adf08f8d41920c087cefcfcffdcf2058fd0b75a64f8e66a4215c58a4851661ee

Sharing

Copy URL Twitter E-mail

General

Target

adf08f8d41920c087cefcfcffdcf2058fd0b75a64f8e66a4215c58a4851661ee
Size

997KB
MD5

62465f49129b32a32180f75d58fdb990
SHA1

fe63a4225ae5d7a2f769a039c4c4e1899ac4f4f3
SHA256

adf08f8d41920c087cefcfcffdcf2058fd0b75a64f8e66a4215c58a4851661ee
SHA512

8e6196f286a506b7a14e138a09e57fec4614812b87bb06a2d2688ce6db489564665856df810d973e9a9543698c9d7d9645ec293bf0395b52f2d898197e1b85e9
SSDEEP

24576:ft5ZtMdyUSDUk9kwFT3Z2Cnf0YSDh8mK1PfyAizAfGgrW:Fjt0yHDx9FFZ2mMYCmmKtyAiRgq

Score

N/A

Malware Config

Signatures

Files

adf08f8d41920c087cefcfcffdcf2058fd0b75a64f8e66a4215c58a4851661ee
.cab
_04EF943300D340DB95C0C4037DA67637.C3A146F5_4B48_11D5_A819_00B0D0428C0C
_26FED086EE6F476286FE08B8EBEB10E2.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.html
_41A9F28384324FDE91E7871F0181B27E.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.gif
_44D2A71587174CBDB18E3449B074D151.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.gif
_478F7B0DE6CB4C3D9433AE04DB76FFFE.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.gif
_4AC53E4526F043C487397FB240D97FF5.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.xml
_5B1FA3360FE84FFDB21EB80014410B09.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.gif
_6CFB3B60424643FBB8BD1865C7D8E914.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.gif
_777A5F8A6F9848F493C65A5ECB485E30.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.gif
_CE5482E8E7C047979604D3B32BF91F08.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.jpg
_D32A93A0B5AC4EF5B890A1F372EFB13F.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.jpg
_D60D95134F664F95878A416B8E57A9AC.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.gif
_ispmres.dll.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_isusres.dll.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
agent.exe.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.exe windows x86

f6482b710304715003545e7639ef15c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
CryptDestroyHash
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext

crypt32

CertCloseStore
CryptMsgClose

kernel32

OpenEventA
FreeLibrary
GetProcAddress
LoadLibraryA
LoadResource
FindResourceExA
GlobalLock
LockResource
FindResourceA
LocalFree
FormatMessageA
GetUserDefaultLangID
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
Sleep
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
InterlockedDecrement
SetUnhandledExceptionFilter
CreateProcessA
GetCommandLineA
SizeofResource
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatA
FindFirstFileA
GetFileAttributesA
FindClose
FindNextFileA
GetWindowsDirectoryA
GetSystemDirectoryA
MoveFileA
DeleteFileA
WriteFile
CreateFileA
GlobalSize
GlobalFree
lstrcmpA
ReadFile
GlobalAlloc
GetFileSize
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
CreateDirectoryA
CopyFileA
LocalAlloc
RemoveDirectoryA
GetTempPathA
ResetEvent
GetTempFileNameA
OutputDebugStringA
GetLocalTime
QueryPerformanceFrequency
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
SetEndOfFile
VirtualQuery
VirtualProtect
SearchPathA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
QueryPerformanceCounter
SystemTimeToFileTime
GlobalReAlloc
IsBadReadPtr
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
LCMapStringW
SetEnvironmentVariableA
LCMapStringA
HeapSize
TerminateProcess
TlsGetValue
TlsAlloc
TlsSetValue
ExitProcess
GetVersion
GetStartupInfoA
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapFree
RaiseException
RtlUnwind
InterlockedExchange
CreateThread
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetCurrentThreadId
GetLastError
SetLastError
lstrlenA
GetVersionExA
CompareStringW
CompareStringA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GlobalUnlock

