53a9e328618e84e979d0a990d7d8c7280f7d16dd4540cfc046174eb8c83b9ed7

Sharing

Copy URL Twitter E-mail

General

Target

53a9e328618e84e979d0a990d7d8c7280f7d16dd4540cfc046174eb8c83b9ed7
Size

5.9MB
MD5

fec3e31fd36fd5d2b07674d7ac0caf03
SHA1

56d14c20169f2e7b4577d3a0b018ac416bd6f83f
SHA256

53a9e328618e84e979d0a990d7d8c7280f7d16dd4540cfc046174eb8c83b9ed7
SHA512

4690afc14ce36669a58312ce069aa52141a07d6ee1c806454f059321a85b27692fe5a0a1b10023fd0e7191d223c8cb81ef0008f17498a936d8b590ff7a7085be
SSDEEP

98304:HbwCchySQ2KAmoJOAhhaNRhy9AeEYWPCVKLaen24anEaUBdM7Pt9CZA7llYpGKla:7wUH2yDGENRhy5bWmKGMsEHM7PtzhzK0

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IDM6.27.2/IDMan.exe
unpack001/IDM6.27.2/idmwfp32.sys
unpack001/IDM6.27.2/idmwfp64.sys

Files

53a9e328618e84e979d0a990d7d8c7280f7d16dd4540cfc046174eb8c83b9ed7
.zip
IDM6.27.2/!绿化卸载.bat
.bat .vbs
IDM6.27.2/GlobalErrors.log
IDM6.27.2/IDMFType.dat
IDM6.27.2/IDMFType64.dll
.dll windows:5 windows x64

f811252742cee99958ced610cdfd96ef

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2010, 00:00

Not After

01/06/2013, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:17:36:10:d3:f1:9e:b0:b4:cd:13:9f:ed:8e:66:47:32:f8:61:32
Signer

Actual PE Digest

3b:17:36:10:d3:f1:9e:b0:b4:cd:13:9f:ed:8e:66:47:32:f8:61:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

realloc
islower
isupper
toupper
isspace
asctime
_strnicmp
strncmp
memcpy
__C_specific_handler
_CxxThrowException
_snprintf
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_XcptFilter
_initterm
_amsg_exit
_vsnprintf
strchr
strcspn
_stricmp
tolower
malloc
strncpy
_gmtime64
_ctime64
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
fclose
fseek
fread
fopen
free
__CxxFrameHandler

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
Sleep
VirtualProtect
GetSystemTimeAsFileTime

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

IDMExtensionForMimeType
IDMFileType

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMGCExt.crx
.zip
IDM6.27.2/IDMGetAll.dll
.dll regsvr32 windows:4 windows x86

4caeeb1aa31857dc0ccf78ea18cdb570

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
DisableThreadLibraryCalls
lstrcpynA
IsDBCSLeadByte
HeapDestroy
LoadLibraryA
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
LocalFree
GetLastError
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
lstrcmpiA
InterlockedIncrement

user32

CharNextA
MessageBoxA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoTaskMemFree

oleaut32

LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayPutElement
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SafeArrayCreate
SysFreeString
SysStringLen
SafeArrayDestroy
SysAllocString

wininet

InternetCombineUrlA
InternetGetCookieA

msvcrt

_CxxThrowException
memcmp
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
realloc
malloc
strchr
free
_purecall
wcscpy
wcsstr
wcschr
wcsncpy
wcscat
wcsncat
strcpy
strpbrk
strstr
strrchr
_except_handler3
_memicmp
isalpha
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
__CxxFrameHandler
_mbschr
_mbsinc
memset
vsprintf
_mbclen
_ismbcdigit
atoi
sprintf
_wcsicmp
strlen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMGetAll64.dll
.dll regsvr32 windows:5 windows x64

381ecb1e5320448e597c487d572438dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wininet

InternetGetCookieA
InternetCombineUrlA

kernel32

GetCurrentThreadId
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcAddress
GetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
Sleep
TerminateProcess
FreeLibrary
GetCurrentProcess
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

CharNextW
MessageBoxA
CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoCreateInstance

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SafeArrayCreate
SafeArrayDestroy
SysAllocStringLen
SafeArrayPutElement
VarBstrCat
SysStringLen
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysAllocString

msvcr90

__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
_mbschr
_mbsstr
_mbsinc
_mbclen
??_U@YAPEAX_K@Z
memcpy
memset
vsprintf
wcslen
_ismbcdigit
atoi
__CxxFrameHandler3
strpbrk
strrchr
strstr
wcschr
wcsstr
??2@YAPEAX_K@Z
free
_CxxThrowException
wcsncat
wcscat
wcsncpy
wcscpy
strcpy
strlen
sprintf
_wcsicmp
memcmp
_mbsnbcpy_s
malloc
memcpy_s
strcpy_s
wcsncpy_s
strcat_s
__C_specific_handler
_resetstkoflw
_purecall
_recalloc
strchr
_memicmp
isalpha

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 542B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMGrHlp.exe
.exe windows:5 windows x86

7f5f7b04618dae01b271c5b781e88c19

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:6e:ca:c5:3c:a7:07:3e:2e:67:31:ca:14:24:07:bc:c5:ca:15:34:97:df:30:b5:be:5f:88:68:4c:8f:b4:0c
Signer

Actual PE Digest

73:6e:ca:c5:3c:a7:07:3e:2e:67:31:ca:14:24:07:bc:c5:ca:15:34:97:df:30:b5:be:5f:88:68:4c:8f:b4:0c

Digest Algorithm

sha256

PE Digest Matches

false

77:c7:25:7b:cd:26:aa:17:55:6f:63:b3:00:0d:f3:1b:b4:80:a1:63
Signer

Actual PE Digest

77:c7:25:7b:cd:26:aa:17:55:6f:63:b3:00:0d:f3:1b:b4:80:a1:63

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCombineUrlA

shell32

ShellExecuteA

kernel32

FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
HeapFree
RtlUnwind
RaiseException
HeapAlloc
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
HeapSize
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetOEMCP
GetCPInfo
GlobalFlags
WritePrivateProfileStringA
FileTimeToSystemTime
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameW
GetThreadLocale
InterlockedIncrement
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetProcessHeap
lstrcmpW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
FreeLibrary
lstrcmpA
FormatMessageA
MulDiv
lstrlenA
SetLastError
LocalFree
LoadLibraryA
GetProcAddress
InterlockedDecrement
GetVersionExA
GetModuleHandleA
CreateThread
SleepEx
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
SetUnhandledExceptionFilter
GetCurrentThreadId
ExitProcess
CreateFileW
GetFileSize
WriteFile
SetFilePointer
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
GetLastError
GlobalFree
MultiByteToWideChar
lstrlenW
IsDebuggerPresent

user32

InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
DestroyMenu
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
SetCursor
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetClassInfoExA
GetClassInfoA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
GetMenuCheckMarkDimensions
CharUpperA
ReleaseCapture
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
KillTimer
SetTimer
IsWindow
UnregisterClassA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxA
PostQuitMessage
GetDesktopWindow
SetWindowsHookExA
GetClassNameA
GetWindowTextA
PostMessageA
CallNextHookEx
GetSystemMetrics
LoadIconA
EnableWindow
UpdateWindow
GetClientRect
GetWindowRect
IsIconic
SendMessageA
DrawIcon
PostThreadMessageA
UnhookWindowsHookEx
SetCapture
GetForegroundWindow

gdi32

ExtSelectClipRgn
DeleteDC
ExtTextOutA
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
TextOutA
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
GetStockObject
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
Escape

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CoTaskMemAlloc
CreateBindCtx
CoInitialize
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
VarBstrCmp
SysAllocString
SysAllocStringByteLen

urlmon

CoInternetGetSession
CreateURLMoniker

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMIECC.dll
.dll regsvr32 windows:5 windows x86

cb6f226f92141fb8f44cea90e775fce5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:22:06:ce:2d:03:aa:ab:d3:60:f7:27:c2:45:a8:be:01:71:3b:27:4e:f8:16:54:79:ff:a3:5a:30:24:e5:44
Signer

Actual PE Digest

c5:22:06:ce:2d:03:aa:ab:d3:60:f7:27:c2:45:a8:be:01:71:3b:27:4e:f8:16:54:79:ff:a3:5a:30:24:e5:44

Digest Algorithm

sha256

PE Digest Matches

true

22:2f:e7:ba:1a:13:35:41:e5:c9:79:d5:27:cc:33:4c:41:14:8b:2b
Signer

Actual PE Digest

22:2f:e7:ba:1a:13:35:41:e5:c9:79:d5:27:cc:33:4c:41:14:8b:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCanonicalizeUrlW
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetCookieA
InternetCombineUrlW
GetUrlCacheEntryInfoA
InternetCombineUrlA

ws2_32

ntohl

kernel32

GetVersionExA
FindClose
FindNextFileA
FindFirstFileA
InterlockedDecrement
GetProcAddress
GetLocaleInfoA
GetStringTypeW
GetModuleHandleA
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateThread
GetModuleFileNameA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
lstrcmpiA
TlsGetValue
GetModuleHandleW
TlsSetValue
CloseHandle
TlsFree
CreateMutexA
GetModuleFileNameW
TlsAlloc
IsDBCSLeadByte
GlobalUnlock
GlobalLock
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetWindowsDirectoryA
GetCurrentProcess
lstrcpynA
WaitForMultipleObjects
LoadLibraryW
MultiByteToWideChar
WriteConsoleA
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
WriteFile
HeapReAlloc
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
HeapSize
Sleep
IsValidCodePage
LoadLibraryA
CreateEventA
MulDiv
lstrlenA
GetFileAttributesA
GetLastError
WaitForSingleObject
ReleaseMutex
lstrlenW
WideCharToMultiByte
GetConsoleOutputCP
GetProcessHeap
WriteConsoleW
SetEndOfFile
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetLastError
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
VirtualProtect

user32

PostMessageA
PostQuitMessage
ScreenToClient
GetWindowRect
IntersectRect
GetSystemMetrics
GetClientRect
CharLowerBuffA
SendMessageA
IsWindow
ReleaseDC
GetParent
GetCursorPos
GetAsyncKeyState
GetKeyboardState
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
MessageBoxA
CharNextW
CharNextA
SetPropA
LoadIconA
LoadCursorA
RegisterClassA
GetPropA
RemovePropA
PtInRect
DefWindowProcA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowTextLengthW
GetWindowTextW
GetClassNameA
FindWindowExA
GetDC

