:bf:05:52:f4:e6:0c:78:6c:f7:50:d1:5d: c8:6d:f5:31:70:6b:3d:0b:24:e2:18:bf:e8:e9:e9: 1b:f7:62:5e:12:04:e9:2e:c3:fd:d0:41:66:91:39: 53:f7:a2:70:74:97:b4:2e:9e:61:28:10:b2:04:2d: da:eb:9b:25:cd:ad:24:15:f9:8b:95:42:43:0c:f4: b9:95:d2:81:30:9f:88:c6:dd:7c:51:ed:37:b2:1d: f0:21 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://cs-g2-crl.thawte.com/ThawteCSG2.crl X509v3 Extended Key Usage: Code Signing, Microsoft Commercial Code Signing 2.5.29.4: 0.0.0.. +.....7....... Authority Information Access: OCSP - URI:http://ocsp.thawte.com Netscape Cert Type: Object Signing Signature Algorithm: sha1WithRSAEncryption ab:bc:e2:17:d0:01:1a:ab:7a:14:5b:dc:7a:0b:84:12:10:5d: cc:d6:22:4f:52:6d:81:b1:ed:a2:67:fb:03:49:56:22:37:b0: 7f:88:31:84:2f:66:cb:8a:36:73:04:68:42:bf:f9:c0:1c:a2: b7:ba:9a:94:d3:ec:d3:49:bc:ec:db:8c:db:20:9c:54:98:3b: eb:2b:c4:c3:bf:1a:8a:f7:94:c8:62:ff:7f:13:99:53:8f:60: be:23:08:6b:69:c9:62:d9:56:d6:e0:18:3d:ee:f5:07:44:d9: 5e:0f:26:5a:c7:57:90:8e:9a:0f:60:13:b7:c7:f9:a2:c5:16: 5f:c6:a4:db:f4:d7:85:07:04:b1:94:5a:75:d0:f9:dc:4b:51: 2c:6f:88:3d:03:d2:3e:1c:00:e9:cb:2e:79:12:32:e7:4b:b6: 7d:ec:47:52:8a:79:c5:0a:5d:03:e6:13:37:59:a5:a8:5e:3a: e7:1f:bf:b5:96:32:18:ac:4c:94:4c:7c:4b:96:fd:00:46:9f: 03:75:59:92:3b:d0:af:32:e3:b0:b2:c2:17:95:75:79:b4:fc: 3e:ba:9c:74:56:a8:27:56:28:ad:59:12:46:a3:4e:84:73:4f: 4c:7f:ff:13:24:0b:3e:a2:ac:49:7a:37:61:51:fa:ce:cf:9c: 44:1d:e4:b5
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
15 ca 22 49 a5 67 a0 57 5b 2b 2e d5 70 14 c7 3b |.."I.g.W[+..p..;| eb d4 39 7d |..9} |
- 1.3.6.1.4.1.311.2.1.15
- #0
- Certificate #2
- 2
- 54:D0:35:0C:A9:5F:C4:19:71:A1:42:D5:9D:76:7F:BA
- RSA-SHA1: nil
- Issuer
- C: US
- O: Thawte, Inc.
- CN: Thawte Code Signing CA - G2
- 2013-07-31 00:00:00 UTC: 2014-07-30 23:59:59 UTC
- Subject
- C: CN
- ST: Guangdong
- L: Shenzhen
- O: Shenzhen Manha Plaza Xingwangbotongxunchanpin Firm
- CN: Shenzhen Manha Plaza Xingwangbotongxunchanpin Firm
- #5
- rsaEncryption: nil
- 81:75:49:82:6C:BC:8E:5D:77:AB:B4:17:07:1A:8B:8B:
7F:3E:AC:5B:C7:35:3C:59:EC:0E:01:D9:87:60:EB:DF:
F0:83:01:2D:8C:9E:36:6C:85:E9:0D:32:DB:99:FF:75:
68:8E:E8:CB:2B:6E:25:57:D5:D6:D4:20:23:8C:00:25:
4F:8C:AB:87:06:9E:8E:FF:DB:4E:A4:5D:3D:19:53:38:
8E:7C:4C:C4:C3:54:F2:E2:4B:D4:88:AD:DA:F8:1A:24:
8A:1C:4F:15:24:71:52:C8:38:DE:5F:4D:85:4C:5C:05:
D5:D2:84:1E:23:18:BC:62:84:80:82:D5:A7:2F:9F:7A:
5E:80:2D:DF:A6:25:AE:D3:F4:AB:4E:BC:46:DD:6A:2A:
5A:38:70:51:ED:88:BF:83:1C:06:13:1A:16:19:12:6E:
FA:D1:35:52:C7:BA:A4:BF:05:52:F4:E6:0C:78:6C:F7:
50:D1:5D:C8:6D:F5:31:70:6B:3D:0B:24:E2:18:BF:E8:
E9:E9:1B:F7:62:5E:12:04:E9:2E:C3:FD:D0:41:66:91:
39:53:F7:A2:70:74:97:B4:2E:9E:61:28:10:B2:04:2D:
DA:EB:9B:25:CD:AD:24:15:F9:8B:95:42:43:0C:F4:B9:
95:D2:81:30:9F:88:C6:DD:7C:51:ED:37:B2:1D:F0:21: 0x010001
- X509v3 extensions
- basicConstraints
- true
- nil