user32

GetActiveWindow
EndDialog
DialogBoxParamA
GetSysColor
LoadStringA
CharLowerA
LoadCursorA
GetDlgItem
PtInRect
GetWindowRect
ClientToScreen
SetCursor
UpdateWindow
wsprintfA
MessageBoxA
SendDlgItemMessageA
GetDesktopWindow
ReleaseDC
GetDC
PostThreadMessageA
CharNextA
GetMessageA
CreateWindowExA
DestroyCursor
PostMessageA
RegisterClassExA
GetClassInfoExA
DefWindowProcA
CallWindowProcA
SetWindowTextA
ExitWindowsEx
KillTimer
SetWindowRgn
EnableMenuItem
RemovePropA
SetPropA
GetPropA
IsDialogMessageA
CharLowerBuffA
IsDlgButtonChecked
GetWindowLongA
InvalidateRect
ScreenToClient
FillRect
EndPaint
CreateDialogIndirectParamA
CreateDialogParamA
GetDlgCtrlID
SetWindowLongA
GetSysColorBrush
DialogBoxIndirectParamA
GetParent
GetWindow
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
DestroyWindow
EnableWindow
SetDlgItemTextA
SendMessageA
GetSystemMenu
AppendMenuA
ShowWindow
SetForegroundWindow
BeginPaint
IsWindow
LoadImageA

gdi32

CreateSolidBrush
SetBkColor
SetTextColor
CreateFontIndirectA
GetObjectA
RestoreDC
TextOutA
SetBkMode
SelectObject
SaveDC
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetStockObject
CreateRectRgn
DeleteObject

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoLoadLibrary
CLSIDFromString
StgOpenStorage
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
StringFromCLSID
CoCreateGuid
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
ProgIDFromCLSID
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SafeArrayDestroy
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayPutElement
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantChangeType
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
GetErrorInfo
CreateErrorInfo
SetErrorInfo
VariantCopy
VariantClear
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 364KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dwusplay.dll.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.dll regsvr32 windows x86

20c1e5775eb662eff59e2cb64ab94f42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
CreateProcessA
lstrcatA
lstrcpyA
lstrlenA
WaitForSingleObject
GetLastError

ole32

CoGetClassObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 482B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 467B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dwusplay.exe.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.exe windows x86

44a3ea2f229e01c32eec53eb29e8e0ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

FlushInstructionCache
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcess
GetDiskFreeSpaceA
FindClose
LocalFileTimeToFileTime
QueryPerformanceFrequency
DosDateTimeToFileTime
GetFileAttributesA
InterlockedDecrement
lstrcmpA
FreeLibrary
LoadLibraryA
HeapAlloc
CreateFileA
GetFileSize
FindFirstFileA
SetFilePointer
GetModuleFileNameA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
lstrcatA
ReadFile
CreateMutexA
ReleaseMutex
GetTickCount
WriteFile
MoveFileA
GetTempFileNameA
GetTempPathA
LockResource
CreateThread
GetSystemInfo
HeapCreate
GetShortPathNameA
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
GetUserDefaultLangID
OpenEventA
CreateDirectoryA
lstrcpynA
SetFileAttributesA
GetSystemDirectoryA
GetStartupInfoA
ExitProcess
GetCommandLineA
DebugBreak
HeapReAlloc
HeapFree
GetWindowsDirectoryA
GetDriveTypeA
GlobalSize
GlobalLock
GlobalAlloc
FreeResource
LocalFree
FormatMessageA
GlobalFree
GlobalUnlock
IsBadReadPtr
VirtualQuery
VirtualProtect
SearchPathA
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
RtlUnwind
GetStringTypeA
GetStringTypeW
WaitForSingleObject
EnterCriticalSection
lstrlenW
CreateEventA
LoadResource
GetCurrentProcessId
Sleep
lstrlenA
lstrcpyA
CloseHandle
GetVersionExA
CompareStringW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
GetLastError
SetLastError
LeaveCriticalSection
AddAtomA
SetFileTime
SetEvent
RemoveDirectoryA
lstrcmpiA
DeleteFileA
GetAtomNameA
GetFileTime
CreateProcessA
SizeofResource
FindResourceA
UnmapViewOfFile

user32

GetWindow
SystemParametersInfoA
GetClientRect
GetParent
MapWindowPoints
SetWindowLongA
BeginPaint
IsWindow
EndPaint
PostThreadMessageA
GetDesktopWindow
ScreenToClient
ShowWindow
LoadImageA
SendMessageA
SendDlgItemMessageA
LoadStringA
TranslateMessage
LoadCursorA
SetDlgItemTextA
GetWindowLongA
MessageBoxA
GetMessageA
SetWindowTextA
FillRect
WaitForInputIdle
InvalidateRect
UpdateWindow
GetWindowRect
PtInRect
EndDialog
DestroyCursor
GetSysColor
GetActiveWindow
DialogBoxParamA
GetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
wsprintfA
CharNextA
KillTimer
SetTimer
IsDlgButtonChecked
CheckDlgButton
IsDialogMessageA
SetForegroundWindow
GetPropA
EnableMenuItem
SetPropA
RemovePropA
CreateDialogIndirectParamA
SetWindowRgn
DestroyWindow
GetDlgItem
EnableWindow
ClientToScreen
SetCursor
SetWindowPos
DrawTextA
GetWindowDC
GetWindowTextA
PostMessageA
ReleaseDC
GetDialogBaseUnits
GetClassNameA
SetFocus
CallWindowProcA
DefWindowProcA
MoveWindow
CharLowerBuffA
GetAsyncKeyState
RegisterClassA
CreateWindowExA