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegRestoreKeyA
RegLoadKeyA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueExW
RegQueryValueExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoGetClassObject

oleaut32

VarBstrCat
VariantClear
VarBstrCmp
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
GetErrorInfo
SysStringByteLen

shlwapi

UrlUnescapeA

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetListenerState
InstallNSH

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMIECC64.dll
.dll regsvr32 windows:5 windows x64

4f10b0b1978e9a4090ae826927789bc2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:90:2e:af:45:44:58:06:82:5d:c2:2b:54:b2:e7:70:73:5f:e6:3a:f2:5e:92:86:83:6c:39:16:ea:45:08:34
Signer

Actual PE Digest

0f:90:2e:af:45:44:58:06:82:5d:c2:2b:54:b2:e7:70:73:5f:e6:3a:f2:5e:92:86:83:6c:39:16:ea:45:08:34

Digest Algorithm

sha256

PE Digest Matches

true

de:0b:12:66:b5:6e:33:1f:9b:62:d1:45:33:d8:8e:15:4a:f6:8e:0d
Signer

Actual PE Digest

de:0b:12:66:b5:6e:33:1f:9b:62:d1:45:33:d8:8e:15:4a:f6:8e:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wininet

InternetCombineUrlA
InternetCrackUrlA
GetUrlCacheEntryInfoA
InternetCombineUrlW
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetGetCookieA

ws2_32

ntohl

kernel32

FindNextFileA
FindFirstFileA
GetProcAddress
GetLocaleInfoA
GetStringTypeW
GetModuleHandleA
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateThread
GetModuleFileNameA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
TlsGetValue
GetModuleHandleW
TlsSetValue
CloseHandle
TlsFree
FindClose
GetModuleFileNameW
TlsAlloc
IsDBCSLeadByte
GlobalUnlock
GlobalLock
GetVersionExA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryA
GetWindowsDirectoryA
GetCurrentProcess
lstrcpynA
WaitForMultipleObjects
CreateEventA
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
GetProcessHeap
HeapFree
LoadLibraryW
MulDiv
MultiByteToWideChar
lstrlenA
GetFileAttributesA
GetLastError
WaitForSingleObject
ReleaseMutex
lstrlenW
WideCharToMultiByte
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
CreateMutexA

user32

SendMessageA
IsWindow
ReleaseDC
GetDC
PostMessageA
ScreenToClient
GetWindowRect
IntersectRect
GetSystemMetrics
GetParent
GetCursorPos
GetAsyncKeyState
GetKeyboardState
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
MessageBoxA
CharNextW
CharNextA
SetPropA
LoadIconA
LoadCursorA
RegisterClassA
GetPropA
RemovePropA
PostQuitMessage
DefWindowProcA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowTextLengthW
GetWindowTextW
GetClassNameA
FindWindowExA
PtInRect
CharLowerBuffA
GetClientRect

gdi32

GetStockObject
GetDeviceCaps

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegRestoreKeyA
RegLoadKeyA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
GetUserNameA

ole32

CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoGetClassObject
CoCreateInstance

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayDestroy
VarBstrCmp
VarBstrCat
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SysStringLen
GetErrorInfo
SysFreeString

shlwapi

UrlUnescapeA

msvcr90

isdigit
_strlwr
_i64toa
strncmp
_i64tow
fwrite
wcsncat
_recalloc
_resetstkoflw
__C_specific_handler
strcat_s
wcsncpy_s
strcpy_s
_mbsnbcpy_s
_strupr
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
_splitpath
_snprintf
strcat
memchr
_itoa
atoi
_strnicmp
isalpha
isalnum
isspace
strncpy
wcsncpy
_time64
sprintf
fopen
fgets
fclose
sscanf
wcsncmp
wcscpy
wcscat
_purecall
strcmp
_vswprintf
_mbsstr
memcmp
wcsrchr
wcspbrk
strrchr
swscanf
??2@YAPEAX_K@Z
wcschr
malloc
free
_wcsicmp
wcscmp
memmove
memcpy_s
_wcsnicmp
iswdigit
??3@YAXPEAX@Z
strchr
strpbrk
strstr
__CxxFrameHandler3
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
strcpy
strlen
_stricmp
_memicmp
memcpy
memset
wcslen
wcsstr
_CxxThrowException

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetListenerState
InstallNSH

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMIntegrator64.exe
.exe windows:5 windows x64

1655926ba0713665e9265c19c8bd261a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:bc:8d:6f:40:ee:e8:8f:1d:13:64:dc:9c:71:3e:44:0c:e2:8f:5c:1d:86:58:27:e2:fc:93:d2:f3:06:6d:42
Signer

Actual PE Digest

2d:bc:8d:6f:40:ee:e8:8f:1d:13:64:dc:9c:71:3e:44:0c:e2:8f:5c:1d:86:58:27:e2:fc:93:d2:f3:06:6d:42

Digest Algorithm

sha256

PE Digest Matches

true

54:a6:a9:6d:f7:9d:70:8a:be:e6:ef:6e:2c:7a:cd:05:19:9a:55:2e
Signer

Actual PE Digest

54:a6:a9:6d:f7:9d:70:8a:be:e6:ef:6e:2c:7a:cd:05:19:9a:55:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateEventA
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryA
CreateMutexA
ResetEvent
HeapSize
HeapReAlloc
HeapAlloc
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetFileAttributesA
GetLastError
WaitForSingleObject
GetLocaleInfoA
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
InitializeCriticalSectionAndSpinCount

user32

wsprintfA
GetForegroundWindow
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DefWindowProcA
PostMessageA

gdi32

GetStockObject

advapi32

RegNotifyChangeKeyValue
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMNetMon.dll
.dll windows:5 windows x86

0cc5ed502307d05f987b8a64e8b106a9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:8d:19:b7:04:e4:c7:c6:5d:a6:30:57:a4:dd:d4:89:1e:23:8f:07:3a:ad:ea:dd:2a:67:20:92:73:13:d0:d4
Signer

Actual PE Digest

6d:8d:19:b7:04:e4:c7:c6:5d:a6:30:57:a4:dd:d4:89:1e:23:8f:07:3a:ad:ea:dd:2a:67:20:92:73:13:d0:d4

Digest Algorithm

sha256

PE Digest Matches

true

65:5f:72:fd:40:63:ef:95:9e:15:7c:94:73:39:98:95:2d:f9:e2:07
Signer

Actual PE Digest

65:5f:72:fd:40:63:ef:95:9e:15:7c:94:73:39:98:95:2d:f9:e2:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

sprintf
_i64toa
__CxxFrameHandler
strncmp
sscanf
_memicmp
isalpha
strncpy
isalnum
strstr
isspace
_itoa
_stricmp
wcsrchr
_snwprintf
fwrite
fprintf
strspn
fclose
_wfopen
memmove
_purecall
malloc
free
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
_wcsicmp
towlower
_wcsnicmp
tolower
wcsstr
wcspbrk
wcsspn
wcsncmp
strcspn
realloc
wcsncpy
wcsncat
fgets
ceil
_itow
memset
memcpy
_unlock
__dllonexit
_lock
_time64
_onexit
strpbrk
strchr
_vsnprintf
wcschr
_vsnwprintf
_wcsupr
_strupr
floor
_strnicmp
_CxxThrowException

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

accept
closesocket
WSACreateEvent
socket
bind
WSACleanup
shutdown
getsockname
ntohs
WSAEventSelect
WSAEnumNetworkEvents
WSAStartup
WSACloseEvent
ntohl
send
recv
htons
WSAGetLastError
getpeername
listen

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
RtlUnwind
QueryDosDeviceW
ReadProcessMemory
GetSystemDirectoryW
OpenProcess
GetLogicalDriveStringsW
GetVersionExW
GetCurrentProcess
FindNextFileW
FindClose
FindFirstFileW
MultiByteToWideChar
WideCharToMultiByte
ResetEvent
CreateFileW
InterlockedIncrement
GetModuleFileNameW
LoadLibraryW
FreeLibrary
FileTimeToLocalFileTime
GetLocalTime
FileTimeToSystemTime
CreateThread
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
DeviceIoControl
CreateEventW
GetExitCodeThread
ProcessIdToSessionId
GetLastError
InterlockedExchange
ExitThread
TerminateThread
GetTickCount
WaitForSingleObject
CreateMutexW
DisableThreadLibraryCalls
GetVersion
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapFree
HeapAlloc

user32

FindWindowW
GetAncestor
GetWindowTextW
EnumChildWindows
GetWindowTextLengthW
GetWindowInfo
EnumWindows
IsRectEmpty
GetDC
ReleaseDC
ClientToScreen
GetWindowRect
PostMessageW
GetClientRect
OffsetRect
ShowWindow
GetClassNameW
FindWindowExW
SendMessageW
MessageBoxW
DestroyWindow
UnregisterClassW
MsgWaitForMultipleObjects
CallNextHookEx
TranslateMessage
GetForegroundWindow
GetWindowLongW
PeekMessageW
SetWindowLongW
CreateWindowExW
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
RegisterClassW
DefWindowProcW
GetWindowThreadProcessId
DispatchMessageW
GetParent

gdi32

GetDeviceCaps

advapi32

RegNotifyChangeKeyValue
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
SafeArrayDestroy
SafeArrayCreateVector
SysStringLen
SysAllocString
SysStringByteLen
SafeArrayCreate
SafeArrayPutElement

Exports

Exports

ControlMonitoring

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMNetMon64.dll
.dll windows:5 windows x64

58eaa30b8a9225e4f8694c8ad53e75cb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:dc:d0:cd:6a:fb:cb:6a:4b:2e:1d:54:53:c4:0a:72:fd:0b:9e:a9:81:fe:a4:dd:9f:ff:15:58:0d:55:40:f1
Signer

Actual PE Digest

58:dc:d0:cd:6a:fb:cb:6a:4b:2e:1d:54:53:c4:0a:72:fd:0b:9e:a9:81:fe:a4:dd:9f:ff:15:58:0d:55:40:f1