- crlDistributionPoints: http://cs-g2-crl.thawte.com/ThawteCSG2.crl
- extendedKeyUsage
- codeSigning: msCodeCom
- 2.5.29.4
- msCodeCom: 0x80
- authorityInfoAccess
- OCSP: http://ocsp.thawte.com
- nsCertType: 0x10
- basicConstraints
- RSA-SHA1:
ab bc e2 17 d0 01 1a ab 7a 14 5b dc 7a 0b 84 12 |........z.[.z...| 10 5d cc d6 22 4f 52 6d 81 b1 ed a2 67 fb 03 49 |.].."ORm....g..I| 56 22 37 b0 7f 88 31 84 2f 66 cb 8a 36 73 04 68 |V"7...1./f..6s.h| 42 bf f9 c0 1c a2 b7 ba 9a 94 d3 ec d3 49 bc ec |B............I..| db 8c db 20 9c 54 98 3b eb 2b c4 c3 bf 1a 8a f7 |... .T.;.+......| 94 c8 62 ff 7f 13 99 53 8f 60 be 23 08 6b 69 c9 |..b....S.`.#.ki.| 62 d9 56 d6 e0 18 3d ee f5 07 44 d9 5e 0f 26 5a |b.V...=...D.^.&Z| c7 57 90 8e 9a 0f 60 13 b7 c7 f9 a2 c5 16 5f c6 |.W....`......._.| a4 db f4 d7 85 07 04 b1 94 5a 75 d0 f9 dc 4b 51 |.........Zu...KQ| 2c 6f 88 3d 03 d2 3e 1c 00 e9 cb 2e 79 12 32 e7 |,o.=..>.....y.2.| 4b b6 7d ec 47 52 8a 79 c5 0a 5d 03 e6 13 37 59 |K.}.GR.y..]...7Y| a5 a8 5e 3a e7 1f bf b5 96 32 18 ac 4c 94 4c 7c |..^:.....2..L.L|| 4b 96 fd 00 46 9f 03 75 59 92 3b d0 af 32 e3 b0 |K...F..uY.;..2..| b2 c2 17 95 75 79 b4 fc 3e ba 9c 74 56 a8 27 56 |....uy..>..tV.'V| 28 ad 59 12 46 a3 4e 84 73 4f 4c 7f ff 13 24 0b |(.Y.F.N.sOL...$.| 3e a2 ac 49 7a 37 61 51 fa ce cf 9c 44 1d e4 b5 |>..Iz7aQ....D...|
- 2
- 1
- unnamed
- #0
- C: US
- O: Thawte, Inc.
- CN: Thawte Code Signing CA - G2
- 54:D0:35:0C:A9:5F:C4:19:71:A1:42:D5:9D:76:7F:BA
- #0
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeCom
- messageDigest:
f7 04 40 0d 93 b6 f2 f9 a4 2a 1a 02 67 16 7e 83 |..@......*..g.~.| 7f 43 33 dc |.C3. |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
2d 48 05 7e 51 0c 2a 36 49 d0 8c 38 f1 f4 3b df |-H.~Q.*6I..8..;.| d0 75 8a 3d 01 af 46 76 6c ce 3f 21 02 95 78 ee |.u.=..Fvl.?!..x.| 79 37 67 e4 51 73 ec 3b 3f a3 99 50 0d 5d 40 bc |y7g.Qs.;?..P.]@.| 83 5b 95 6c 9e af 45 85 0e de c6 56 06 ec 4d 5c |.[.l..E....V..M\| 15 d2 33 da ae d6 9e e8 f4 09 d7 ce 05 e3 f0 65 |..3............e| ca a3 d7 c9 96 da 43 a2 a7 89 99 63 75 48 43 ba |......C....cuHC.| 33 4d 6f f7 2f 1e bc c4 cb 61 e2 fd 42 0a f8 33 |3Mo./....a..B..3| bf 22 54 73 ed d9 5b 45 60 50 7f 52 28 9d 8d 5e |."Ts..[E`P.R(..^| 34 9d 74 cc 77 28 4d 57 e0 2e c8 ae ae 6e 45 8f |4.t.w(MW.....nE.| 8e 39 b3 ed 3b 30 c0 8d 9d cf 24 1d bd 33 ad a0 |.9..;0....$..3..| 32 ad 33 9a 00 fd 66 e6 cb 04 c7 ed 3f 81 19 5f |2.3...f.....?.._| b5 8e 60 84 82 23 23 2d 19 87 4d a7 0d 95 8a bc |..`..##-..M.....| e9 2d d4 44 a1 cd 0d 4c b8 45 f2 93 a9 e2 4f 14 |.-.D...L.E....O.| 2d 3b f4 ca 15 f4 e8 13 d5 6a 84 55 85 d4 5e f1 |-;.......j.U..^.| c6 04 62 be ee f1 b8 14 eb e9 4f b2 d9 ad b2 61 |..b.......O....a| 0f cb 3b 92 a0 43 d6 b0 71 5b 79 a3 9b 27 69 f9 |..;..C..q[y..'i.|
- unnamed
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK