DirectX_11_Setup[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

DirectX_11_Setup.zip
Size

96.0MB
MD5

568d4d1b15d7b4ffede4ea4fd3e6f49e
SHA1

94340d43845532a624dff6ff71ec68609f0bf4b9
SHA256

219283dab871eff3793495ca136d0b0e2196c1c130dcce9e4232aca92c625a0f
SHA512

317103b036967d06185b1e6ba7e90ce3aee4a62a3b3d2b18b763f79d9400116ce84f6544f2a314884a804faee35ca1dba951ab3162c60889e08d53643766ae96
SSDEEP

1572864:SVN0lTa+hItHArjvHFCqmr8ghu5N81mV2NK9atj3uu7sFajapbg9xtYWELC4Jyv1:SVQTa+hItgnv4/JEumV2NQatau7sM+la

Score

1^/10

Malware Config

Signatures

Files

DirectX_11_Setup.zip
.zip
APR2007_XACT_x64.cab
.cab .ps1
apr2007_xact_x64.inf
infinst.exe
.exe windows x64

6668c9525ad04c4190169dc04fde550d

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

44:c2:26:68:e3:a7:0e:0f:e1:0d:6e:d0:a5:42:df:15:4c:e1:0a:0f
Signer

Actual PE Digest

44:c2:26:68:e3:a7:0e:0f:e1:0d:6e:d0:a5:42:df:15:4c:e1:0a:0f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05-04-2007 01:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA
GetWindowsDirectoryA
GetLastError
LocalFree
FormatMessageA
CompareStringA
CloseHandle
CreateFileA
lstrlenA
GetPrivateProfileStringA
FindClose
FindFirstFileA
MoveFileExA
CopyFileA
GetCurrentDirectoryA
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLocalTime
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
Sleep
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
ReadFile
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupOpenInfFileA
SetupOpenFileQueue
SetupInstallFromInfSectionA
SetupCloseFileQueue
SetupCloseInfFile
SetupCopyOEMInfA
SetupDiDestroyDeviceInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDefaultQueueCallbackA

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x3daudio1_1.dll
.dll windows x64

01dbb721ad8b0aa287d0e6cb37b97382

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77
Signer

Actual PE Digest

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15-05-2023 13:27
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

tan
sinf
sin
sqrt
_initterm
cosf
malloc
acosf
free
atan2f

kernel32

Sleep
DisableThreadLibraryCalls

Exports

Exports

X3DAudioCalculate
X3DAudioInitialize

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xact2_7_x64.cat
xact2_7_x64.inf
xact2_7_x64_xp.inf
xactengine2_7.dll
.dll regsvr32 windows x64

db64690fd3880f9d7a43b3137465b79c

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:0a:f8:7d:a4:03:9b:2c:84:8b:b3:7d:71:bf:21:21:a5:17:49:1b
Signer

Actual PE Digest

a8:0a:f8:7d:a4:03:9b:2c:84:8b:b3:7d:71:bf:21:21:a5:17:49:1b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05-04-2007 01:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
sinf
cosf
strncpy
sqrtf
free
malloc
cos
floorf
??2@YAPEAX_K@Z
_vsnwprintf
sin
powf
pow
log10
memcmp
_purecall
memcpy
acosf
atan2f
memset
sqrt
_isnan
??3@YAXPEAX@Z
_controlfp
_vsnprintf
_aligned_malloc
_aligned_free
tan

kernel32

GetSystemInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
lstrcmpW
__C_specific_handler
HeapSize
GetFileSize
SetEndOfFile
SetFilePointer
DisableThreadLibraryCalls
GetLastError
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
HeapFree
CreateSemaphoreW
GetCurrentThreadId
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
CloseHandle
CreateFileA
QueryPerformanceFrequency
GetOverlappedResult
ReadFile
WaitForMultipleObjects
WaitForSingleObject
SetEvent
CreateThread
CreateEventA
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
WriteFile
ReleaseSemaphore
CreateEventW
SetThreadPriority
GetProcessHeap
RtlCaptureContext
SwitchToThread

rpcrt4

RpcStringFreeA
UuidToStringA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
PropVariantClear
CLSIDFromString

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

user32

GetDesktopWindow

winmm

timeEndPeriod
timeBeginPeriod

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 99B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
APR2007_XACT_x86.cab
.cab
APR2007_d3dx10_33_x64.cab
.cab
APR2007_d3dx10_33_x86.cab
.cab
APR2007_d3dx9_33_x64.cab
.cab
APR2007_d3dx9_33_x86.cab
.cab
APR2007_xinput_x64.cab
.cab
APR2007_xinput_x86.cab
.cab
AUG2006_XACT_x64.cab
.cab
AUG2006_XACT_x86.cab
.cab
AUG2006_xinput_x64.cab
.cab
AUG2006_xinput_x86.cab
.cab
AUG2007_XACT_x64.cab
.cab
AUG2007_XACT_x86.cab
.cab
AUG2007_d3dx10_35_x64.cab
.cab
AUG2007_d3dx10_35_x86.cab
.cab
AUG2007_d3dx9_35_x64.cab
.cab
AUG2007_d3dx9_35_x86.cab
.cab
Apr2005_d3dx9_25_x64.cab
.cab
Apr2005_d3dx9_25_x86.cab
.cab
Apr2006_MDX1_x86.cab
.cab
Apr2006_MDX1_x86_Archive.cab
.cab
Apr2006_XACT_x64.cab
.cab
Apr2006_XACT_x86.cab
.cab
Apr2006_d3dx9_30_x64.cab
.cab
Apr2006_d3dx9_30_x86.cab
.cab
Apr2006_xinput_x64.cab
.cab
Apr2006_xinput_x86.cab
.cab .ps1
Aug2005_d3dx9_27_x64.cab
.cab
Aug2005_d3dx9_27_x86.cab
.cab
Aug2008_XACT_x64.cab
.cab
Aug2008_XACT_x86.cab
.cab
Aug2008_XAudio_x64.cab
.cab
Aug2008_XAudio_x86.cab
.cab
Aug2008_d3dx10_39_x64.cab
.cab
Aug2008_d3dx10_39_x86.cab
.cab
Aug2008_d3dx9_39_x64.cab
.cab
Aug2008_d3dx9_39_x86.cab
.cab
Aug2009_D3DCompiler_42_x64.cab
.cab
Aug2009_D3DCompiler_42_x86.cab
.cab
Aug2009_XACT_x64.cab
.cab
Aug2009_XACT_x86.cab
.cab
Aug2009_XAudio_x64.cab
.cab
Aug2009_XAudio_x86.cab
.cab
Aug2009_d3dcsx_42_x64.cab
.cab
Aug2009_d3dcsx_42_x86.cab
.cab
Aug2009_d3dx10_42_x64.cab
.cab
Aug2009_d3dx10_42_x86.cab
.cab
Aug2009_d3dx11_42_x64.cab
.cab
Aug2009_d3dx11_42_x86.cab
.cab
Aug2009_d3dx9_42_x64.cab
.cab
Aug2009_d3dx9_42_x86.cab
.cab
DEC2006_XACT_x64.cab
.cab
DEC2006_XACT_x86.cab
.cab
DEC2006_d3dx10_00_x64.cab
.cab
DEC2006_d3dx10_00_x86.cab
.cab
DEC2006_d3dx9_32_x64.cab
.cab
DEC2006_d3dx9_32_x86.cab
.cab
DSETUP.dll
.dll windows x86

5ee93a27b334994f92812e79a2fb75bd

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e7:2c:0e:bb:86:1f:cb:57:4e:97:97:44:28:c3:0a:2d:07:1d:2d:27
Signer

Actual PE Digest

e7:2c:0e:bb:86:1f:cb:57:4e:97:97:44:28:c3:0a:2d:07:1d:2d:27

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02-06-2010 12:18
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
LocalAlloc
lstrcmpA
WideCharToMultiByte
GetSystemDefaultLCID
GetModuleFileNameA
SetLastError
MultiByteToWideChar
lstrlenA
lstrlenW
CompareStringA
CreateDirectoryA
GetWindowsDirectoryA
FormatMessageA
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapFree
HeapAlloc
HeapReAlloc
GetLocalTime
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentDirectoryA
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringW
GetStringTypeW
HeapSize
WriteConsoleW
SetEndOfFile
GetProcessHeap
ReadFile
CreateFileW
GetSystemDirectoryA
SetCurrentDirectoryA
GetVersionExA
LoadLibraryA
GetProcAddress
OutputDebugStringA
CreateMutexA
GetLastError
CloseHandle
HeapCreate
FreeLibrary

user32

GetKeyboardType
DestroyWindow
SetFocus
CreateDialogParamA
SetDlgItemTextA
MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA

winmm

mmioRead
mmioDescend
mmioClose
mmioOpenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

StringFromGUID2

Exports

Exports

DirectXDeviceDriverSetupA
DirectXDeviceDriverSetupW
DirectXLoadString
DirectXRegisterApplicationA
DirectXRegisterApplicationW
DirectXSetupA
DirectXSetupCallback
DirectXSetupGetEULAA
DirectXSetupGetEULAW
DirectXSetupGetFileVersion
DirectXSetupGetVersion
DirectXSetupIsEng
DirectXSetupIsJapan
DirectXSetupIsJapanNec
DirectXSetupSetCallback
DirectXSetupShowEULA
DirectXSetupW
DirectXUnRegisterApplication

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DXSETUP.exe
.exe windows x86

9f601d1261adacd540476661fd007bc3

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b1:da:04:49:85:85:98:e8:94:a8:22:25:b7:5b:70:bb:f9:f9:02:96
Signer

Actual PE Digest

b1:da:04:49:85:85:98:e8:94:a8:22:25:b7:5b:70:bb:f9:f9:02:96

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02-06-2010 12:18
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

FindClose
FindFirstFileA
lstrlenA
ReadFile
GetFileSize
CreateFileA
GetCurrentDirectoryA
GetCurrentProcess
GetModuleFileNameA
SetErrorMode
CreateMutexA
GetModuleHandleA
CreateThread
GetSystemDirectoryA
CloseHandle
GetVersionExA
LoadLibraryA
GetProcAddress
GetWindowsDirectoryA
FreeLibrary
CompareStringA
FormatMessageA
lstrcmpiA
GetProcessHeap
SetEndOfFile
WriteConsoleW
HeapReAlloc
GetStringTypeW
HeapSize
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
Sleep
LoadLibraryW
MultiByteToWideChar
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
RaiseException
HeapAlloc
RtlUnwind
CreateFileW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
CreateDirectoryA
GetLastError
LocalFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetLocalTime
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapFree

gdi32

CreateCompatibleDC
GetObjectA
StretchBlt
DeleteDC
SelectObject
CreateFontIndirectA
DeleteObject
GetDeviceCaps

user32

ReleaseDC
GetDC
LoadImageA
SystemParametersInfoA
SendDlgItemMessageA
SetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
GetParent
SetDlgItemTextA
GetDlgItem
SendMessageA
ShowWindow
GetAsyncKeyState
ExitWindowsEx
EnumWindows
CharLowerA
LoadStringA
MessageBoxA
GetWindowTextA
GetClassNameA
SetForegroundWindow
SetFocus

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comctl32

CreatePropertySheetPageA
PropertySheetA
ord17

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dec2005_d3dx9_28_x64.cab
.cab
Dec2005_d3dx9_28_x86.cab
.cab
FEB2007_XACT_x64.cab
.cab
FEB2007_XACT_x86.cab
.cab
Feb2005_d3dx9_24_x64.cab
.cab
Feb2005_d3dx9_24_x86.cab
.cab
Feb2006_XACT_x64.cab
.cab
Feb2006_XACT_x86.cab
.cab
Feb2006_d3dx9_29_x64.cab
.cab
Feb2006_d3dx9_29_x86.cab
.cab
Feb2010_X3DAudio_x64.cab
.cab
Feb2010_X3DAudio_x86.cab
.cab
Feb2010_XACT_x64.cab
.cab
Feb2010_XACT_x86.cab
.cab
Feb2010_XAudio_x64.cab
.cab
Feb2010_XAudio_x86.cab
.cab
JUN2006_XACT_x64.cab
.cab
JUN2006_XACT_x86.cab
.cab
JUN2007_XACT_x64.cab
.cab
JUN2007_XACT_x86.cab
.cab
JUN2007_d3dx10_34_x64.cab
.cab
JUN2007_d3dx10_34_x86.cab
.cab
JUN2007_d3dx9_34_x64.cab
.cab
JUN2007_d3dx9_34_x86.cab
.cab
JUN2008_X3DAudio_x64.cab
.cab
JUN2008_X3DAudio_x86.cab
.cab
JUN2008_XACT_x64.cab
.cab
JUN2008_XACT_x86.cab
.cab
JUN2008_XAudio_x64.cab
.cab
JUN2008_XAudio_x86.cab
.cab
JUN2008_d3dx10_38_x64.cab
.cab
JUN2008_d3dx10_38_x86.cab
.cab
JUN2008_d3dx9_38_x64.cab
.cab
JUN2008_d3dx9_38_x86.cab
.cab
Jun2005_d3dx9_26_x64.cab
.cab
Jun2005_d3dx9_26_x86.cab
.cab
Jun2010_D3DCompiler_43_x64.cab
.cab
Jun2010_D3DCompiler_43_x86.cab
.cab
Jun2010_XACT_x64.cab
.cab
Jun2010_XACT_x86.cab
.cab
Jun2010_XAudio_x64.cab
.cab
Jun2010_XAudio_x86.cab
.cab
Jun2010_d3dcsx_43_x64.cab
.cab
Jun2010_d3dcsx_43_x86.cab
.cab
Jun2010_d3dx10_43_x64.cab
.cab
Jun2010_d3dx10_43_x86.cab
.cab
Jun2010_d3dx11_43_x64.cab
.cab
Jun2010_d3dx11_43_x86.cab
.cab
Jun2010_d3dx9_43_x64.cab
.cab
Jun2010_d3dx9_43_x86.cab
.cab
Mar2008_X3DAudio_x64.cab
.cab
Mar2008_X3DAudio_x86.cab
.cab
Mar2008_XACT_x64.cab
.cab
Mar2008_XACT_x86.cab
.cab
Mar2008_XAudio_x64.cab
.cab
Mar2008_XAudio_x86.cab
.cab
Mar2008_d3dx10_37_x64.cab
.cab
Mar2008_d3dx10_37_x86.cab
.cab
Mar2008_d3dx9_37_x64.cab
.cab
Mar2008_d3dx9_37_x86.cab
.cab
Mar2009_X3DAudio_x64.cab
.cab
Mar2009_X3DAudio_x86.cab
.cab
Mar2009_XACT_x64.cab
.cab
Mar2009_XACT_x86.cab
.cab
Mar2009_XAudio_x64.cab
.cab
Mar2009_XAudio_x86.cab
.cab
Mar2009_d3dx10_41_x64.cab
.cab
Mar2009_d3dx10_41_x86.cab
.cab
Mar2009_d3dx9_41_x64.cab
.cab
Mar2009_d3dx9_41_x86.cab
.cab
NOV2007_X3DAudio_x64.cab
.cab
NOV2007_X3DAudio_x86.cab
.cab
NOV2007_XACT_x64.cab
.cab
NOV2007_XACT_x86.cab
.cab
Nov2007_d3dx10_36_x64.cab
.cab
Nov2007_d3dx10_36_x86.cab
.cab
Nov2007_d3dx9_36_x64.cab
.cab
Nov2007_d3dx9_36_x86.cab
.cab
Nov2008_X3DAudio_x64.cab
.cab
Nov2008_X3DAudio_x86.cab
.cab
Nov2008_XACT_x64.cab
.cab
Nov2008_XACT_x86.cab
.cab
Nov2008_XAudio_x64.cab
.cab
Nov2008_XAudio_x86.cab
.cab
Nov2008_d3dx10_40_x64.cab
.cab
Nov2008_d3dx10_40_x86.cab
.cab
Nov2008_d3dx9_40_x64.cab
.cab
Nov2008_d3dx9_40_x86.cab
.cab
OCT2006_XACT_x64.cab
.cab
OCT2006_XACT_x86.cab
.cab
OCT2006_d3dx9_31_x64.cab
.cab
OCT2006_d3dx9_31_x86.cab
.cab
Oct2005_xinput_x64.cab
.cab
Oct2005_xinput_x86.cab
.cab
dsetup32.dll
.dll windows x86

d1671a2cd7c955bf9903489363b7585c

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:9d:3f:6c:9f:d6:3c:85:3d:d2:28:5b:3e:7b:4f:07:0b:5d:a1:86
Signer

Actual PE Digest

22:9d:3f:6c:9f:d6:3c:85:3d:d2:28:5b:3e:7b:4f:07:0b:5d:a1:86

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02-06-2010 12:18
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
GetSystemDirectoryA
CopyFileA
DeleteFileA
SetFileAttributesA
WideCharToMultiByte
LoadResource
FindResourceA
GetSystemDefaultLCID
GetModuleFileNameA
lstrcmpA
LockResource
SizeofResource
SetLastError
GetPrivateProfileStringA
MultiByteToWideChar
CloseHandle
GetFileSize
CreateFileA
GetPrivateProfileSectionA
lstrcmpiA
lstrlenA
FindNextFileA
GetShortPathNameA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryExA
GetFileAttributesA
GetPrivateProfileSectionNamesA
GetSystemInfo
GetDiskFreeSpaceA
GetModuleHandleA
ReadFile
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTempFileNameA
GetDriveTypeA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetTempPathA
MoveFileExA
SetFileTime
GetFileTime
Sleep
CreateMutexA
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetLocalTime
HeapFree
HeapReAlloc
EncodePointer
TlsAlloc
TlsGetValue
GetVersionExA
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
HeapAlloc
RaiseException
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteFile
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetModuleFileNameW
SetFilePointer
SetStdHandle
FlushFileBuffers
HeapSize
GetStringTypeW
WriteConsoleW
SetEndOfFile
GetProcessHeap
CreateFileW
GetProcAddress
LoadLibraryA
GetCurrentProcess
FreeLibrary
CompareStringA
FormatMessageA
LocalFree
GetWindowsDirectoryA
OutputDebugStringA
CreateDirectoryA
TlsSetValue
GetLastError

gdi32

GetDeviceCaps

user32

PeekMessageA
ShowWindow
GetDlgItem
SendMessageA
CharLowerA
MessageBoxA
CreateDialogParamA
SetFocus
DestroyWindow
DialogBoxParamA
GetMessageA
CharNextA
EndDialog
SetDlgItemTextA
SendDlgItemMessageA
GetDesktopWindow
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
LoadStringA
DispatchMessageA
TranslateMessage
GetKeyboardType

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegQueryValueExA

shlwapi

SHDeleteKeyA

winmm

mmioDescend
mmioOpenA
mmioClose
mmioRead

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

SHFileOperationA

ole32

StringFromGUID2

Exports

Exports

DirectXLoadString
DirectXSetupCallback
DirectXSetupSetCallback
DirectXSetupShowEULA
iDirectXSetup
iDirectXSetupGetEULA

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dxdllreg_x86.cab
.cab
dxupdate.cab
.cab

Sharing

General

Malware Config

Signatures

Files

6668c9525ad04c4190169dc04fde550d

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

44:c2:26:68:e3:a7:0e:0f:e1:0d:6e:d0:a5:42:df:15:4c:e1:0a:0fSigner

Signature Validations

Verification

05-04-2007 01:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

version

setupapi

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 2KB - Virtual size: 11KB

.pdata Size: 3KB - Virtual size: 2KB

01dbb721ad8b0aa287d0e6cb37b97382

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77Signer

Signature Validations

Verification

15-05-2023 13:27 Valid: false

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 296B

.pdata Size: 512B - Virtual size: 168B

.rsrc Size: 1024B - Virtual size: 984B

db64690fd3880f9d7a43b3137465b79c

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

44:c2:26:68:e3:a7:0e:0f:e1:0d:6e:d0:a5:42:df:15:4c:e1:0a:0f
Signer

05-04-2007 01:53
Valid: false

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 2KB - Virtual size: 11KB

.pdata
Size: 3KB - Virtual size: 2KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77
Signer

15-05-2023 13:27
Valid: false

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 296B

.pdata
Size: 512B - Virtual size: 168B

.rsrc
Size: 1024B - Virtual size: 984B

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

a8:0a:f8:7d:a4:03:9b:2c:84:8b:b3:7d:71:bf:21:21:a5:17:49:1b
Signer

05-04-2007 01:55
Valid: false

.text
Size: 354KB - Virtual size: 354KB

RT_CODE
Size: 512B - Virtual size: 99B

.data
Size: 1024B - Virtual size: 11KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 3KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

e7:2c:0e:bb:86:1f:cb:57:4e:97:97:44:28:c3:0a:2d:07:1d:2d:27
Signer

02-06-2010 12:18
Valid: false

.text
Size: 70KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB