89f3783f361a13b5b9df6bb015f55f569bb244a663b8e6ee04ef57749f06ec48

Sharing

Copy URL Twitter E-mail

General

Target

89f3783f361a13b5b9df6bb015f55f569bb244a663b8e6ee04ef57749f06ec48
Size

2.7MB
MD5

6e5becf55cf2fe2d9f8b855f3c08f961
SHA1

ca9a4f64df48fa933a725a1b35258408173eaf64
SHA256

89f3783f361a13b5b9df6bb015f55f569bb244a663b8e6ee04ef57749f06ec48
SHA512

58737248aab0043529d7e171a0d3653bfbd6f7f61666f3a7b557478bf89cf77f78a9b3db6e765f037d1d95eaf3cab56c2e507a1abc3cef5143d1eb943999a6ec
SSDEEP

49152:Ez4HU2W7R+mcdoNfR679ZP9PYQsYhdyeuP91eX66ceBMwsNHNBM1IYGFouf/:fHU2W7R+myMfRIndRuS66ce6lH1YGouH

Score

N/A

Malware Config

Signatures

Files

89f3783f361a13b5b9df6bb015f55f569bb244a663b8e6ee04ef57749f06ec48
.zip
7zG.exe
.exe windows x86

377fe1a75d34394054e8b1023236d999

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameW

gdi32

CreateFontIndirectW
DeleteObject

oleaut32

SysStringByteLen
VariantCopy
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen

ole32

OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize

user32

SetCursor
SetDlgItemTextW
GetParent
LoadIconW
SetTimer
CheckDlgButton
IsDlgButtonChecked
GetKeyState
EndDialog
InvalidateRect
SetWindowTextW
MessageBoxW
DialogBoxParamW
SetWindowLongW
GetWindowLongW
LoadCursorW
MoveWindow
ScreenToClient
GetDlgItem
GetWindowRect
MapDialogRect
SystemParametersInfoW
GetWindowTextLengthW
GetWindowTextW
SendMessageW
LoadStringW
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
CharUpperW
IsWindowEnabled
GetFocus
SetFocus
EnableWindow
KillTimer
PostMessageW
ShowWindow

advapi32

SetFileSecurityW
LookupPrivilegeValueW
RegOpenKeyExA
RegQueryValueExA
GetFileSecurityW
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
AdjustTokenPrivileges

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetMalloc

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
_iob
memcmp
_purecall
strlen
memset
free
malloc
wcscmp
wcsstr
strcmp
_CxxThrowException
memmove
memcpy
__CxxFrameHandler
_isatty
__getmainargs
_fileno

kernel32

SetPriorityClass
WaitForMultipleObjects
Sleep
GetSystemDefaultLangID
GetUserDefaultLangID
AreFileApisANSI
DeleteCriticalSection
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcatW
GetCurrentProcess
GlobalFree
GlobalAlloc
GetDiskFreeSpaceW
GetDriveTypeW
GetFileInformationByHandle
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventW
SetEvent
InitializeCriticalSection
LoadLibraryA
GetVersionExW
CompareFileTime
GetCommandLineW
GetStartupInfoA
GetTempPathW
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
MoveFileW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
CloseHandle
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
FreeLibrary
GlobalLock
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetCurrentProcessId

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSVToPDF.pvp
.dll windows x86

9746c1a697475d80e0fba017b2790490

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/11/2017, 00:00

Not After

04/01/2021, 12:00

Subject

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/11/2017, 00:00

Not After

04/01/2021, 12:00

Subject

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:01:eb:fa:11:67:88:56:c2:c8:19:c0:5a:75:23:dd:39:ef:1b:08:dd:71:77:52:3c:18:d5:7c:ec:6e:77:d7
Signer

Actual PE Digest

e5:01:eb:fa:11:67:88:56:c2:c8:19:c0:5a:75:23:dd:39:ef:1b:08:dd:71:77:52:3c:18:d5:7c:ec:6e:77:d7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

02/11/2020, 22:10
Valid: true

Chain 1

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

ec:b6:4c:e5:e1:a9:c9:35:f6:23:b7:88:5a:ae:8b:64:1a:eb:88:35
Signer

Actual PE Digest

ec:b6:4c:e5:e1:a9:c9:35:f6:23:b7:88:5a:ae:8b:64:1a:eb:88:35

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

02/11/2020, 22:10
Valid: true

Chain 1

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
lstrcmpiW
RaiseException
GetLastError
SetLastError
GetModuleHandleA
LoadLibraryExW
LoadLibraryW
OutputDebugStringA
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
DecodePointer
DisableThreadLibraryCalls
GetLocaleInfoA
GetProcAddress
GlobalLock
GlobalFree
GlobalUnlock
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
WriteConsoleW
CreateFileW
SetStdHandle
GetStringTypeW
GetConsoleMode
GetModuleFileNameW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
LockResource
SizeofResource
FindResourceW
LoadResource
FreeResource
GlobalAlloc
MultiByteToWideChar
GetConsoleOutputCP
WriteFile
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
IsDebuggerPresent
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateThread
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualProtect
InterlockedFlushSList
RtlUnwind
GetSystemInfo
VirtualQuery
ExitThread
GetModuleHandleExW
ExitProcess
LCMapStringW
GetStdHandle
GetFileType
SetFilePointerEx
FindClose

user32

SetRect
CharNextW
DestroyWindow
PostMessageW

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr

Exports

Exports

PXCE_GetPlugin

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EdgeFill.dll
.dll windows x86

6b45b0d39059f42344c9cdc1f542a159

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetModuleFileNameA
FreeLibrary
GlobalLock
GlobalAlloc
RtlUnwind
LCMapStringW
lstrcpyA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
LoadLibraryA
GlobalHandle
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LCMapStringA
LockResource
InterlockedDecrement
WriteFile
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree

user32

EnableWindow
CreateDialogParamA
CreateDialogIndirectParamA
LoadIconA
GetParent
PostMessageA
GetWindowTextA
InvalidateRect
UpdateWindow
DialogBoxParamA
DialogBoxIndirectParamA
LoadStringA
GetDlgCtrlID
SetWindowPos
SetWindowLongA
SendMessageA
ShowWindow
BeginPaint
GetWindowRect
ScreenToClient
GetDC
FillRect
ReleaseDC
EndPaint
EndDialog
GetWindowLongA
wsprintfA
SetWindowTextA
GetDlgItem

gdi32

CreateCompatibleBitmap
SelectObject
CreateSolidBrush
DeleteObject
BitBlt
DeleteDC
CreateCompatibleDC

comdlg32

ChooseColorA

Exports

Exports

EdgeFill_GetFunctionTable

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDDevice.dll
.dll windows x86

db21750fa093d58b60140b4ce863e15d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetLastError
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
CloseHandle
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetCPInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

CryptDestroyHash
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext

hdssse32

PICC_Reader_anticoll
PICC_Reader_Request
PICC_Reader_SetTypeA
PICC_Reader_Application
PICC_Reader_Select
ICC_Reader_Application
ICC_Reader_Open
ICC_Reader_GetStatus
ICC_Reader_PowerOn
ICC_Reader_Close
PICC_Reader_PowerOnTypeA

Exports

Exports

HD_DownloadPara
HD_DownloadPubKey
HD_ICC_ARPC_ExeICScript
HD_ICC_GenARQC
HD_ICC_GetInfo
HD_ICC_GetTxDetail
HD_ICGetCardNo
HD_ICReaderCheck
HD_ICReaderClose
HD_ICReaderOpen
HD_ScriptProcessing
ICCardQuery
ICCardSale

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMIPAPI.dll
.dll windows x86

c5f4690debaf3340a5a9687f428af5f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
FreeLibrary
GetProcAddress
InterlockedExchange
InterlockedCompareExchange
GetTickCount
VirtualAlloc
GetVersion
GetCurrentProcess
GetModuleHandleA
VirtualFree
LockResource
SizeofResource
LoadResource
FindResourceA
FindResourceW
UnhandledExceptionFilter
lstrlenA
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

KMIPCombineImage
KMIPCreateDataForAdjustment
KMIPDoImageProcessing
KMIPExit
KMIPGetCombinedMonoImage
KMIPInit
KMIPResetImage
KMIPSetImgProcConfig

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMPIPE.DLL
.dll windows x86

3bf4e0674ba814714e6ec7d9c0600855

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
Sleep
PeekNamedPipe
TransactNamedPipe
WriteFile
GetVersionExA
CreateNamedPipeA
SetNamedPipeHandleState
GetLastError
GetExitCodeThread
SetStdHandle
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
DisconnectNamedPipe
CreateFileA
CloseHandle
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteConsoleA

user32

TranslateMessage
DispatchMessageA
wsprintfW
SendMessageA
PostMessageA
PeekMessageA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

cancelJob
kmStartPipeClt
kmStartPipeSvr
kmStopPipeClt
kmStopPipeSvr
openMessageDlg
openSendDlg

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMSCNHCPDF.exe
.exe windows x86