gdi32

GetObjectA
RestoreDC
TextOutA
SetBkMode
SelectObject
GetDeviceCaps
CreateRectRgn
SaveDC
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SetBkColor
BitBlt
SetTextColor
CreateFontIndirectA
GetStockObject
CreateSolidBrush
PatBlt

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

ole32

CoInitialize
CoFreeUnusedLibraries
StgOpenStorage
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
GetRunningObjectTable
CoGetInterfaceAndReleaseStream
CoUninitialize
StringFromCLSID
CoTaskMemFree
StringFromGUID2
CoCreateGuid

oleaut32

RegisterTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
LoadTypeLi
SafeArrayCreate
SafeArrayPutElement
SafeArrayCopy
VariantChangeType
LoadRegTypeLi
SafeArrayGetElement
VariantCopy
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen
VariantClear

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
isdm.exe.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.exe windows x86

d8d2a4c612816a35d0fcef118b408d7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
CompareStringW
GetVersionExA
LoadResource
FindResourceExA
CreateProcessA
FlushInstructionCache
GetCurrentProcess
GlobalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetShortPathNameA
GetModuleFileNameA
SizeofResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
SetUnhandledExceptionFilter
GetCommandLineA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FindClose
VirtualQuery
VirtualProtect
FindFirstFileA
SearchPathA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
RemoveDirectoryA
FindNextFileA
GetFileAttributesA
SetLastError
SetEndOfFile
GlobalReAlloc
IsBadReadPtr
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
IsBadCodePtr
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
lstrcatA
GetModuleHandleA
GetDiskFreeSpaceA
GetFileSize
SetFilePointer
GetTempPathA
GetTempFileNameA
CopyFileA
ReadFile
CreateFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
QueryPerformanceFrequency
InterlockedDecrement
Sleep
WriteFile
DeleteFileA
FormatMessageA
LocalFree
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
HeapCreate
GetEnvironmentVariableA
ExitProcess
GetVersion
GetStartupInfoA
HeapAlloc
HeapReAlloc
HeapFree
RaiseException
RtlUnwind
lstrlenW
WideCharToMultiByte
GetTickCount
GetCurrentThreadId
lstrlenA
MultiByteToWideChar
ResetEvent
GetLastError
SetEvent
WaitForSingleObject
CreateEventA
CreateThread
CloseHandle

user32

GetClassInfoExA
LoadCursorA
GetMessageA
SetWindowLongA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
IsWindow
MessageBoxA
LoadStringA
wsprintfA
GetDesktopWindow
GetWindowLongA
DefWindowProcA
DestroyWindow
CharLowerBuffA
SendMessageA
PostThreadMessageA
CharNextA
CreateWindowExA
CallWindowProcA
RegisterClassExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegQueryValueA
RegCloseKey
CryptReleaseContext
CryptAcquireContextA
CryptDestroyKey
CryptDestroyHash

ole32

CoInitialize
CoUninitialize
ProgIDFromCLSID
StringFromGUID2
CoCreateGuid
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree

oleaut32

GetErrorInfo
SysFreeString
SysAllocStringLen
VariantClear
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
DispCallFunc
SysAllocString
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysStringLen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

crypt32

CertCloseStore
CryptMsgClose

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
issch.exe.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.exe windows x86

06f92f95d6c22bf59f41fc161357f85b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
GetProcAddress
CompareStringW
CreateProcessA
OpenMutexA
CreateMutexA
LoadLibraryA
CloseHandle
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetLastError
GetFullPathNameA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
RaiseException
HeapAlloc
HeapReAlloc
HeapSize
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetDriveTypeA
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetEnvironmentVariableA

user32

GetMessageA
TranslateMessage
DispatchMessageA
SetTimer

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
isuspm.cpl.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.dll windows x86

7660b46a9b95303e64e1fd87820b1651

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
WinExec
GetCommandLineA
GetVersion
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

SendMessageA
LoadIconA
LoadStringA
FindWindowA

advapi32

RegQueryValueExA
RegOpenKeyA

Exports

Exports

??0CISUSPMApplet@@QAE@XZ
??4CISUSPMApplet@@QAEAAV0@ABV0@@Z
?fnISUSPMApplet@@YAHXZ
?nISUSPMApplet@@3HA
CPlApplet

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
isuspm.exe.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.exe windows x86

6258a761e87676dec472ae7cafd1013e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
CreateProcessA
GetModuleFileNameA
CloseHandle
CreateMutexA
GetCurrentThreadId
CreateEventA
WaitForSingleObject
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GlobalLock
GlobalUnlock
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
lstrcmpA
LockResource
FreeResource
GlobalFree
GlobalHandle
GetShortPathNameA
GetModuleHandleA
MulDiv
TerminateThread
CreateThread
ExitThread
GetDateFormatA
lstrcpynA
CreateDirectoryA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
lstrcmpiA
GetCPInfo
LCMapStringW
LCMapStringA
WriteFile
TlsGetValue
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
HeapCreate
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapSize
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTime
GetProcAddress
FreeLibrary
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
SetEvent
CopyFileA
GetFileAttributesA
GetTickCount
CompareStringW
CompareStringA
lstrlenW
LoadLibraryA
FindResourceExA
FindResourceA
LoadResource
GetVersionExA
GetUserDefaultLangID
lstrcpyA
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
SetLastError
GetWindowsDirectoryA

user32

IsWindow
BeginPaint
FillRect
EndPaint
GetFocus
IsChild
SetFocus
GetSysColor
RedrawWindow
GetClassNameA
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetParent
ReleaseDC
DrawTextA
SendMessageA
GetDC
CopyRect
GetClientRect
InvalidateRect
ShowWindow
ScreenToClient
SetWindowPos
GetWindowRect
SetWindowTextA
InvalidateRgn
AppendMenuA
GetSystemMenu
SetForegroundWindow
UpdateWindow
SetCursor
PtInRect
SetTimer
LoadBitmapA
GetSysColorBrush
CreateWindowExA
GetDlgItem
wsprintfA
EndDialog
CallWindowProcA
GetWindowTextLengthA
GetWindowTextA
RegisterWindowMessageA
GetClassInfoExA
RegisterClassExA
DialogBoxIndirectParamA
DialogBoxParamA
CreateDialogIndirectParamA
CreateDialogParamA
GetMessageA
MsgWaitForMultipleObjects
GetActiveWindow
FindWindowA
DefWindowProcA
CharLowerA
MessageBoxA
DestroyWindow
EnableWindow
LoadCursorA
SetClassLongA
PostQuitMessage
GetSystemMetrics
LoadImageA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowLongA
GetDlgCtrlID

gdi32

SetBkMode
CreateFontIndirectA
SetTextColor
GetStockObject
GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
SelectObject
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString

oleaut32

VariantCopy
VariantChangeType
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
VariantClear
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ord17

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
isusweb.dll.C3A146F5_4B48_11D5_A819_00B0D0428C0C
.dll regsvr32 windows x86

fca4c5ba11ed0ead3d8a21b06f45411b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetShortPathNameA
GetModuleFileNameA
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatA
FlushInstructionCache
GetCurrentProcess
LockResource
FindResourceA
GetUserDefaultLangID
VirtualQuery
VirtualProtect
SearchPathA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEvent
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
SetEndOfFile
GlobalReAlloc
IsBadReadPtr
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceFrequency
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
HeapReAlloc
HeapFree
HeapAlloc
RaiseException
RtlUnwind
InterlockedExchange
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
CopyFileA
SetFilePointer
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
GlobalSize
WideCharToMultiByte
CreateFileA
WriteFile
MoveFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleHandleA
lstrcmpiA
lstrcpynA
FindNextFileA
GetFileAttributesA
FindResourceExA
LoadResource
GetTempFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
GetTickCount
GetCurrentThreadId
FindFirstFileA
FindClose
SetLastError
lstrlenA
DeleteFileA
RemoveDirectoryA
WaitForSingleObject
lstrcpyA
CreateProcessA
GetExitCodeProcess
FormatMessageA
LocalFree
CloseHandle
GetTempPathA
CreateDirectoryA
GetLastError
InterlockedDecrement
GetVersionExA
CompareStringW
CompareStringA
MultiByteToWideChar
lstrlenW
IsBadCodePtr

user32

PeekMessageA
EnableWindow
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
CharLowerA
wsprintfA
MessageBoxA
GetDlgItem
SetDlgItemTextA
IsWindow
SetWindowTextA
GetDesktopWindow
SetPropA
FindWindowA
LoadStringA
CharLowerBuffA
GetSysColorBrush
GetParent
GetWindow
SystemParametersInfoA
CharNextA
IsDlgButtonChecked
KillTimer
GetDlgCtrlID
BeginPaint
EndPaint
FillRect
ScreenToClient
GetClientRect
SetWindowPos
GetMessageA
IsDialogMessageA
SetForegroundWindow
GetPropA
MapWindowPoints
RemovePropA
CreateDialogIndirectParamA
CreateDialogParamA
InvalidateRect
UpdateWindow
SetCursor
ClientToScreen
GetWindowRect
PtInRect
LoadCursorA
EndDialog
GetActiveWindow
DialogBoxParamA
EnableMenuItem
GetSystemMenu
AppendMenuA
LoadImageA
GetWindowLongA
SetWindowLongA
SetWindowRgn
ShowWindow
SendMessageA
SendDlgItemMessageA
DestroyWindow
ExitWindowsEx
GetSysColor

gdi32

SetBkMode
TextOutA
RestoreDC
GetObjectA
CreateFontIndirectA
SetBkColor
CreateRectRgn
DeleteObject
CreateSolidBrush
SaveDC
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectObject
SetTextColor

comdlg32

GetSaveFileNameA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExA

ole32

CoCreateInstance
CoCreateGuid
StringFromGUID2
CoTaskMemFree
ProgIDFromCLSID
StgOpenStorage
CLSIDFromString
CoLoadLibrary
CLSIDFromProgID
StringFromCLSID

oleaut32

LoadRegTypeLi
VariantCopy
SetErrorInfo
CreateErrorInfo
SafeArrayGetElement
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
GetErrorInfo
RegisterTypeLi
LoadTypeLi
DispCallFunc
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
VariantClear
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString
SysStringByteLen

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
CryptDestroyHash
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

crypt32

CertCloseStore
CryptMsgClose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svchost.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svchost.exe.config
svchost.pdb
svchost.vshost.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:11:82:87:90:19:17:fa:49:7d:b3:cb:92:39:3c:2a:48:a9:f1:0a:22:fb:06:02:2d:a1:cb:55:b0:cd:37:94
Signer

Actual PE Digest

78:11:82:87:90:19:17:fa:49:7d:b3:cb:92:39:3c:2a:48:a9:f1:0a:22:fb:06:02:2d:a1:cb:55:b0:cd:37:94

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

29/09/2022, 18:59
Valid: false

c2:44:96:a6:71:c9:c9:a2:19:cf:aa:41:bb:f5:96:90:9b:7a:7a:03
Signer

Actual PE Digest

c2:44:96:a6:71:c9:c9:a2:19:cf:aa:41:bb:f5:96:90:9b:7a:7a:03

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/07/2014, 09:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svchost.vshost.exe.config
svchost.vshost.exe.manifest
svchost.xml

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 6B

.rsrc Size: 364KB - Virtual size: 363KB

.reloc Size: 4KB - Virtual size: 12B

Headers

File Characteristics

Sections

.rsrc Size: 352KB - Virtual size: 351KB

.reloc Size: 4KB - Virtual size: 12B

f6482b710304715003545e7639ef15c9

Headers

File Characteristics

Imports

advapi32

crypt32

kernel32

user32

gdi32

shell32

ole32

oleaut32

version

Sections

.text Size: 364KB - Virtual size: 362KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 32KB - Virtual size: 42KB

.rsrc Size: 96KB - Virtual size: 95KB

20c1e5775eb662eff59e2cb64ab94f42

Headers

File Characteristics

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 482B

.rdata Size: 4KB - Virtual size: 467B

.data Size: 4KB - Virtual size: 564B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 100B

44a3ea2f229e01c32eec53eb29e8e0ed

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 64KB - Virtual size: 63KB

d8d2a4c612816a35d0fcef118b408d7e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

crypt32

Sections

.text Size: 180KB - Virtual size: 176KB

.text
Size: 4KB - Virtual size: 6B

.rsrc
Size: 364KB - Virtual size: 363KB

.reloc
Size: 4KB - Virtual size: 12B

.rsrc
Size: 352KB - Virtual size: 351KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 364KB - Virtual size: 362KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 32KB - Virtual size: 42KB

.rsrc
Size: 96KB - Virtual size: 95KB

.text
Size: 4KB - Virtual size: 482B

.rdata
Size: 4KB - Virtual size: 467B

.data
Size: 4KB - Virtual size: 564B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 100B

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 64KB - Virtual size: 63KB

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 80KB - Virtual size: 76KB

.text
Size: 224KB - Virtual size: 220KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 24KB - Virtual size: 34KB