Digest Algorithm

sha256

PE Digest Matches

true

42:3e:d3:62:5b:e7:59:7b:65:99:fc:4d:36:8e:f7:30:a0:f4:55:64
Signer

Actual PE Digest

42:3e:d3:62:5b:e7:59:7b:65:99:fc:4d:36:8e:f7:30:a0:f4:55:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
_itow
memset
wcsncat
wcsncpy
realloc
strcspn
wcsncmp
wcsspn
wcspbrk
wcsstr
tolower
_wcsnicmp
_vscwprintf
towlower
_wcsicmp
wcschr
strspn
_vsnprintf
sprintf
_i64toa
strpbrk
strncmp
sscanf
_memicmp
isalpha
strncpy
isalnum
strchr
strstr
__C_specific_handler
_CxxThrowException
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_XcptFilter
__CxxFrameHandler
_initterm
_amsg_exit
fgets
isspace
_itoa
_strnicmp
_stricmp
wcsrchr
_snwprintf
fwrite
fprintf
_vsnwprintf
_time64
fclose
_wfopen
memmove
_purecall
malloc
floor
ceilf
floorf
free
_wcsupr
_strupr
memcmp

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

send
ntohl
WSACloseEvent
WSAStartup
WSAEnumNetworkEvents
WSAEventSelect
ntohs
recv
WSACleanup
bind
socket
WSACreateEvent
closesocket
listen
accept
getpeername
WSAGetLastError
shutdown
htons
getsockname

kernel32

CreateEventW
GetExitCodeThread
ProcessIdToSessionId
GetLastError
ExitThread
TerminateThread
GetTickCount
WaitForSingleObject
CreateMutexW
Sleep
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
QueryDosDeviceW
IsWow64Process
ReadProcessMemory
GetSystemDirectoryW
OpenProcess
GetLogicalDriveStringsW
GetVersionExW
GetCurrentProcess
FindNextFileW
FindClose
FindFirstFileW
MultiByteToWideChar
WideCharToMultiByte
ResetEvent
CreateFileW
GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
FreeLibrary
FileTimeToLocalFileTime
GetLocalTime
FileTimeToSystemTime
CreateThread
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
DeviceIoControl
VirtualProtect

user32

GetParent
FindWindowW
GetAncestor
GetWindowTextW
EnumChildWindows
GetWindowTextLengthW
GetWindowInfo
EnumWindows
IsRectEmpty
GetDC
ReleaseDC
ClientToScreen
GetWindowRect
PostMessageW
GetClientRect
OffsetRect
ShowWindow
GetClassNameW
FindWindowExW
GetWindowThreadProcessId
DefWindowProcW
SetWindowLongPtrW
RegisterClassW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
CreateWindowExW
SetWindowLongW
PeekMessageW
GetWindowLongW
GetForegroundWindow
DispatchMessageW
TranslateMessage
GetWindowLongPtrW
CallNextHookEx
MsgWaitForMultipleObjects
UnregisterClassW
DestroyWindow
MessageBoxW
SendMessageW

gdi32

GetDeviceCaps

advapi32

CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegNotifyChangeKeyValue
RegEnumKeyExW
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SafeArrayCreateVector
SafeArrayDestroy
VariantInit
SysAllocStringLen
SafeArrayPutElement
SysFreeString
SysStringByteLen
SafeArrayCreate

Exports

Exports

ControlMonitoring

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMShellExt.dll
.dll regsvr32 windows:5 windows x86

2b8a1280cf84bb5e7e45ae79982c4eb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:64:6c:72:2f:d6:26:41:9c:33:08:37:7c:c2:13:65:5b:82:ed:1b
Signer

Actual PE Digest

e8:64:6c:72:2f:d6:26:41:9c:33:08:37:7c:c2:13:65:5b:82:ed:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
wcsrchr
malloc
free
_wcsicmp

shell32

SHChangeNotify
SHLoadNonloadedIconOverlayIdentifiers
ord526

shlwapi

ord219

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
CreateThread
WaitForMultipleObjects
CreateEventW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetTickCount
FreeLibrary
CloseHandle
DisableThreadLibraryCalls
GetLastError
GetModuleFileNameW
GetVersionExW
InitializeCriticalSection
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress

advapi32

CreateWellKnownSid
CheckTokenMembership
RegNotifyChangeKeyValue
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken

Exports

Exports

ControlMonitoring
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMShellExt64.dll
.dll regsvr32 windows:5 windows x64

83c0ca3d4704937146a26bd87c38f1ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:50:6e:29:d8:32:97:94:a2:e1:43:cd:26:82:88:c2:cb:f1:3a:b1
Signer

Actual PE Digest

a4:50:6e:29:d8:32:97:94:a2:e1:43:cd:26:82:88:c2:cb:f1:3a:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
__C_specific_handler
wcsrchr
malloc
free
_wcsicmp

shell32

SHChangeNotify
ord526
SHLoadNonloadedIconOverlayIdentifiers

shlwapi

ord219

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
CreateThread
WaitForMultipleObjects
CreateEventW
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
LoadLibraryW
GetTickCount
GetModuleHandleW
FreeLibrary
CloseHandle
DisableThreadLibraryCalls
GetLastError
GetModuleFileNameW
GetVersionExW
InitializeCriticalSection
GetCurrentProcess
Sleep

advapi32

CheckTokenMembership
RegNotifyChangeKeyValue
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
CreateWellKnownSid

Exports

Exports

ControlMonitoring
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/IDMan.exe
.exe windows:4 windows x86

a8dae3965113c7a84dcee0d01efdaa08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
ioctlsocket
connect
inet_addr
WSAGetLastError
ntohl
htonl
closesocket
send
recv
__WSAFDIsSet
select
getsockopt
listen
bind
accept
getsockname
ntohs
WSASetLastError
WSACleanup
WSAStartup
gethostbyname
htons

kernel32

GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
GetFileTime
SetErrorMode
WritePrivateProfileStringA
FindResourceExA
RtlUnwind
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
VirtualProtect
GetLocalTime
GetSystemTimeAsFileTime
RaiseException
HeapReAlloc
RemoveDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetStartupInfoA
GetCommandLineA
GetACP
ExitThread
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
lstrlenW
GetCurrentThread
GetTickCount
GetProfileIntA
GetThreadLocale
GetFullPathNameA
FindFirstFileA
UnlockFile
LockFile
DuplicateHandle
lstrcmpA
SuspendThread
SetThreadPriority
ResumeThread
FileTimeToLocalFileTime
InterlockedIncrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
CreateProcessA
SetThreadExecutionState
GetVolumeInformationW
CompareFileTime
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetSystemInfo
InterlockedDecrement
GetComputerNameA
FindResourceA
SizeofResource
LoadResource
LockResource
GetCurrentDirectoryA
GetSystemDefaultLangID
GetVolumeInformationA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcpynA
CreateThread
SleepEx
ReadFile
CreateDirectoryA
CopyFileW
MoveFileA
LocalAlloc
SetLastError
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
SetFileAttributesW
FlushFileBuffers
DeviceIoControl
GetCurrentThreadId
TerminateProcess
GetUserDefaultLangID
SetEvent
lstrlenA
SetFileAttributesA
DeleteFileA
GetWindowsDirectoryW
lstrcmpiA
GetLocaleInfoA
GetDriveTypeW
GetVersion
GetCurrentProcessId
MoveFileW
RemoveDirectoryW
GetSystemTime
SystemTimeToFileTime
SetFileTime
LoadLibraryW
MoveFileExW
GlobalAlloc
GlobalFree
GetModuleHandleA
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
lstrcatA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetSystemDirectoryW
DeleteFileW
GetWindowsDirectoryA
GetVersionExA
GetExitCodeProcess
CreateFileA
GetCurrentProcess
CreateProcessW
GetModuleFileNameW
CreateEventA
WaitForMultipleObjects
ResetEvent
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
CreateMutexA
OpenMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetSystemDirectoryA
GetModuleFileNameA
GetFileAttributesA
CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GlobalSize
GlobalLock
GlobalUnlock
WideCharToMultiByte
GetFileAttributesW
GetLastError
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
ExitProcess
GetProfileStringA
GetTimeZoneInformation

user32

GetDCEx
LockWindowUpdate
InflateRect
CharUpperA
IsClipboardFormatAvailable
ValidateRect
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
IsDialogMessageA
GetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetFocus
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
IsChild
WinHelpA
GetClassInfoA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
CallWindowProcA
GetMessageTime
GetLastActivePopup
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
GetParent
IsWindowEnabled
GetActiveWindow
DrawTextW
DrawFrameControl
SetRect
SystemParametersInfoW
DrawStateA
ModifyMenuW
DeleteMenu
AppendMenuW
DrawIconEx
GetSysColorBrush
FillRect
FrameRect
PeekMessageA
UnionRect
ClientToScreen
WindowFromPoint
SetDlgItemTextA
GetWindowTextLengthW
GetWindowTextLengthA
CopyIcon
SetFocus
DestroyIcon
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
SetCursorPos
GetClassNameA
CreateDialogParamW
CreateDialogParamA
GetPropA
RemovePropA
DefWindowProcW
DefWindowProcA
CreateWindowExA
SetWindowLongA
ShowWindow
RegisterClassA
DefDlgProcA
DestroyWindow
GetWindowLongA
GetWindowDC
BeginPaint
EndPaint
SetDlgItemTextW
RegisterWindowMessageA
RegisterClipboardFormatA
RemoveMenu
DrawFocusRect
GetMessagePos
ScreenToClient
LoadCursorA
SetCursor
EqualRect
GetCapture
ReleaseCapture
SetCapture
CreatePopupMenu
GetKeyState
ModifyMenuA
TrackPopupMenu
IsIconic
GetSystemMetrics
DrawIcon
OffsetRect
EnableMenuItem
SetClipboardViewer
CheckMenuItem
LoadImageW
LoadImageA
DestroyMenu
ChangeClipboardChain
GetMenu
EnumWindows
SetForegroundWindow
IsWindowVisible
wsprintfW
SendMessageW
LoadBitmapA
IsWindow
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
PostThreadMessageA
GetAsyncKeyState
SetRectEmpty
MapDialogRect
SetWindowContextHelpId
IntersectRect
IsRectEmpty
GetMenuItemCount
GetMenuItemID
GetSubMenu
AppendMenuA
CheckMenuRadioItem
GetCursorPos
PtInRect
InvalidateRect
GetClientRect
ReleaseDC
CopyRect
FindWindowA
GetWindowThreadProcessId
MsgWaitForMultipleObjects
MoveWindow
SetParent
KillTimer
SetTimer
wsprintfA
PostMessageA
GetForegroundWindow
ExitWindowsEx
MessageBeep
GetWindowTextA
MessageBoxW
GetWindowTextW
GetWindowRect
CreateWindowExW
SetWindowPos
SetWindowTextW
SetWindowTextA
GetDesktopWindow
MessageBoxA
GetDlgItem
GetSysColor
GetDlgCtrlID
LoadStringA
SendMessageA
GetWindow
GetDC
EnableWindow
LoadIconA
IsWindowUnicode
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
SetPropA

gdi32

SelectClipRgn
GetBkColor
EnumFontFamiliesExA
GetTextColor
SetWindowExtEx
ScaleViewportExtEx
CopyMetaFileA
GetCharWidthA
StretchDIBits
CombineRgn
SetRectRgn
CreateRectRgnIndirect
PatBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
GetMapMode
SetMapMode
LPtoDP
DPtoLP
GetTextMetricsA
CreateCompatibleBitmap
DeleteObject
SelectObject
StretchBlt
BitBlt
DeleteDC
GetStockObject
CreateCompatibleDC
IntersectClipRect
GetDIBits
CreateDIBSection
GetTextExtentPoint32A
CreateSolidBrush
GetObjectA
GetTextExtentPointA
CreateDIBitmap
CreateFontIndirectA
GetDeviceCaps
ScaleWindowExtEx
CreateFontA
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
RestoreDC
SaveDC
CreateBitmap
GetClipBox
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
CreateFontIndirectW
ExcludeClipRect

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameW

advapi32

CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueW
RegFlushKey
RegCreateKeyExW
GetUserNameW
RegLoadKeyA
RegRestoreKeyA
GetUserNameA
RegSaveKeyA
OpenSCManagerA
OpenServiceA
RegCloseKey
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueA

shell32

SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconA
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHFileOperationA
ShellExecuteW
FindExecutableW
ShellExecuteExA
ShellExecuteExW
SHGetFileInfoW
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_Add
ImageList_Remove
ord17
ord8
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_Draw
ImageList_DragEnter
ImageList_GetIcon
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

oledlg

ord8

ole32

CoTaskMemFree
OleUninitialize
CreateStreamOnHGlobal
CoRevokeClassObject
CoInitialize
CoUninitialize
CoSetProxyBlanket
OleGetClipboard
CoRegisterClassObject
CoGetObject
StringFromGUID2
CoCreateInstance
ReleaseStgMedium
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
RevokeDragDrop
CoLockObjectExternal
OleInitialize
RegisterDragDrop

olepro32

ord251
ord253

oleaut32

SysAllocString
SysAllocStringByteLen
VariantTimeToSystemTime
VariantChangeType
VariantCopy
VariantInit
VariantClear
LoadTypeLibEx
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
LoadTypeLi
SysStringLen
SysAllocStringLen
SysFreeString

wininet

InternetSetCookieA
InternetGetCookieA
InternetCrackUrlA
InternetCanonicalizeUrlA
GetUrlCacheEntryInfoW
InternetCanonicalizeUrlW
InternetCombineUrlA

Sections

.text
Size: 2.2MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IDM6.27.2/IEExt.htm
.html .vbs
IDM6.27.2/IEGetAll.htm
.html .vbs
IDM6.27.2/IEGetVL.htm
.html .vbs
IDM6.27.2/IEGetVL2.htm
.html .vbs
IDM6.27.2/IEMonitor.exe
.exe windows:4 windows x86

43cbd2e9038ad82d004c63e6b3ce04e5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:33:bb:fb:17:64:82:2d:1d:1d:36:95:7d:b4:a6:40:c0:75:a3:0b:96:93:18:fd:8c:99:0a:05:d3:40:fb:4b
Signer

Actual PE Digest

ee:33:bb:fb:17:64:82:2d:1d:1d:36:95:7d:b4:a6:40:c0:75:a3:0b:96:93:18:fd:8c:99:0a:05:d3:40:fb:4b

Digest Algorithm

sha256

PE Digest Matches

true

84:aa:94:42:30:e7:89:77:9b:a7:b5:05:cc:96:78:3d:18:2e:5a:21
Signer

Actual PE Digest

84:aa:94:42:30:e7:89:77:9b:a7:b5:05:cc:96:78:3d:18:2e:5a:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
GetSystemTimeAsFileTime
TerminateProcess
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
RtlUnwind
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileSize
GetProfileStringA
GetFileAttributesA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FormatMessageA
LocalFree
MulDiv
SetLastError
InterlockedIncrement
lstrlenW
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
lstrlenA
GetTickCount
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
InterlockedDecrement
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
lstrcpynA
GetVersionExA
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
ReleaseMutex
CloseHandle
CreateMutexA
GetLastError
GetModuleHandleA
HeapDestroy
GetModuleFileNameA

user32

InvalidateRect
CharUpperA
InflateRect
LoadStringA
GetSysColorBrush
PtInRect
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
DestroyMenu
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
PostThreadMessageA
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
LoadIconA
KillTimer
SetTimer
SendMessageA
DrawIcon
GetClientRect
UnregisterClassA
HideCaret
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
EndDialog
SetActiveWindow
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetSystemMetrics
IsIconic
PostMessageA
GetClassNameA
GetKeyboardState
GetKeyState
EnableWindow
PostQuitMessage
SetCursor
MessageBoxA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenu
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA

gdi32

CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
CreateBitmap
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExW

comctl32

ord17

oledlg

ord8

ole32

CoDisconnectObject
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemFree
CoRevokeClassObject
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoCreateInstance

olepro32

ord253

oleaut32

SysStringLen
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysFreeString
SysAllocString
VariantInit
SysAllocStringLen
VariantCopy
VariantChangeType
VariantTimeToSystemTime
SysAllocStringByteLen
LoadTypeLi
GetErrorInfo
VariantClear

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IDM6.27.2/Languages/idm_chn2.lng
IDM6.27.2/Languages/inst_chn.lng
IDM6.27.2/MediumILStart.exe
.exe windows:5 windows x86

ea409b65f70818232c2d17054c986f98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:74:ca:7a:ad:80:1f:f6:0a:9c:3a:ba:38:65:77:06:30:5b:62:9e:f7:1f:f8:d2:25:20:69:06:2c:00:ee:43
Signer

Actual PE Digest

67:74:ca:7a:ad:80:1f:f6:0a:9c:3a:ba:38:65:77:06:30:5b:62:9e:f7:1f:f8:d2:25:20:69:06:2c:00:ee:43

Digest Algorithm

sha256

PE Digest Matches

true

9a:52:1f:4e:12:6b:ff:34:fd:d7:46:e2:fb:70:ba:1c:84:46:40:57
Signer

Actual PE Digest

9a:52:1f:4e:12:6b:ff:34:fd:d7:46:e2:fb:70:ba:1c:84:46:40:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcr90

_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_initterm_e
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/Toolbar/3d_largeHot_3.bmp
IDM6.27.2/Toolbar/3d_largeHot_3_hdpi15.bmp
IDM6.27.2/Toolbar/3d_large_3.bmp
IDM6.27.2/Toolbar/3d_large_3_hdpi15.bmp
IDM6.27.2/Toolbar/3d_smallHot_3.bmp
IDM6.27.2/Toolbar/3d_small_3.bmp
IDM6.27.2/Toolbar/3d_style_3.tbi
IDM6.27.2/Toolbar/Faenza.tbi
IDM6.27.2/Toolbar/Faenza_Small_Disable.bmp
IDM6.27.2/Toolbar/Faenza_Small_Hot.bmp
IDM6.27.2/Toolbar/Faenza_Small_Normal.bmp
IDM6.27.2/Uninstall.exe
.exe windows:4 windows x86

9b1e1f98cf13fb3d60cb6a695fa9402c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:5e:de:a6:48:d7:69:af:01:a3:4f:0e:fd:c9:23:62:93:33:3e:71:82:6d:23:56:b7:e3:1a:02:cf:51:98:b4
Signer

Actual PE Digest

cd:5e:de:a6:48:d7:69:af:01:a3:4f:0e:fd:c9:23:62:93:33:3e:71:82:6d:23:56:b7:e3:1a:02:cf:51:98:b4

Digest Algorithm

sha256

PE Digest Matches

true

7a:4f:c4:da:60:e1:94:ce:79:b2:33:30:50:37:3b:ef:fa:41:69:87
Signer

Actual PE Digest

7a:4f:c4:da:60:e1:94:ce:79:b2:33:30:50:37:3b:ef:fa:41:69:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHDeleteKeyW

kernel32

lstrlenW
GetVersionExW
GetCurrentProcess
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
GetLastError
CreateFileW
CopyFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ExitThread
ExitProcess
lstrcpyW
lstrcmpW
UnmapViewOfFile
MultiByteToWideChar
GetSystemTime
CreateEventW
MapViewOfFile
SetFileTime
GetFileTime
CreateFileMappingW
GetWindowsDirectoryW
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetEndOfFile
SetFilePointer
GetShortPathNameW
MoveFileExW
DeleteFileW
WriteFile
LocalFree
FormatMessageW
GetSystemDefaultLangID
SetCurrentDirectoryW
LocalAlloc
GetExitCodeThread
CreateThread
OpenProcess
HeapAlloc
HeapFree
GetProcessHeap
TerminateProcess
GetDiskFreeSpaceW
ResumeThread
SuspendThread
WideCharToMultiByte
Sleep
GetSystemDirectoryW
CreateMutexW
OpenMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
lstrcmpiW
LoadLibraryW
GetProcAddress
FreeLibrary
GetFileAttributesW
lstrcatW
GetFileSize
GetStartupInfoW

user32

SetWindowLongW
MessageBoxW
wsprintfW
GetForegroundWindow
SendMessageW
SetDlgItemTextW
SendDlgItemMessageW
wsprintfA
EnableWindow
GetDlgItem
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
PostQuitMessage
ExitWindowsEx
GetWindowRect
ScreenToClient
CreateWindowExW
CallWindowProcW
GetParent
SetFocus
CharUpperW
FindWindowW
EnumWindows
GetWindowThreadProcessId
GetWindowTextW
GetClientRect
SetWindowPos
GetWindowLongW
DestroyWindow
SetForegroundWindow
PostMessageW
CreateDialogParamW
LoadIconW
ShowWindow
GetMessageW
IsDialogMessageW
SetWindowTextW
GetWindow
GetDesktopWindow
DialogBoxParamW
GetFocus
GetDlgCtrlID

advapi32

RegQueryValueExW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
GetUserNameW
FreeSid
LookupPrivilegeValueW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

LoadTypeLibEx

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_wcsnicmp
_snwprintf
_wfopen
fgets
sscanf
fclose
_CxxThrowException
_itow
strstr
strchr
memmove
wcschr
wcsncpy
_ftime
_ftol
memcpy
_stricmp
strncpy
_wcsupr
wcscmp
_wsplitpath
strlen
wcsncmp
free
malloc
memcmp
??2@YAPAXI@Z
wcsstr
memset
wcsrchr
wcslen
wcscat
wcscpy
??3@YAXPAX@Z
__CxxFrameHandler
__p__fmode
__set_app_type
__p__commode
_controlfp

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IDM6.27.2/defexclist.txt
IDM6.27.2/downlWithIDM.dll
.dll regsvr32 windows:4 windows x86

bb670d401dd4f21769f68d86f0aab95d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GetCurrentThreadId
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
FreeLibrary
GlobalUnlock
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
LoadLibraryA
lstrcpyA
lstrcatA
lstrlenW
GetModuleHandleA
GetProcAddress
LocalFree
GetLastError
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
SizeofResource
WideCharToMultiByte

user32

CharNextA
MessageBoxA
GetKeyState

advapi32

RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc
GetHGlobalFromStream

oleaut32

LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayCreate
SafeArrayPutElement
VariantClear
VariantInit
SafeArrayDestroy

wininet

InternetCombineUrlA
InternetGetCookieA

msvcrt

_purecall
atoi
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_CxxThrowException
_strnicmp
_ismbcdigit
_mbclen
free
vsprintf
_mbsinc
strcmp
wcscpy
wcsncpy
isdigit
realloc
malloc
__CxxFrameHandler
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
strlen
memset
strchr
isalpha
_stricmp
sprintf
_memicmp
memcpy
memchr
strpbrk
strstr
wcslen
wcschr
wcsstr
_wcsicmp
fclose
sscanf
memcmp
fgets
fopen
_splitpath
memmove
_mbsstr
strrchr
wcsncat
wcscat

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/downlWithIDM64.dll
.dll regsvr32 windows:5 windows x64

734bd5b9d3c9881324df7fae773f0625

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wininet

InternetCombineUrlA
InternetGetCookieA

kernel32

FindClose
FindNextFileA
FindFirstFileA
GlobalUnlock
GlobalLock
GetCurrentThreadId
GetModuleFileNameA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
GetModuleHandleA
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetProcAddress
GetLastError
MultiByteToWideChar
lstrlenA
lstrlenW
WideCharToMultiByte
GetTickCount
GetCurrentProcessId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep

user32

CharNextW
CharNextA
GetKeyState
MessageBoxA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
VariantClear
VariantInit

msvcr90

__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
isdigit
_strnicmp
??2@YAPEAX_K@Z
_recalloc
_purecall
_resetstkoflw
??3@YAXPEAX@Z
strchr
strpbrk
strrchr
strstr
memchr
wcschr
wcsstr
_mbsstr
free
_CxxThrowException
memcpy_s
memset
__CxxFrameHandler3
??_V@YAXPEAX@Z
strcmp
strcpy
??_U@YAPEAX_K@Z
strlen
memcpy
memmove
_stricmp
_memicmp
wcsncat
wcscat
wcsncpy
wcslen
wcscpy
fclose
sscanf
memcmp
fgets
fopen
sprintf
_splitpath
isalpha
_wcsicmp
_mbsinc
_mbclen
vsprintf
_ismbcdigit
atoi
_mbsnbcpy_s
malloc
strcpy_s
wcsncpy_s
strcat_s
__C_specific_handler

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmBroker.exe
.exe windows:5 windows x86

f01932127e42fb50b20c56d6e734ad84

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:38:fe:8d:5f:24:fd:2c:ed:dc:c0:3c:11:92:43:f1:38:fd:3d:56:08:fb:4c:01:9f:ac:19:8a:c2:86:19:2c
Signer

Actual PE Digest

3b:38:fe:8d:5f:24:fd:2c:ed:dc:c0:3c:11:92:43:f1:38:fd:3d:56:08:fb:4c:01:9f:ac:19:8a:c2:86:19:2c

Digest Algorithm

sha256

PE Digest Matches

true

d6:9b:38:c1:43:8e:a8:cd:58:23:4e:6e:d5:cc:e7:75:ea:eb:6b:7e
Signer

Actual PE Digest

d6:9b:38:c1:43:8e:a8:cd:58:23:4e:6e:d5:cc:e7:75:ea:eb:6b:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
CreateEventW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

user32

CharUpperW
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
GetAsyncKeyState
CharNextW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW

ole32

CoUninitialize
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitialize
CoTaskMemRealloc

oleaut32

LoadRegTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPutElement
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
SafeArrayDestroy

msvcr90

_wfopen_s
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
__p__fmode
_decode_pointer
_onexit
_lock
_encode_pointer
??3@YAXPAX@Z
wcsrchr
wcsstr
malloc
free
memcpy_s
_CxxThrowException
wcscpy_s
wcsncpy_s
wcscat_s
__CxxFrameHandler3
??_V@YAXPAX@Z
_recalloc
??_U@YAPAXI@Z
memset
swprintf_s
strchr
_wcsicmp
strstr
_wcsupr_s
fclose
sscanf_s
fgets
__dllonexit
strncpy
sscanf
strspn
strncmp
wcsncmp
_purecall
??2@YAPAXI@Z
_except_handler4_common
_unlock
__p__commode

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmantypeinfo.tlb
IDM6.27.2/idmbrbtn.dll
.dll windows:4 windows x86

5c496b19de249ed76b3b7783e2fe7d77

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:96:27:75:a8:c4:03:14:c0:a5:73:8d:31:60:47:d3:6d:06:72:5a:82:d7:96:07:cd:01:54:22:e3:e9:3c:b2
Signer

Actual PE Digest

83:96:27:75:a8:c4:03:14:c0:a5:73:8d:31:60:47:d3:6d:06:72:5a:82:d7:96:07:cd:01:54:22:e3:e9:3c:b2

Digest Algorithm

sha256

PE Digest Matches

true

e8:dc:0b:2b:97:47:20:39:a8:a4:7c:db:9b:b5:3e:87:32:48:2c:32
Signer

Actual PE Digest

e8:dc:0b:2b:97:47:20:39:a8:a4:7c:db:9b:b5:3e:87:32:48:2c:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcsrchr
fgets
strncpy
strspn
strncmp
sscanf
_wcsnicmp
wcsstr
iswalnum
wcsspn
wcscspn
memset
memcpy
malloc
free
_unlock
__dllonexit
_lock
_onexit
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
strstr
_i64tow
wcsncmp
??_V@YAXPAX@Z
wcsncpy
_snwprintf
??_U@YAPAXI@Z
_wcsicmp
wcsncat
??2@YAPAXI@Z
fclose
??3@YAXPAX@Z
_wfopen
strchr
wcschr
__CxxFrameHandler

kernel32

GetModuleHandleW
GetProcAddress
CloseHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetCurrentProcessId
GetACP
GetModuleFileNameW
GetVersionExW
GetLocaleInfoW
LoadLibraryW
GetSystemDirectoryW
OpenProcess
FindNextFileW
FindClose
FindFirstFileW
WideCharToMultiByte
lstrcmpiW
GetLastError
lstrlenW
CreateFileW
MulDiv
GetTickCount
GetFileSize
MultiByteToWideChar

user32

GetWindowTextW
CharLowerW
CharUpperW
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
SetTimer
TrackPopupMenu
GetWindowDC
LoadImageW
SetCapture
UnregisterClassW
PostMessageW
DrawTextW
KillTimer
DefDlgProcW
LoadCursorW
GetClientRect
BeginPaint
PtInRect
GetDC
LoadIconW
IntersectRect
InvalidateRect
AppendMenuW
ReleaseDC
SetWindowLongW
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
CreatePopupMenu
CreateWindowExW
MessageBoxW
ReleaseCapture
RegisterClassW
DestroyMenu
GetWindowThreadProcessId
MoveWindow
GetWindowLongW
FindWindowExW
SendMessageW
IsRectEmpty

gdi32

SetBkMode
StretchBlt
GetDeviceCaps
DeleteObject
DeleteDC
SetTextColor
GetTextMetricsW
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
GetStockObject
TranslateCharsetInfo
EnumFontFamiliesExW
BitBlt
GetTextExtentPoint32W

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysStringLen
SafeArrayDestroy
SafeArrayCreate
VariantInit
SysAllocStringLen
SafeArrayPutElement
SysFreeString
SafeArrayGetLBound
SafeArrayCreateVector
SafeArrayGetElement
SysStringByteLen

Exports

Exports

CreateDownlSelWtIDMButton
CreateIDMButton
CreateIDMButton2
CreateIDMButton3

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmbrbtn64.dll
.dll windows:5 windows x64

7638aacfe764a655c08cab478fc0e3c1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:f9:88:20:b5:4e:63:9f:43:c7:31:f8:ad:53:28:69:72:4a:ba:6f:96:a5:d0:7f:43:aa:c7:be:3b:37:26:6c
Signer

Actual PE Digest

de:f9:88:20:b5:4e:63:9f:43:c7:31:f8:ad:53:28:69:72:4a:ba:6f:96:a5:d0:7f:43:aa:c7:be:3b:37:26:6c

Digest Algorithm

sha256

PE Digest Matches

true

08:6c:cf:6f:18:88:32:06:db:4d:0b:43:3f:4f:2c:fb:ea:93:21:d6
Signer

Actual PE Digest

08:6c:cf:6f:18:88:32:06:db:4d:0b:43:3f:4f:2c:fb:ea:93:21:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
memset
memcpy
wcscspn
wcsspn
_unlock
__dllonexit
_lock
_onexit
_XcptFilter
malloc
_initterm
free
_amsg_exit
iswalnum
wcsstr
_wcsnicmp
wcschr
strspn
wcsrchr
fgets
strncpy
strchr
strstr
strncmp
sscanf
_i64tow
wcsncmp
??_V@YAXPEAX@Z
wcsncpy
_snwprintf
??_U@YAPEAX_K@Z
_wcsicmp
wcsncat
??2@YAPEAX_K@Z
fclose
??3@YAXPEAX@Z
_wfopen
__CxxFrameHandler

kernel32

lstrcmpiW
GetLastError
lstrlenW
CreateFileW
MulDiv
GetTickCount
GetModuleHandleW
GetFileSize
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
Sleep
OpenProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetCurrentProcessId
GetACP
GetModuleFileNameW
GetVersionExW
GetLocaleInfoW
LoadLibraryW
GetSystemDirectoryW
CloseHandle
FindNextFileW
FindClose
FindFirstFileW
VirtualProtect

user32

ReleaseDC
CharLowerW
CharUpperW
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
SetTimer
TrackPopupMenu
GetWindowDC
LoadImageW
SetCapture
UnregisterClassW
PostMessageW
DrawTextW
KillTimer
DefDlgProcW
LoadCursorW
GetClientRect
BeginPaint
PtInRect
GetDC
LoadIconW
IntersectRect
InvalidateRect
AppendMenuW
GetWindowTextW
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
CreatePopupMenu
CreateWindowExW
MessageBoxW
ReleaseCapture
RegisterClassW
SetWindowLongPtrW
DestroyMenu
GetWindowThreadProcessId
MoveWindow
GetWindowLongPtrW
FindWindowExW
SendMessageW
IsRectEmpty

gdi32

SetBkMode
StretchBlt
GetDeviceCaps
DeleteObject
DeleteDC
SetTextColor
GetTextMetricsW
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
GetStockObject
TranslateCharsetInfo
EnumFontFamiliesExW
BitBlt
GetTextExtentPoint32W

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysStringLen
SafeArrayDestroy
SafeArrayCreate
VariantInit
SysAllocStringLen
SafeArrayPutElement
SysFreeString
SafeArrayGetLBound
SafeArrayCreateVector
SafeArrayGetElement
SysStringByteLen

Exports

Exports

CreateDownlSelWtIDMButton
CreateIDMButton
CreateIDMButton2
CreateIDMButton3

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmcchandler2.dll
.dll windows:5 windows x86

50c293ae2379fe31404837ffcbeef2ad

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCombineUrlA

msvcrt

_i64toa
isdigit
_i64tow
strncmp
sprintf
wcsncmp
atoi
memchr
_itoa
_strnicmp
isalpha
isalnum
isspace
strncpy
strpbrk
wcsncpy
iswdigit
_wcsnicmp
strstr
_wcsicmp
_snprintf
_wsplitpath
fgets
_wfopen
sscanf
fclose
_mbsstr
strrchr
memset
swscanf
memmove
_stricmp
_CxxThrowException
wcsstr
_snwprintf
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_XcptFilter
_initterm
_amsg_exit
_memicmp
memcpy
malloc
free
strchr
wcschr
_wcslwr
_strupr
__CxxFrameHandler
_strlwr

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

GetProcAddress
GetStringTypeW
GetModuleHandleW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetCurrentThreadId
ReadFile
SetEnvironmentVariableA
CreateMutexA
CreateFileA
GetFileSize
GetCurrentProcess
GetFileAttributesA
GetWindowsDirectoryA
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetSystemDirectoryA
CreateThread
GetLastError
GetCurrentProcessId
GetLocaleInfoA
WaitForSingleObject
ReleaseMutex
GetVersionExA
LoadLibraryA
FindFirstFileW
FindNextFileW
FindClose
MulDiv
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CloseHandle
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetVersion

user32

LoadCursorA
GetCursorPos
IsWindow
GetClassNameA
GetParent
GetKeyboardState
GetKeyState
ReleaseDC
GetDC
SendMessageA
PostMessageA
MessageBoxA
LoadIconA
ShowWindow
RegisterClassA
DefWindowProcA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
ScreenToClient
PtInRect
GetClientRect
GetSystemMetrics
IntersectRect

gdi32

GetStockObject
GetDeviceCaps

advapi32

AdjustTokenPrivileges
RegLoadKeyA
RegRestoreKeyA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreate
VariantInit

Exports

Exports

IDMMzCC_DownloadAllWithIDM
IDMMzCC_DownloadLast10FLVwithIDM
IDMMzCC_DownloadLastFLVwithIDM
IDMMzCC_DownloadLinkWithIDM
IDMMzCC_GetListenerState
IDMMzCC_Observe
IDMMzCC_ShouldLoad
IDMMzCC_ShouldLoad_old1

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmcchandler2_64.dll
.dll windows:5 windows x64

e58a7880d9f120a9074aef6c3b26c186

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wininet

InternetCombineUrlA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

ReleaseMutex
WaitForSingleObject
GetLocaleInfoA
GetStringTypeW
GetCurrentProcessId
GetLastError
CreateThread
LoadLibraryA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
FindFirstFileW
GetFileAttributesA
GetVersionExA
GetCurrentProcess
GetFileSize
CreateFileA
CreateMutexA
SetEnvironmentVariableA
ReadFile
GetCurrentThreadId
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
RtlVirtualUnwind
FindNextFileW
FindClose
MulDiv
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CloseHandle
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetWindowsDirectoryA
GetSystemTimeAsFileTime

user32

ShowWindow
ReleaseDC
GetDC
SendMessageA
PostMessageA
IntersectRect
GetSystemMetrics
GetClientRect
PtInRect
ScreenToClient
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
DefWindowProcA
RegisterClassA
LoadCursorA
LoadIconA
MessageBoxA
GetKeyState
GetKeyboardState
GetParent
GetClassNameA
IsWindow
GetCursorPos

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegLoadKeyA
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyA
RegRestoreKeyA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

msvcr90

_mbsstr
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
_i64toa
memcmp
isdigit
memchr
_i64tow
strncmp
sprintf
wcsncmp
_strlwr
_itoa
_strnicmp
isalpha
isalnum
isspace
strncpy
strpbrk
wcsncpy
_wcslwr
strchr
free
malloc
memcpy
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcsrchr
_snwprintf
wcsstr
__CxxFrameHandler3
_CxxThrowException
_stricmp
memmove
swscanf
memset
strrchr
wcschr
iswdigit
fclose
sscanf
fgets
_wfopen
_wsplitpath
_wcsicmp
_snprintf
strstr
_wcsnicmp
_strupr
atoi

Exports

Exports

IDMMzCC_DownloadAllWithIDM
IDMMzCC_DownloadLast10FLVwithIDM
IDMMzCC_DownloadLastFLVwithIDM
IDMMzCC_DownloadLinkWithIDM
IDMMzCC_GetListenerState
IDMMzCC_Observe
IDMMzCC_ShouldLoad
IDMMzCC_ShouldLoad_old1

Sections

.text
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmcchandler7.dll
.dll windows:5 windows x86

7d9820c8a9924a69d479bb6408302c49

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:43:af:70:0e:3c:a8:dd:07:aa:a7:ab:33:f4:88:c5:73:54:06:d7:df:f4:9a:f3:c4:96:a0:3c:84:dd:86:15
Signer

Actual PE Digest

b6:43:af:70:0e:3c:a8:dd:07:aa:a7:ab:33:f4:88:c5:73:54:06:d7:df:f4:9a:f3:c4:96:a0:3c:84:dd:86:15

Digest Algorithm

sha256

PE Digest Matches

true

6c:d4:48:eb:db:cd:da:65:84:57:76:8c:e2:f5:fa:a1:94:b3:84:61
Signer

Actual PE Digest

6c:d4:48:eb:db:cd:da:65:84:57:76:8c:e2:f5:fa:a1:94:b3:84:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCombineUrlA

msvcrt

_i64toa
isdigit
_i64tow
_wtoi64
strncmp
sprintf
wcsncmp
memchr
_itoa
atoi
_strnicmp
isalpha
isalnum
isspace
strncpy
strpbrk
wcsncpy
iswdigit
strstr
_wcsicmp
_snprintf
_wsplitpath
fgets
_wfopen
sscanf
fclose
_wcsnicmp
_mbsstr
wcspbrk
strrchr
memset
swscanf
memmove
_stricmp
_CxxThrowException
wcsstr
_snwprintf
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_XcptFilter
_initterm
_amsg_exit
_memicmp
memcpy
malloc
free
strchr
wcschr
_wcslwr
_strupr
__CxxFrameHandler
_strlwr

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

GetProcAddress
GetStringTypeW
GetModuleHandleW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetCurrentThreadId
ReadFile
SetEnvironmentVariableA
OutputDebugStringA
OutputDebugStringW
CreateMutexA
CreateFileA
GetFileSize
GetCurrentProcess
GetFileAttributesA
GetWindowsDirectoryA
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetSystemDirectoryA
CreateThread
GetLastError
GetCurrentProcessId
GetLocaleInfoA
WaitForSingleObject
ReleaseMutex
GetVersionExA
LoadLibraryA
FindFirstFileW
FindNextFileW
FindClose
MulDiv
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CloseHandle
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetVersion

user32

LoadCursorA
GetCursorPos
GetClassNameA
GetParent
IsWindow
GetKeyboardState
GetKeyState
MessageBoxA
ShowWindow
ReleaseDC
GetDC
SendMessageA
LoadIconA
PostMessageA
RegisterClassA
DefWindowProcA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
ScreenToClient
PtInRect
GetClientRect
GetSystemMetrics
IntersectRect

gdi32

GetStockObject
GetDeviceCaps

advapi32

AdjustTokenPrivileges
RegLoadKeyA
RegRestoreKeyA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreate
VariantInit

Exports

Exports

IDMMzCC_DownloadAllWithIDM
IDMMzCC_DownloadLast10FLVwithIDM
IDMMzCC_DownloadLastFLVwithIDM
IDMMzCC_DownloadLinkWithIDM
IDMMzCC_GetListenerState
IDMMzCC_InitCC
IDMMzCC_Observe
IDMMzCC_OnGetSelectedTabID
IDMMzCC_OnME
IDMMzCC_OnTabSelect
IDMMzCC_OnUnload
IDMMzCC_ShouldLoad
IDMMzCC_ShouldLoad2
IDMMzCC_ShouldLoad_old1

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmcchandler7_64.dll
.dll windows:5 windows x64

b9a2cded53c9b46dd07fb64c1c0c52fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:b2:55:0b:e4:65:a9:37:71:a4:c3:c3:0f:fa:b5:11:fb:f0:4b:bf:1f:e1:03:91:6a:2a:52:28:7c:53:9b:e2
Signer

Actual PE Digest

f7:b2:55:0b:e4:65:a9:37:71:a4:c3:c3:0f:fa:b5:11:fb:f0:4b:bf:1f:e1:03:91:6a:2a:52:28:7c:53:9b:e2

Digest Algorithm

sha256

PE Digest Matches

true

1a:5f:be:41:d0:8f:ef:d3:c5:c9:62:85:7c:8b:f6:e7:21:26:5c:ff
Signer

Actual PE Digest

1a:5f:be:41:d0:8f:ef:d3:c5:c9:62:85:7c:8b:f6:e7:21:26:5c:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wininet

InternetCombineUrlA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

ReleaseMutex
WaitForSingleObject
GetLocaleInfoA
GetStringTypeW
GetCurrentProcessId
GetLastError
CreateThread
LoadLibraryA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
GetWindowsDirectoryA
FindFirstFileW
GetVersionExA
GetCurrentProcess
GetFileSize
CreateFileA
CreateMutexA
OutputDebugStringW
OutputDebugStringA
SetEnvironmentVariableA
ReadFile
GetCurrentThreadId
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
RtlVirtualUnwind
FindNextFileW
FindClose
MulDiv
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CloseHandle
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
GetSystemTimeAsFileTime

user32

PostMessageA
ShowWindow
ReleaseDC
GetDC
SendMessageA
IntersectRect
GetSystemMetrics
GetClientRect
PtInRect
ScreenToClient
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
DefWindowProcA
RegisterClassA
LoadCursorA
LoadIconA
MessageBoxA
GetKeyState
GetKeyboardState
IsWindow
GetParent
GetClassNameA
GetCursorPos

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegLoadKeyA
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyA
RegRestoreKeyA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

msvcr90

_mbsstr
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
_i64toa
memcmp
isdigit
memchr
_i64tow
_wtoi64
strncmp
sprintf
wcsncmp
_itoa
atoi
_strnicmp
isalpha
isalnum
isspace
strncpy
strpbrk
wcsncpy
strchr
free
malloc
memcpy
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcsrchr
_snwprintf
wcsstr
__CxxFrameHandler3
_CxxThrowException
_stricmp
memmove
swscanf
memset
strrchr
wcschr
wcspbrk
_wcslwr
_wcsnicmp
fclose
sscanf
fgets
_wfopen
_wsplitpath
_wcsicmp
_snprintf
strstr
_strupr
iswdigit
_strlwr

Exports

Exports

IDMMzCC_DownloadAllWithIDM
IDMMzCC_DownloadLast10FLVwithIDM
IDMMzCC_DownloadLastFLVwithIDM
IDMMzCC_DownloadLinkWithIDM
IDMMzCC_GetListenerState
IDMMzCC_InitCC
IDMMzCC_Observe
IDMMzCC_OnGetSelectedTabID
IDMMzCC_OnME
IDMMzCC_OnTabSelect
IDMMzCC_OnUnload
IDMMzCC_ShouldLoad
IDMMzCC_ShouldLoad2
IDMMzCC_ShouldLoad_old1

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmfsa.dll
.dll regsvr32 windows:4 windows x86

6dd8e34e93a2e5e32c852e32b49f970d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTime
FlushFileBuffers
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FreeLibrary
CreateFileW
SetFileAttributesW
GetProcAddress
LoadLibraryA
GetModuleHandleA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
SystemTimeToFileTime
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
lstrcpyA
lstrcatA
SetFileTime
WideCharToMultiByte
GetFileAttributesW
CopyFileW
DeleteFileW
CreateDirectoryW
MoveFileW
GetModuleFileNameA
GetVersionExA
GetCurrentProcess
GetLastError
LocalAlloc
LocalFree
EnterCriticalSection
CloseHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
LCMapStringA
LCMapStringW
ExitProcess
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA

ole32

CoTaskMemRealloc
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

RegisterTypeLi
BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VarUI4FromStr
SysAllocString
LoadTypeLi
BSTR_UserUnmarshal
LoadRegTypeLi
SysStringLen

rpcrt4

NdrStubForwardingFunction
NdrStubCall2
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 121B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmftype.dll
.dll windows:4 windows x86

37434fe31c525527aa4fd9f7c992e050

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2010, 00:00

Not After

01/06/2013, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7a:a2:2b:0f:0b:ed:c5:8d:27:91:b2:04:76:91:cd:38:08:fb:85:e2
Signer

Actual PE Digest

7a:a2:2b:0f:0b:ed:c5:8d:27:91:b2:04:76:91:cd:38:08:fb:85:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

toupper
isspace
ctime
gmtime
asctime
_strnicmp
strncmp
memcpy
?terminate@@YAXXZ
??1type_info@@UAE@XZ
isupper
_initterm
_amsg_exit
_adjust_fdiv
islower
realloc
_snprintf
strcspn
_stricmp
tolower
malloc
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
fclose
fseek
fread
fopen
free
strchr
_vsnprintf
_XcptFilter
__CxxFrameHandler
_CxxThrowException

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetVersion
GetSystemTimeAsFileTime

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

IDMExtensionForMimeType
IDMFileType

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmindex.dll
.dll windows:5 windows x86

1ed5468e84d27b94a9ff70787d506d89

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
realloc
malloc
memmove
_beginthreadex
strncmp
memset
memcpy
_endthreadex
_msize
free
_localtime64_s

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
RtlUnwind
GetCurrentThreadId
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileA
DeleteFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
UnlockFile
UnlockFileEx
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
GetSystemInfo
GetVersion
FlushViewOfFile
InterlockedCompareExchange
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WaitForSingleObject
WriteFile
WideCharToMultiByte
UnmapViewOfFile

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmmkb.dll
.dll windows:4 windows x86

ee6e43d3e5c04d81927550ae454ef797

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetVersionExA
GetProcAddress
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryW
GlobalFree

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetKeyState

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

msvcrt

_adjust_fdiv
malloc
_initterm
free
time
_wsplitpath
wcschr
_wcsicmp
swprintf
wcsrchr
wcslen
wcscpy
atoi
strchr
strncpy
_snprintf
__CxxFrameHandler

Exports

Exports

GetAltState
GetCtrlState
InstallHook
InstallMouseHook
NeedForce
NeedPrevent
RemoveHook
RemoveMouseHook

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmmzcc.xpi
.zip .ps1
IDM6.27.2/idmmzcc2.xpi
.zip
IDM6.27.2/idmmzcc7.dll
.dll windows:5 windows x86

c64e342b89227a7d4cd3463ca8e1ebee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
_amsg_exit
_XcptFilter
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
_snwprintf
_snprintf
strncpy
atoi
wcsrchr
strchr
__CxxFrameHandler

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

kernel32

LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetModuleHandleA
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetProcAddress

user32

MessageBoxA

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetListenerState
InitCC
NSModule
OnStartup

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmmzcc7_64.dll
.dll windows:5 windows x64

a2c1e36c591eb85bc753627370e54536

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
GetTickCount
GetModuleFileNameW
GetModuleHandleA
QueryPerformanceCounter
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryW
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
RtlCaptureContext

user32

MessageBoxA

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA

msvcr90

??3@YAXPEAX@Z
_encode_pointer
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_wcsicmp
_snwprintf
_snprintf
strncpy
atoi
__CxxFrameHandler3
wcsrchr
strchr
??2@YAPEAX_K@Z

Exports

Exports

GetListenerState
InitCC
NSModule
OnStartup

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmtdi.cat
IDM6.27.2/idmtdi.inf
IDM6.27.2/idmtdi32.sys
.sys windows:6 windows x86

1c0ffe4751b4e8069173bca3d14e619f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:78:00:c5:cc:d6:c7:d3:54:51:6a:94:55:4b:4d:78:70:d1:06:0c:3f:3d:92:7f:8d:f3:34:67:5e:75:04:c1
Signer

Actual PE Digest

aa:78:00:c5:cc:d6:c7:d3:54:51:6a:94:55:4b:4d:78:70:d1:06:0c:3f:3d:92:7f:8d:f3:34:67:5e:75:04:c1

Digest Algorithm

sha256

PE Digest Matches

true

38:db:6b:40:65:37:6c:50:10:8e:f6:f7:07:83:d9:74:f9:05:ec:f4
Signer

Actual PE Digest

38:db:6b:40:65:37:6c:50:10:8e:f6:f7:07:83:d9:74:f9:05:ec:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryValueKey
ZwOpenKey
IoDeleteDevice
ObfDereferenceObject
ObfReferenceObject
IoCreateDriver
RtlAppendUnicodeToString
RtlCopyUnicodeString
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeDelayExecutionThread
ZwYieldExecution
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
PsGetVersion
MmGetSystemRoutineAddress
InitSafeBootMode
InterlockedIncrement
ExAllocatePoolWithTag
InterlockedDecrement
ZwQuerySystemInformation
IofCompleteRequest
KeLeaveCriticalRegion
KeUnstackDetachProcess
KeStackAttachProcess
KeEnterCriticalRegion
_except_handler3
PsLookupProcessByProcessId
IoGetRequestorProcessId
memset
KeRestoreFloatingPointState
KeSaveFloatingPointState
IoQueueWorkItem
IoAllocateWorkItem
_strnicmp
ZwWriteFile
memmove
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
_purecall
IoFreeMdl
InterlockedCompareExchange
MmBuildMdlForNonPagedPool
IoAllocateMdl
memcpy
IoFreeWorkItem
KeResetEvent
KeSetEvent
ZwClose
ExEventObjectType
KeQuerySystemTime
strspn
tolower
InterlockedExchange
IofCallDriver
InterlockedExchangeAdd
KeGetCurrentThread
IoFreeIrp
IoAllocateIrp
IoCancelIrp
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
KeClearEvent
IoReleaseRemoveLockEx
IoGetRelatedDeviceObject
RtlCompareMemory
strncpy
wcschr
towlower
_wcsnicmp
strncmp
wcsncmp
_wcsicmp
_stricmp
wcsstr
strstr
strchr
wcsspn
_allmul
IoCreateDevice
RtlInitUnicodeString
IoAttachDevice
IoInitializeRemoveLockEx
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
RtlAddAccessAllowedAce
RtlLengthSid
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
IoAcquireRemoveLockEx
ExFreePoolWithTag
ObReferenceObjectByHandle
KeInitializeSpinLock
KeBugCheckEx

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

tdi.sys

TdiCopyMdlToBuffer
TdiCopyBufferToMdl
TdiMapUserRequest

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmtdi64.sys
.sys windows:6 windows x64

fbbdeaffe6605bd3a75b818fd6c3fdd5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:be:59:f8:2c:a4:3c:86:4f:4b:e3:fd:ee:16:7e:4b:c1:1d:92:d1:62:25:3e:35:e5:95:95:b1:c2:d2:f8:72
Signer

Actual PE Digest

2f:be:59:f8:2c:a4:3c:86:4f:4b:e3:fd:ee:16:7e:4b:c1:1d:92:d1:62:25:3e:35:e5:95:95:b1:c2:d2:f8:72

Digest Algorithm

sha256

PE Digest Matches

true

64:0b:cb:3d:b8:3c:e0:d9:a9:7f:47:b9:42:01:31:2a:cf:99:fe:63
Signer

Actual PE Digest

64:0b:cb:3d:b8:3c:e0:d9:a9:7f:47:b9:42:01:31:2a:cf:99:fe:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeReleaseInStackQueuedSpinLock
ZwYieldExecution
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlGetVersion
KeAcquireInStackQueuedSpinLock
IoDetachDevice
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
ZwQueryValueKey
InitSafeBootMode
ZwClose
IoReleaseRemoveLockAndWaitEx
PsRemoveLoadImageNotifyRoutine
IoAttachDevice
ObfReferenceObject
IoCreateSymbolicLink
RtlCopyUnicodeString
ObfDereferenceObject
IoCreateDriver
IoInitializeRemoveLockEx
IoCreateDevice
ZwOpenKey
ExAllocatePoolWithTag
ZwQuerySystemInformation
PsGetProcessPeb
KeLeaveCriticalRegion
PsLookupProcessByProcessId
KeUnstackDetachProcess
KeEnterCriticalRegion
IofCompleteRequest
IoGetRequestorProcessId
KeStackAttachProcess
_strnicmp
ZwReadFile
ZwCreateFile
IoAllocateWorkItem
IoQueueWorkItem
ZwQueryInformationFile
ZwWriteFile
MmBuildMdlForNonPagedPool
IoFreeMdl
_purecall
IoAllocateMdl
KeResetEvent
KeSetEvent
PsSetLoadImageNotifyRoutine
ExEventObjectType
ObReferenceObjectByHandle
strspn
tolower
IofCallDriver
KeClearEvent
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
KeInitializeEvent
IoReleaseRemoveLockEx
IoCancelIrp
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
RtlCompareMemory
wcschr
_stricmp
_wcsicmp
towlower
strncmp
_wcsnicmp
strstr
strchr
strncpy
wcsstr
wcsspn
wcsncmp
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
ExFreePoolWithTag
IoDeleteSymbolicLink
IoFreeWorkItem
IoAcquireRemoveLockEx
KeBugCheckEx
__C_specific_handler

tdi.sys

TdiCopyMdlToBuffer
TdiCopyBufferToMdl
TdiMapUserRequest

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmvconv.dll
.dll windows:5 windows x86

9ccb9d855512890e4c12a487afeaf0aa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
ReadFile
GetLastError
WriteFile
CreateFileW
CloseHandle
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
GetModuleHandleA

Exports

Exports

ConvertFlvToMp4
ConvertTsToMp4
IsFormatSupported
IsFormatSupported2
MuxMKVAndMKVToMKV
MuxMP4AndMKVToMKV

Sections

.text
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmvs.dll
.dll windows:4 windows x86

e07e00e45407ff0dd6abc9eaa981fa7b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:8e:01:63:cf:da:3a:b6:fb:73:13:64:d5:c1:8b:22:a7:a2:af:ab:89:21:01:b0:e4:9e:bb:87:44:ba:1b:dd
Signer

Actual PE Digest

82:8e:01:63:cf:da:3a:b6:fb:73:13:64:d5:c1:8b:22:a7:a2:af:ab:89:21:01:b0:e4:9e:bb:87:44:ba:1b:dd

Digest Algorithm

sha256

PE Digest Matches

true

66:18:23:95:49:c1:1f:4b:5b:90:58:ec:d0:b1:53:1b:bc:3b:dd:ee
Signer

Actual PE Digest

66:18:23:95:49:c1:1f:4b:5b:90:58:ec:d0:b1:53:1b:bc:3b:dd:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
_adjust_fdiv
free

Exports

Exports

GetBaseBuild
GetChrExtV
GetFullVersion
GetLKFFAV
GetMzCCExtV
GetMzCCV
GetVBuild
GetVDate
GetVersion1
GetVersion2

Sections

.text
Size: 4KB - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 407B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmwfp.cat
IDM6.27.2/idmwfp.inf
IDM6.27.2/idmwfp32.sys
.sys windows:6 windows x86

9e5b4a88ab57963502b6220ceb0cb5e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedCompareExchange
MmBuildMdlForNonPagedPool
IoAllocateMdl
memcpy
IoFreeWorkItem
KeResetEvent
KeSetEvent
ObfReferenceObject
ObReferenceObjectByHandle
ExEventObjectType
KeQuerySystemTime
strspn
tolower
KeDelayExecutionThread
IoFreeIrp
KeWaitForSingleObject
KeInitializeEvent
IoAllocateIrp
IoReuseIrp
strncpy
wcschr
towlower
_wcsnicmp
strncmp
wcsncmp
_wcsicmp
MmGetSystemRoutineAddress
strstr
strchr
wcsspn
_allmul
IoFreeMdl
RtlGetVersion
IoCreateSymbolicLink
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
IoDeleteSymbolicLink
IoDeleteDevice
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
RtlAddAccessAllowedAce
RtlLengthSid
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
_purecall
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
memmove
ZwWriteFile
_strnicmp
IoAllocateWorkItem
IoQueueWorkItem
KeSaveFloatingPointState
KeRestoreFloatingPointState
IoGetRequestorProcessId
PsLookupProcessByProcessId
ObfDereferenceObject
_except_handler3
PsGetProcessPeb
KeEnterCriticalRegion
KeStackAttachProcess
KeUnstackDetachProcess
KeLeaveCriticalRegion
IofCompleteRequest
ZwQuerySystemInformation
InterlockedDecrement
InterlockedIncrement
ExAllocatePoolWithTag
_stricmp
InitSafeBootMode
ZwClose
memset
ExFreePoolWithTag
wcsstr
KeInitializeSpinLock
PsGetVersion
ExAllocatePoolWithQuotaTag
RtlImageDirectoryEntryToData
RtlUnwind
KeBugCheckEx

hal

KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
KeAcquireInStackQueuedSpinLock

ndis.sys

NdisGetDataBuffer
NdisAllocateGenericObject
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeGenericObject

fwpkclnt.sys

FwpsAllocateCloneNetBufferList0
FwpsInjectTransportSendAsync0
FwpmFilterCreateEnumHandle0
FwpmFilterEnum0
FwpmFilterDeleteByKey0
FwpmFreeMemory0
FwpmFilterDestroyEnumHandle0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsCalloutUnregisterById0
FwpsCalloutRegister0
FwpsFreeCloneNetBufferList0
FwpsAllocateNetBufferAndNetBufferList0
FwpsCopyStreamDataToBuffer0
FwpsStreamInjectAsync0
FwpsFlowRemoveContext0
FwpsFlowAssociateContext0
FwpsFreeNetBufferList0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpmEngineOpen0
FwpmTransactionBegin0
FwpmSubLayerAdd0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmEngineClose0
FwpsQueryPacketInjectionState0

netio.sys

WskReleaseProviderNPI
WskCaptureProviderNPI
WskDeregister
WskRegister

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/idmwfp64.sys
.sys windows:6 windows x64

ce19ab50b155d1b03a2309af52c90771

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeResetEvent
KeSetEvent
IoFreeWorkItem
ExEventObjectType
ObReferenceObjectByHandle
ObfReferenceObject
strspn
tolower
IoReuseIrp
KeInitializeEvent
KeDelayExecutionThread
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
wcschr
_wcsicmp
towlower
strncmp
_wcsnicmp
strstr
strchr
strncpy
wcsstr
ZwQueryValueKey
wcsncmp
IoAllocateMdl
PsSetCreateProcessNotifyRoutine
KeAcquireInStackQueuedSpinLock
RtlGetVersion
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateDevice
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
_purecall
IoFreeMdl
MmBuildMdlForNonPagedPool
ZwWriteFile
ZwQueryInformationFile
IoQueueWorkItem
IoAllocateWorkItem
ZwCreateFile
ZwReadFile
_strnicmp
KeStackAttachProcess
ObfDereferenceObject
IoGetRequestorProcessId
IofCompleteRequest
KeEnterCriticalRegion
KeUnstackDetachProcess
PsLookupProcessByProcessId
KeLeaveCriticalRegion
PsGetProcessPeb
ZwQuerySystemInformation
ExAllocatePoolWithTag
_stricmp
ZwOpenKey
IoCreateSymbolicLink
PsRemoveLoadImageNotifyRoutine
ZwClose
IoDeleteSymbolicLink
InitSafeBootMode
RtlInitUnicodeString
KeReleaseInStackQueuedSpinLock
PsSetLoadImageNotifyRoutine
ExFreePoolWithTag
wcsspn
PsGetVersion
ExAllocatePoolWithQuotaTag
RtlImageDirectoryEntryToData
__C_specific_handler
KeBugCheckEx

ndis.sys

NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisAllocateGenericObject
NdisGetDataBuffer
NdisFreeGenericObject

fwpkclnt.sys

FwpsCalloutUnregisterById0
FwpsFreeCloneNetBufferList0
FwpsQueryPacketInjectionState0
FwpmCalloutAdd0
FwpmFilterDeleteByKey0
FwpsAllocateCloneNetBufferList0
FwpmFilterEnum0
FwpsCalloutRegister0
FwpmFilterDestroyEnumHandle0
FwpmFilterAdd0
FwpsInjectTransportSendAsync0
FwpmFreeMemory0
FwpsAllocateNetBufferAndNetBufferList0
FwpsCopyStreamDataToBuffer0
FwpsStreamInjectAsync0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsFreeNetBufferList0
FwpmSubLayerAdd0
FwpsInjectionHandleDestroy0
FwpsInjectionHandleCreate0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmEngineOpen0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmFilterCreateEnumHandle0

netio.sys

WskDeregister
WskReleaseProviderNPI
WskCaptureProviderNPI
WskRegister

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM6.27.2/用户配置.reg

Sharing

General

Malware Config

Signatures

Files

f811252742cee99958ced610cdfd96ef

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9eCertificate

Extended Key Usages

Key Usages

3b:17:36:10:d3:f1:9e:b0:b4:cd:13:9f:ed:8e:66:47:32:f8:61:32Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 182B

4caeeb1aa31857dc0ccf78ea18cdb570

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

381ecb1e5320448e597c487d572438dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

3b:17:36:10:d3:f1:9e:b0:b4:cd:13:9f:ed:8e:66:47:32:f8:61:32
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 182B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 542B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

73:6e:ca:c5:3c:a7:07:3e:2e:67:31:ca:14:24:07:bc:c5:ca:15:34:97:df:30:b5:be:5f:88:68:4c:8f:b4:0c
Signer

77:c7:25:7b:cd:26:aa:17:55:6f:63:b3:00:0d:f3:1b:b4:80:a1:63
Signer