17b8b971bc1699bb4f97ab45cc77dc75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kmscnset

ord1
ord2
ord7
ord6

kernel32

CreateDirectoryW
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
TerminateProcess
GetModuleHandleW
GetTempPathW
GetUserDefaultLCID
LoadLibraryW
CreateMutexW
GetLastError
HeapSize
GetLocaleInfoA
GetSystemTime
DeleteFileW
RemoveDirectoryW
MultiByteToWideChar
Sleep
OutputDebugStringW
CreateFileA
FlushFileBuffers
GetCurrentDirectoryW
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
RaiseException
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

CharUpperW
PostMessageW
SendMessageW

hcpdfcreater

?Create@HCPDFCreater@@QAEHU_HCPDF_CONVERT_INFO@@@Z
?AddImage@HCPDFCreater@@QAEHPB_W@Z
?Close@HCPDFCreater@@QAEHXZ
?instance@HCPDFCreater@@SAPAV1@XZ

Exports

Exports

??4HCPDFCreater@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMSTMNET.exe
.exe windows x86

1a0b6e578d0ccab077b052af14a685b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
bind
listen
accept
ntohl
getsockopt
ioctlsocket
sendto
select
setsockopt
gethostname
socket
connect
getsockname
closesocket
WSACleanup
htons
getservbyname
inet_addr
htonl
gethostbyname
getservbyport
ntohs
gethostbyaddr
WSAGetLastError
inet_ntoa
WSASetLastError
WSAStartup

shlwapi

StrStrIW

kernel32

GetVersion
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
CreateDirectoryW
GetLocalTime
lstrcatW
lstrcatA
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
DeleteFileW
OutputDebugStringA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalMemoryStatus
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
CreateFileW
WriteFile
CreateMutexW
GetLastError
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ReadFile
GetProcessHeap
SetEndOfFile
SetStdHandle
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetModuleHandleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
FlushConsoleInputBuffer
GetTickCount
ReadConsoleInputA
SetConsoleMode
SetEnvironmentVariableW
GetSystemDirectoryA
CreateFileA
GetCommandLineW
GetEnvironmentStringsW
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFileType
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetModuleFileNameA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
LCMapStringA
LCMapStringW
HeapSize
GetModuleFileNameW
FreeEnvironmentStringsW

user32

TranslateMessage
GetMessageW
DestroyWindow
FindWindowW
PostMessageW
IsWindow
KillTimer
SetTimer
PostQuitMessage
DispatchMessageW
DefWindowProcW
SetWindowLongW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
LoadStringW
wvsprintfA
wvsprintfW
GetWindowLongW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

advapi32

OpenEventLogA
CloseEventLog
ReportEventA
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SendData.exe
.exe windows x86

a3e5230f6d0fd9753b6cf8e4031c3743

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:58:8b:74:ef:40:0d:cd:3e:37:ff:38
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

11/01/2017, 06:24

Not After

12/01/2020, 06:24

Subject

SERIALNUMBER=91440300738803352C,CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,STREET=福田区新洲路东深圳国际商会大厦0509房,L=SHENZHEN,ST=GUANGDONG,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:67:bb:41:39:3d:2a:0e:b1:47:90:9b
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2016, 07:04

Not After

11/05/2019, 08:50

Subject

CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,L=深圳,ST=广东,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:44:7d:cb:4c:1e:d4:6f:78:82:dd:d9:0b:7a:01:f9:e0:20:01:87
Signer

Actual PE Digest

d2:44:7d:cb:4c:1e:d4:6f:78:82:dd:d9:0b:7a:01:f9:e0:20:01:87

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,L=深圳,ST=广东,C=CN

01/03/2017, 06:29
Valid: false

a0:cb:94:6f:dd:5b:33:ff:a8:ef:4a:88:11:99:9f:4c:c6:b2:02:d4:be:da:31:ea:69:5c:b1:18:52:e5:2f:8a
Signer

Actual PE Digest

a0:cb:94:6f:dd:5b:33:ff:a8:ef:4a:88:11:99:9f:4c:c6:b2:02:d4:be:da:31:ea:69:5c:b1:18:52:e5:2f:8a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440300738803352C,CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,STREET=福田区新洲路东深圳国际商会大厦0509房,L=SHENZHEN,ST=GUANGDONG,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/03/2017, 06:28
Valid: true

Chain 1

SERIALNUMBER=91440300738803352C,CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,STREET=福田区新洲路东深圳国际商会大厦0509房,L=SHENZHEN,ST=GUANGDONG,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=91440300738803352C,CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,STREET=福田区新洲路东深圳国际商会大厦0509房,L=SHENZHEN,ST=GUANGDONG,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
VirtualAlloc
HeapReAlloc
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
GetFileTime
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetFileSizeEx
GetProcessHeap
FileTimeToLocalFileTime
SetErrorMode
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
FileTimeToSystemTime
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleFileNameW
GetModuleHandleW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
GetTickCount
Sleep
lstrlenA
CreateMutexA
GetLastError
GetFileAttributesA
SetFileAttributesA
GetModuleFileNameA
WritePrivateProfileStringA
GetLocaleInfoA
GetSystemDefaultLangID
VerLanguageNameA
GetTimeZoneInformation
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
FreeEnvironmentStringsA
InterlockedDecrement

user32

DestroyMenu
UnregisterClassA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetCapture
CopyRect
GetWindowRect
GetClassNameA
PtInRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgCtrlID
IsWindow
SetWindowTextA
GetDlgItem
GetWindow
GetWindowTextA
UnhookWindowsHookEx
wsprintfA
GetKeyboardLayout
EnumDisplaySettingsA
LoadCursorA
GetSysColorBrush
CharUpperA
GetSystemMetrics
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
GetSysColor
PostQuitMessage
PostMessageA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetClientRect

gdi32

GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysFreeString
VariantClear
VariantInit
VariantCopy
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SysAllocString

wsock32

WSAStartup
WSACleanup
WSASetLastError

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WebService.dll
.dll windows x86

e197313cdd050a5c7fe855558626da03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
CharUpperBuffA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTimes
GetStdHandle
GetLongPathNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringA
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CoCreateGuid
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

Shell_NotifyIconW

wininet

HttpSendRequestExW
InternetAttemptConnect
HttpEndRequestW
InternetWriteFile
InternetSetOptionW
InternetReadFile
InternetQueryOptionW
InternetQueryDataAvailable
InternetOpenW
InternetErrorDlg
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW
HttpAddRequestHeadersW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Exports

Exports

GetCardInfo
GetYBJKInfo
TMethodImplementationIntercept

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hpmcro32.dll
.dll windows x86

0d851b83727a62c4e5b3965bb8d9372a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

isupper

kernel32

FlushFileBuffers
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
ReadFile
WriteFile
GetLastError

Exports

Exports

BuildCommand
BuildInquire
ButtonPoll
CheckIO
ClearButton
Color
ColorDither
ColorThreshold
CommandInquire
Dither
DllMain
Download
DualScan
GetButtonPress
GetScanInfo
GetScanState
GrayScale
InquireBufferSize
InquireModel
InquireNumber
InquireOldestError
InquireString
RecFromScanner
ReceiveResponse
ResetScanner
SCLRead
SCL_Scan
ScannerLock
ScannerLockButton
SendCommand
SendToScanner
SetDecipointWindow
SetDiagnosticSCL
SetIOHandle
SetPixelWindow
SetResolution
SetScale
SetScanState
SetScanWindow
Threshold
Upload
VerifyResponse

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 314B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ht32dll.dll
.dll windows x86

2afc97da233e47e275a32806324b86d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ctl3d32

ord2
ord12
ord20
ord6
ord13

kernel32

_lwrite
_lread
_lclose
lstrcpyA
lstrlenA
PurgeComm
SetupComm
GetCommTimeouts
CreateFileA
SetCommState
GetCommState
CloseHandle
SetCommTimeouts
_llseek
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
SetEnvironmentVariableA
CompareStringW
OpenFile
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
LCMapStringW
LCMapStringA
Sleep
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
HeapReAlloc
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
ReadFile
CompareStringA
ClearCommError
GetLastError
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
GetTimeZoneInformation
GetFileType
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetStdHandle
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
HeapValidate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
SetConsoleCtrlHandler
SetFilePointer
FatalAppExitA
SetEndOfFile
GetLocaleInfoW

user32

MessageBeep
GetActiveWindow
DialogBoxParamA
InvalidateRect
GetDlgItem
SetTimer
GetWindowRect
GetSystemMetrics
MoveWindow
EndDialog
KillTimer
SetWindowLongA
LoadCursorA
SetCursor
SetDlgItemTextA
GetClientRect
GetDC
FillRect
DrawTextA
InvertRect
ReleaseDC
SendDlgItemMessageA

gdi32

DeleteObject
SetBkMode
CreateSolidBrush

advapi32

GetUserNameA

Exports

Exports

CloseCommPort
CloseExFile
CloseUSB
CreateConnect
DelHtFile
DisConnect
ErrorString
ExFGet
ExFPut
ExitHTSevr
GetDllInfo
GetHtFile
GetHtSN
GetPack
GetRetry
HT26XXFM
HTMessage
HTTest
MkDir
OpenCommPort
OpenExFile
OpenUSB
PutPack
ReadExFile
SendClientReq
SetComMode
SetDir
Update
Usb_CloseExFile
Usb_CreateConnect
Usb_DelHtFile
Usb_DisConnect
Usb_ExFGet
Usb_ExFPut
Usb_ExitHTSevr
Usb_GetHtFile
Usb_GetHtSN
Usb_GetPack
Usb_HT26XXFM
Usb_HTMessage
Usb_HTTest
Usb_MkDir
Usb_OpenExFile
Usb_PutPack
Usb_ReadExFile
Usb_SendClientReq
Usb_SetDir
Usb_Update
Usb_WriteExFile
Usb_wGetDateTime
Usb_wSetDateTime
WriteExFile
wGetDateTime
wSetDateTime

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 982B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
office13.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plkHL.dll
.dll windows x86

daf1acd3aab259d5219f627f94cb1ad8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryW
OutputDebugStringW
GetProcAddress
OutputDebugStringA
lstrlenA
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LoadLibraryA
RtlUnwind
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
RaiseException
GetOEMCP
GetCPInfo
InitializeCriticalSection
LCMapStringA
LCMapStringW
SetStdHandle
HeapSize
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
FlushFileBuffers
CloseHandle

Exports

Exports

plkHL_Create
plkHL_GetData
plkHL_HighlightA
plkHL_HighlightDIB
plkHL_HighlightTimage
plkHL_HighlightW
plkHL_Release
plkHL_SaveImageA
plkHL_SaveImageW

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swscale-5.dll
.dll windows x86

fa944ffceb5663e157de6724021b70c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__setusermatherr
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
fprintf
free
fwrite
malloc
memcpy
memmove
memset
strlen
strncmp
vfprintf

avutil-56

av_free
av_freep
av_get_bits_per_pixel
av_get_cpu_flags
av_get_pix_fmt_name
av_image_alloc
av_log
av_malloc
av_malloc_array
av_mallocz
av_mallocz_array
av_opt_get_int
av_opt_set_defaults
av_opt_set_int
av_pix_fmt_desc_get
av_pix_fmt_get_chroma_sub_sample
av_pix_fmt_swap_endianness

Exports

Exports

sws_addVec
sws_allocVec
sws_alloc_context
sws_alloc_set_opts
sws_cloneVec
sws_convVec
sws_convertPalette8ToPacked24
sws_convertPalette8ToPacked32
sws_freeContext
sws_freeFilter
sws_freeVec
sws_getCachedContext
sws_getCoefficients
sws_getColorspaceDetails
sws_getConstVec
sws_getContext
sws_getDefaultFilter
sws_getGaussianVec
sws_getIdentityVec
sws_get_class
sws_init_context
sws_isSupportedEndiannessConversion
sws_isSupportedInput
sws_isSupportedOutput
sws_normalizeVec
sws_printVec2
sws_scale
sws_scaleVec
sws_setColorspaceDetails
sws_shiftVec
sws_subVec
swscale_configuration
swscale_license
swscale_version

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

377fe1a75d34394054e8b1023236d999

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

comdlg32

gdi32

oleaut32

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 262KB - Virtual size: 261KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 1024B - Virtual size: 9KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 17KB - Virtual size: 16KB

9746c1a697475d80e0fba017b2790490

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

e5:01:eb:fa:11:67:88:56:c2:c8:19:c0:5a:75:23:dd:39:ef:1b:08:dd:71:77:52:3c:18:d5:7c:ec:6e:77:d7Signer

Signature Validations

Verification

02/11/2020, 22:10 Valid: true

Chain 1

ec:b6:4c:e5:e1:a9:c9:35:f6:23:b7:88:5a:ae:8b:64:1a:eb:88:35Signer

Signature Validations

Verification

02/11/2020, 22:10 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 1024B - Virtual size: 9KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 17KB - Virtual size: 16KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

e5:01:eb:fa:11:67:88:56:c2:c8:19:c0:5a:75:23:dd:39:ef:1b:08:dd:71:77:52:3c:18:d5:7c:ec:6e:77:d7
Signer

02/11/2020, 22:10
Valid: true

ec:b6:4c:e5:e1:a9:c9:35:f6:23:b7:88:5a:ae:8b:64:1a:eb:88:35
Signer

02/11/2020, 22:10
Valid: true

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 13KB - Virtual size: 12KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 36KB - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 309KB - Virtual size: 311KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB