00819168e1a9dc3e588c7f96973175d23d9a2cb3aeba4d185c3773aeb1a75ab9[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

00819168e1a9dc3e588c7f96973175d23d9a2cb3aeba4d185c3773aeb1a75ab9.zip.zip
Size

5.5MB
MD5

9116547daeb3213d003deadd1eb0c31d
SHA1

cba80cf6f4e381dc963b30b7b4f13d7007838c5d
SHA256

d82aadd3332d5302851bff734bf5c07d01265a2630a66fe959fb894964cb2d4f
SHA512

ed6a1631c600abd281553b049ec1774100e40f070be6bbcc7b0e7402a7f354b4a9c41c1c7b37c2253436d896165d98cf4458cc57b4f819b6090db8264a4b2deb
SSDEEP

98304:mHLHw81D9b4oPL8f62wT4dhDKYT7OoSgoV+ItxZOKcMQM+Qms:AHjx6oj7CDKQ7OoSwQaMcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack003/EmgUsb.dll
unpack003/PreInstaller.exe
unpack003/SiUSBXp.dll
unpack003/eManagerII.exe
unpack003/e_manage2JP.dll
unpack003/e_manage2US.dll
unpack003/emng2uni.exe
unpack003/emng2uni2k.exe
unpack003/emng2usb.sys
unpack003/mfc42.dll
unpack003/silib.sys
unpack002/1.09_1.09_full/DISK/setup.exe
unpack002/1.09_1.09_full/PreInstaller.exe
unpack002/1.09_1.09_full/emng2uni.exe
unpack002/1.09_1.09_full/emng2uni2k.exe
unpack002/1.09_1.09_full/emng2usb.sys
unpack002/1.09_1.09_full/silib.sys

Files

00819168e1a9dc3e588c7f96973175d23d9a2cb3aeba4d185c3773aeb1a75ab9.zip.zip
.zip

Password: infected
00819168e1a9dc3e588c7f96973175d23d9a2cb3aeba4d185c3773aeb1a75ab9.zip
.zip
1.09_1.09_full/AUTORUN.INF
1.09_1.09_full/DISK/0x0409.ini
1.09_1.09_full/DISK/0x0411.ini
1.09_1.09_full/DISK/1033.mst
1.09_1.09_full/DISK/1041.mst
1.09_1.09_full/DISK/Data1.cab
.cab
EmgUsb.dll
.dll windows:4 windows x86

507d8257edae6d323a161615d39097e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

siusbxp

ord11
ord10
ord12
ord6
ord7
ord1
ord2
ord5
ord3
ord9
ord13

kernel32

HeapDestroy
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

EMGUSB_CheckInQue
EMGUSB_Close
EMGUSB_FlushBuffer
EMGUSB_GetTimeouts
EMGUSB_IsConnected
EMGUSB_Open
EMGUSB_Read
EMGUSB_SetBaudrate
EMGUSB_SetTimeouts
EMGUSB_Write

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GSC02_U.bin
MSFLXGRD.OCX
.dll regsvr32 windows:4 windows x86

138f160cfefa07306f399d9bfa41ad11

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 07:00

Not After

31-12-1999 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 07:00

Not After

31-12-1999 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

19-03-1999 00:00

Not After

16-04-2000 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetStringTypeA
GetStringTypeW
GlobalFree
LCMapStringA
LCMapStringW
GlobalLock
GlobalSize
GetVersionExA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
GetCommandLineA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
HeapReAlloc
GetModuleFileNameA
InterlockedDecrement
MultiByteToWideChar
GetProfileStringA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiA
lstrcpynA
InterlockedIncrement
GlobalUnlock
GlobalAlloc
lstrcmpA
HeapAlloc
lstrcatA
HeapFree
WideCharToMultiByte
lstrlenW
lstrcpyA
lstrlenA
MulDiv
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
IsDBCSLeadByte
InterlockedExchange

user32

GetDlgItemInt
IsDlgButtonChecked
RegisterWindowMessageA
PeekMessageA
SetFocus
GetFocus
GetSysColor
GetSystemMetrics
FillRect
PeekMessageW
PostMessageW
SetWindowPos
GetDlgItem
SendDlgItemMessageA
InvalidateRect
GetActiveWindow
DialogBoxParamA
EndDialog
GetWindowRect
SetDlgItemInt
MoveWindow
SetDlgItemTextA
GetDlgItemTextA
GetClipboardFormatNameA
MapWindowPoints
SetCursorPos
RegisterClipboardFormatA
UnregisterClassA
CreateDialogIndirectParamA
IsChild
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
ShowWindow
SetWindowRgn
IntersectRect
EqualRect
GetParent
ClientToScreen
GetWindow
BeginPaint
EndPaint
SendMessageA
MessageBeep
wsprintfA
DestroyWindow
GetWindowLongA
SetWindowLongA
DrawTextA
DrawTextExA
CheckDlgButton
ReleaseCapture
KillTimer
DrawFocusRect
SetTimer
SetCapture
SetCursor
DefWindowProcA
EnableWindow
GetCursorPos
ScreenToClient
PtInRect
PostMessageA
DrawEdge
FrameRect
InflateRect
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
CharNextA
GetKeyState
SetRect
UpdateWindow
IsWindow
GetScrollRange
ScrollWindow
OffsetRect
SetScrollRange
GetClientRect
SetScrollPos
CreateWindowExA
IsWindowVisible
LoadStringA
MessageBoxA
SetParent

ole32

CreateOleAdviseHolder
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CoCreateInstance
OleLoadFromStream
OleSaveToStream
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
VariantClear
SysAllocString
GetErrorInfo
SysAllocStringLen
SysStringLen
VariantInit
VariantChangeType
OleCreatePictureIndirect
SysFreeString
OleTranslateColor
SafeArrayRedim
OleCreateFontIndirect

gdi32

SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
SetWindowOrgEx
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
SelectPalette
RealizePalette
GetDIBits
GetPaletteEntries
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
CreatePen
DeleteObject
CreateSolidBrush
SelectObject
GetObjectA
DeleteDC
StretchBlt
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsA
RestoreDC
ExcludeClipRect
SaveDC
LineTo
MoveToEx
SetTextColor
SetBkMode
GetCurrentPositionEx
SetViewportExtEx
SetWindowExtEx
DPtoLP
SetMapMode
GetTextColor
CreateBitmap
EnumFontFamiliesExA
GetDeviceCaps
GetTextExtentPoint32A
CreateFontIndirectA
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSHFLXGD.OCX
.dll regsvr32 windows:4 windows x86

56ac46dcc88f67428b0149d3d554a99b

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 07:00

Not After

31-12-1999 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 07:00

Not After

31-12-1999 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

19-03-1999 00:00

Not After

16-04-2000 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

olepro32

ord253
ord254
ord252
ord250

comctl32

ImageList_Destroy
ImageList_LoadImageA

kernel32

Sleep
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
HeapSize
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
SetLastError
GetCurrentThread
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
TlsGetValue
VirtualAlloc
IsBadCodePtr
GetStdHandle
GetFileType
WriteFile
IsValidLocale
IsValidCodePage
GetUserDefaultLCID
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
CloseHandle
SetStdHandle
SetFilePointer
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsDBCSLeadByte
GetVersionExA
GlobalFree
TlsSetValue
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpA
TlsFree
TlsAlloc
ExitProcess
GetCurrentThreadId
FatalAppExitA
RaiseException
GetModuleHandleA
GetCommandLineA
GetVersion
RtlUnwind
GetFileAttributesA
LoadResource
DisableThreadLibraryCalls
FindResourceA
lstrcmpiA
LockResource
GetLastError
GetLocaleInfoA
HeapReAlloc
GetProcAddress
GetModuleFileNameA
LoadLibraryA
GetWindowsDirectoryA
lstrcmpiW
IsBadReadPtr
GetProfileStringA
MulDiv
lstrcpynA
FormatMessageA
FreeLibrary
lstrcpyA
MultiByteToWideChar
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
InterlockedIncrement
UnhandledExceptionFilter
lstrlenA
lstrlenW
lstrcmpW
lstrcatA
LCMapStringA
LCMapStringW
GlobalAlloc
WideCharToMultiByte
GetProcessHeap
HeapAlloc
HeapFree
InterlockedDecrement
LocalFree
IsBadWritePtr

user32

SetCursorPos
GetSysColor
PostMessageW
PeekMessageW
UnregisterClassA
CreateDialogIndirectParamA
IsChild
IsWindowEnabled
GetNextDlgTabItem
MapWindowPoints
GetClipboardFormatNameA
ScrollWindowEx
GetCapture
CallWindowProcA
ShowWindow
SetWindowRgn
IntersectRect
EqualRect
ClientToScreen
CharNextA
GetWindow
RegisterClipboardFormatA
WinHelpA
IsDialogMessageA
EndDialog
BeginPaint
EndPaint
SetParent
IsWindowVisible
CreateWindowExA
DestroyWindow
LoadBitmapA
SetDlgItemInt
CheckDlgButton
GetDlgItem
GetDlgItemInt
IsDlgButtonChecked
SetFocus
InvalidateRect
GetActiveWindow
DialogBoxParamA
PeekMessageA
GetWindowRect
MoveWindow
SendMessageA
MessageBeep
SendDlgItemMessageA
DrawTextExW
DrawTextExA
GetParent
GetSystemMetrics
FillRect
GetWindowLongA
SetWindowPos
DrawFocusRect
SetTimer
ReleaseCapture
SetCapture
SetCursor
DefWindowProcA
EnableWindow
GetCursorPos
ScreenToClient
PtInRect
PostMessageA
DrawEdge
FrameRect
InflateRect
SetWindowLongA
LoadCursorA
RegisterClassA
RegisterWindowMessageA
SetRect
UpdateWindow
GetKeyState
IsWindow
GetScrollRange
ScrollWindow
OffsetRect
SetScrollRange
GetClientRect
SetScrollPos
ShowScrollBar
LoadStringA
MessageBoxA
GetDC
ReleaseDC
KillTimer
wsprintfA
GetFocus

ole32

CoCreateInstance
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
OleLoadFromStream
OleSaveToStream
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA

oleaut32

LoadTypeLi
SysStringByteLen
GetErrorInfo
VariantChangeType
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantCopyInd
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLibEx
VariantCopy
SysAllocStringLen
SysAllocStringByteLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayCopy

gdi32

GetWindowExtEx
SetWindowOrgEx
CreateDCA
SetViewportOrgEx
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
GetBitmapBits
CreatePalette
CreateDIBitmap
GetViewportExtEx
GetNearestColor
LPtoDP
DeleteObject
CreatePen
GetTextMetricsA
GetTextExtentPoint32W
CreateFontIndirectA
CreateSolidBrush
GetStockObject
SelectObject
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
ExcludeClipRect
SaveDC
RestoreDC
LineTo
MoveToEx
GetObjectA
Rectangle
SetBkMode
SetTextColor
SelectPalette
GetCurrentPositionEx
RealizePalette
SetWindowExtEx
DPtoLP
SetViewportExtEx
GetTextColor
CreateBitmap
SetMapMode
GetDeviceCaps
CreateRectRgnIndirect
CopyMetaFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PR_kPa_table.def
PreInstaller.exe
.exe windows:4 windows x86

85b5d65290228ded0f1c0d12d52c4a69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupCopyOEMInfA

mfc42

ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord617
ord641
ord800
ord2514
ord5301
ord5214
ord296
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2725
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord860
ord540
ord1576
ord2645
ord6215
ord3092
ord858
ord4129
ord5683
ord5572
ord2915
ord4160
ord2863
ord2379
ord755
ord470
ord537
ord6334
ord535
ord6283
ord6282
ord940
ord823
ord1200
ord2818
ord2614
ord6662
ord6877
ord6663
ord922
ord924
ord941
ord2764
ord939
ord926
ord6779
ord2763
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord2648
ord2370

msvcrt

__set_app_type
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mbscmp
__CxxFrameHandler
_setmbcp

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
ReadFile
CloseHandle
CreateFileA
GetWindowsDirectoryA
CopyFileA
SetEndOfFile
WriteFile
GetLastError
CreateDirectoryA
GetSystemDirectoryA
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetClientRect
EnableWindow
DrawIcon
GetSystemMenu
SendMessageA
GetSystemMetrics
AppendMenuA
IsIconic
LoadIconA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SiUSBXp.dll
.dll windows:4 windows x86

32dd6df42136f14dd7b8b87433517a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsSetValue
LocalAlloc
TlsAlloc
CloseHandle
DeviceIoControl
TlsGetValue
WriteFile
GetLastError
CreateFileA
GetVersionExA
LocalFree
GetTickCount
TlsFree
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegQueryValueExA
RegOpenKeyExA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

Exports

Exports

?SI_GetBaudRate@@YGHPAXPAK@Z
?SI_GetFlowControl@@YGHPAXPAE11111@Z
?SI_GetLineControl@@YGHPAXPAG@Z
?SI_Get_Chars@@YGHPAXPAE11111@Z
?SI_ResetDevice@@YGHPAX@Z
?SI_Set_Chars@@YGHPAXEEEEEE@Z
SI_CheckRXQueue
SI_Close
SI_DeviceIOControl
SI_FlushBuffers
SI_GetModemStatus
SI_GetNumDevices
SI_GetProductString
SI_GetTimeouts
SI_Open
SI_Read
SI_SetBaudDivisor
SI_SetBaudRate
SI_SetFlowControl
SI_SetLineControl
SI_SetTimeouts
SI_Write

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
af.dat
air_FL.idx
air_HW.idx
air_KR.idx
air_PR.idx
eManagerII.exe
.exe windows:4 windows x86

37dc698b9ac3f778eb29297a32f4a92e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3054
ord3425
ord3880
ord3810
ord941
ord922
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord5237
ord6374
ord5282
ord2649
ord1665
ord4436
ord2446
ord4427
ord674
ord366
ord2494
ord2626
ord2627
ord2087
ord4457
ord5252
ord4499
ord3870
ord2379
ord2645
ord6215
ord6209
ord4614
ord4613
ord1945
ord4273
ord3619
ord3573
ord3693
ord4589
ord5076
ord4341
ord4349
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord5290
ord3748
ord1726
ord4432
ord813
ord1641
ord560
ord3626
ord2414
ord5260
ord2535
ord4508
ord3078
ord4890
ord5875
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord5785
ord2754
ord6194
ord6021
ord1640
ord323
ord5788
ord4133
ord4297
ord6170
ord2859
ord4723
ord6129
ord3752
ord613
ord289
ord3571
ord6130
ord4899
ord4200
ord5787
ord283
ord5265
ord4853
ord4998
ord6052
ord1775
ord5241
ord5280
ord5261
ord4425
ord3597
ord324
ord4234
ord4376
ord4710
ord6453
ord3402
ord567
ord2135
ord818
ord1949
ord4034
ord4275
ord5981
ord3089
ord1841
ord1795
ord1802
ord940
ord2764
ord4278
ord2915
ord939
ord3318
ord1140
ord1997
ord5466
ord798
ord5194
ord533
ord6197
ord1105
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord6028
ord4588
ord4370
ord4892
ord4533
ord4340
ord4347
ord4889
ord4963
ord4960
ord6054
ord1725
ord2091
ord364
ord784
ord4241
ord5281
ord3496
ord4720
ord4994
ord3742
ord686
ord384
ord2862
ord2096
ord2123
ord6008
ord4000
ord3287
ord3914
ord2582
ord4402
ord3370
ord3640
ord693
ord3692
ord2393
ord2152
ord1233
ord1768
ord755
ord5791
ord470
ord4226
ord3227
ord2396
ord3346
ord5300
ord5303
ord2726
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord817
ord348
ord565
ord663
ord2233
ord1153
ord2243
ord2860
ord2405
ord1858
ord4245
ord5101
ord2101
ord5104
ord3351
ord976
ord4152
ord2382
ord5283
ord2445
ord401
ord5254
ord4458
ord4413
ord5031
ord4995
ord3721
ord795
ord3097
ord4123
ord4615
ord4612
ord4610
ord6403
ord3522
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord5302
ord4698
ord5714
ord3738
ord815
ord561
ord617
ord5301
ord5214
ord296
ord4159
ord2621
ord1134
ord411
ord2725
ord5710
ord4129
ord6195
ord668
ord2770
ord356
ord4464
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord4153
ord2383
ord4437
ord5255
ord3373
ord3651
ord796
ord529
ord402
ord4428
ord4021
ord6069
ord2086
ord3353
ord3579
ord5032
ord4216
ord2528
ord520
ord4907
ord6000
ord2117
ord6565
ord6619
ord2116
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord5284
ord4595
ord6862
ord6593
ord6931
ord6860
ord6880
ord2867
ord2527
ord482
ord6380
ord3876
ord2575
ord4396
ord3574
ord609
ord2302
ord6131
ord6216
ord4203
ord6379
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord5287
ord4835
ord768
ord489
ord2358
ord2289
ord2370
ord2361
ord4258
ord4854
ord4377
ord3317
ord6334
ord1133
ord4976
ord5849
ord2763
ord5572
ord2919
ord2360
ord3797
ord1908
ord1690
ord4439
ord2054
ord4431
ord771
ord497
ord4259
ord4715
ord1008
ord4417
ord5951
ord3095
ord5288
ord3920
ord1194
ord955
ord5805
ord2120
ord5883
ord2921
ord5884
ord554
ord3730
ord5064
ord1715
ord1710
ord5086
ord4366
ord3295
ord4268
ord1929
ord3175
ord1099
ord1664
ord3448
ord6241
ord2937
ord5890
ord3577
ord3352
ord4397
ord2576
ord4217
ord4644
ord692
ord3639
ord4401
ord3408
ord3758
ord6385
ord924
ord3177
ord4202
ord3495
ord355
ord2515
ord3499
ord5621
ord5600
ord4953
ord4858
ord354
ord350
ord5186
ord1199
ord5442
ord5773
ord1979
ord665
ord3663
ord3616
ord3127
ord5651
ord4823
ord338
ord501
ord652
ord773
ord4426
ord4623
ord3136
ord6175
ord6080
ord4219
ord2024
ord1576
ord3198
ord3454
ord4387
ord2399
ord4420
ord5653
ord3172
ord5577
ord1746
ord5740
ord5243
ord2542
ord2510
ord6336
ord3065
ord3058
ord4696
ord4238
ord1825
ord823
ord4497
ord5063
ord5607
ord3977
ord3994
ord998
ord1083
ord2385
ord2688
ord2776
ord2642

msvcrt

_CxxThrowException
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
time
strncpy
sscanf
fopen
fread
fclose
strstr
strchr
sprintf
atol
atof
_splitpath
_ftol
atoi
_mbscmp
__CxxFrameHandler
calloc
_mbsicmp
free
_purecall
isdigit
isalpha
memmove
malloc
rand
realloc
_CIpow
toupper
wcscmp
wcsstr
_wcslwr
_itow
qsort
_mbctype
_setmbcp

kernel32

lstrcpynA
GetCurrentDirectoryA
CreateThread
SetThreadPriority
GetCurrentThreadId
SetFilePointer
SizeofResource
InterlockedIncrement
GetVersionExA
FindResourceA
CreateFileA
ReadFile
InterlockedDecrement
SetFileAttributesA
LockResource
GetLastError
MultiByteToWideChar
LocalFree
GetStartupInfoA
FreeLibrary
LoadLibraryA
lstrcmpA
GetModuleHandleA
GetProcAddress
WaitForMultipleObjects
Sleep
ResumeThread
WaitForSingleObject
SetEvent
ResetEvent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
GetUserDefaultLCID
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
MulDiv
GetModuleFileNameA
GetTempFileNameA
lstrcpyA
lstrlenA
DeleteFileA
LoadResource

user32

AppendMenuA
WinHelpA
SendNotifyMessageA
wsprintfA
MsgWaitForMultipleObjects
PeekMessageA
UpdateWindow
GetLastActivePopup
GetForegroundWindow
CopyRect
GetNextDlgTabItem
ScreenToClient
SetRectEmpty
InvertRect
DispatchMessageA
OffsetRect
GetMessageA
GetCapture
IsRectEmpty
GetDCEx
LockWindowUpdate
GetDesktopWindow
IntersectRect
GetWindowPlacement
IsIconic
DestroyAcceleratorTable
MapVirtualKeyA
TranslateMessage
DestroyCursor
MoveWindow
MapWindowPoints
IsChild
ShowWindow
SetParent
GetMenuItemID
GetMenuItemInfoA
IsMenu
MessageBeep
ShowCaret
HideCaret
GetDlgCtrlID
GetMenuState
GetMenuDefaultItem
GetClassLongA
DrawStateA
SetMenu
GetMenu
IsClipboardFormatAvailable
EqualRect
DrawFocusRect
SetWindowPos
GetMessagePos
GetWindow
CopyIcon
GetIconInfo
CreateIconIndirect
DrawIconEx
RegisterClipboardFormatA
CopyAcceleratorTableA
IsCharLowerA
ClientToScreen
MapVirtualKeyExA
GetKeyboardLayout
WindowFromPoint
CreatePopupMenu
UnhookWindowsHookEx
SetWindowsHookExA
SetCursorPos
EndDeferWindowPos
BeginDeferWindowPos
BringWindowToTop
UnionRect
DrawFrameControl
CallWindowProcA
GetWindowTextA
GetDlgItem
GetClipboardFormatNameA
RedrawWindow
GetSystemMetrics
SetWindowRgn
GetSysColorBrush
RegisterClassExA
SetRect
DestroyIcon
GetWindowLongA
SetWindowLongA
LoadImageA
GetCursorPos
SetFocus
LoadBitmapA
GetFocus
EnumChildWindows
SystemParametersInfoA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetKeyState
InflateRect
GrayStringA
DrawTextA
TabbedTextOutA
ShowScrollBar
ReleaseCapture
SetCapture
GetDC
ReleaseDC
FillRect
IsWindow
DestroyMenu
EnableWindow
KillTimer
PtInRect
LoadCursorA
SetCursor
PostMessageA
SetTimer
InvalidateRect
IsWindowVisible
RemoveMenu
GetMenuItemCount
GetSubMenu
GetClientRect
GetWindowRect
LoadMenuA
GetSysColor
CallNextHookEx
GetMenuStringA
GetKeyNameTextA
GetParent
GetSystemMenu
DeleteMenu
EnableMenuItem
LoadIconA
SendMessageA

gdi32

GetObjectA
GetTextAlign
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
Rectangle
CreateHalftonePalette
LPtoDP
CreateCompatibleBitmap
GetMapMode
DPtoLP
GetBkColor
BitBlt
ResetDCA
GetDeviceCaps
CreateFontA
CreatePen
CreateSolidBrush
CreatePalette
GetDIBColorTable
CombineRgn
RealizePalette
CreateFontIndirectA
GetStockObject
CreateCompatibleDC
GetTextExtentPoint32A
StartPage
StartDocA
EndPage
EndDoc
DeleteObject
SelectObject
GetPixel
PatBlt
SetPixel
EnumFontFamiliesExA
Polygon
GetTextColor
GetTextCharsetInfo
StretchBlt
CreateDIBSection
GetDIBits
SetDIBits
CreateRectRgnIndirect
Polyline
CreatePatternBrush
CreateBitmap
ExtFloodFill
Ellipse
GetRgnBox
CreatePolygonRgn
RoundRect
CreateRectRgn

shell32

DragFinish
DragQueryFileA

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Add
ImageList_Draw
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_Remove
ImageList_GetIconSize

emgusb

EMGUSB_Close
EMGUSB_IsConnected
EMGUSB_Write
EMGUSB_Read
EMGUSB_CheckInQue
EMGUSB_Open

winmm

PlaySoundA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

OleLoadPicturePath
SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 760KB - Virtual size: 757KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e_manage2JP.dll
.dll windows:4 windows x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e_manage2JP.txt
e_manage2US.dll
.dll windows:4 windows x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e_manage2US.txt
e_manage2_start.bmp
em2_scale.def
ema_an.ico
ema_bn.ico
emng2uni.exe
.exe windows:4 windows x86

72e251564dda5624138f16e19f08e581

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiSetSelectedDriverA
SetupOpenFileQueue
SetupScanFileQueueA
SetupCloseFileQueue
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiClassGuidsFromNameExA
SetupDiCreateDeviceInfoListExA
SetupDiGetClassDevsExA
SetupDiOpenDeviceInfoA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstallParamsA

mfc42

ord939
ord858
ord540
ord860
ord823
ord535
ord6283
ord6282
ord940
ord537
ord800
ord825

msvcrt

_mbschr
printf
_mbctoupper
_ismbcalpha
_mbsnbicmp
_mbsicmp
sprintf
_strdup
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler
_mbscmp
_chdir
_mbctolower

kernel32

GetVersionExA
lstrcmpA
lstrcpyA
ReadFile
lstrlenA
SetConsoleTitleA
CreateFileA
CloseHandle
GetWindowsDirectoryA
DeleteFileA
GetLastError
WinExec
SetFileAttributesA

user32

FindWindowA
ShowWindow
MessageBoxA
ExitWindowsEx
CharNextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
emng2uni.u2k
emng2uni.u98
emng2uni2k.exe
.exe windows:5 windows x86

5bbdc91d5b6912229d4f577ef917757c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcsstr
_wcsnset
swprintf
_wcsdup
strstr
free
wprintf
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
??2@YAPAXI@Z
??3@YAXPAX@Z
_iob
fputs
fputws

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
AdjustTokenPrivileges

kernel32

FreeLibrary
FileTimeToSystemTime
GetDateFormatW
lstrcmpW
lstrcpyW
CreateFileW
MultiByteToWideChar
GetProcAddress
lstrcmpiW
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
FormatMessageW
LocalFree
LoadLibraryW
GetFullPathNameW
DeleteFileW
SetFileAttributesW
GetModuleHandleA
lstrcpynW
ReadFile

user32

LoadStringW
MessageBoxW
CharNextW
ExitWindowsEx

setupapi

CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
SetupDiClassGuidsFromNameExW
CM_Free_Log_Conf_Handle
CM_Get_First_Log_Conf_Ex
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiOpenDevRegKey
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupCloseFileQueue
SetupScanFileQueueW
SetupDiCallClassInstaller
SetupOpenFileQueue
SetupDiSetSelectedDriverW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
SetupDiGetClassDescriptionExW
SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoListExW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Connect_MachineW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoListExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW
SetupDiEnumDeviceInfo

shell32

SHFileOperationW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
emng2usb.inf
emng2usb.sys
.sys windows:4 windows x86

729a032b6f2bf04004157514ff8f97e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock

ntoskrnl.exe

IofCompleteRequest
IofCallDriver
IoDeleteDevice
IoDetachDevice
ExFreePool
IoAttachDeviceToDeviceStack
RtlCopyUnicodeString
ExAllocatePoolWithTag
KeInitializeSpinLock
IoCreateDevice
RtlInitUnicodeString
RtlFreeUnicodeString
IoFreeIrp
IoAllocateIrp
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoCancelIrp
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
DbgPrint
memmove
RtlUnwind
IoIsWdmVersionAvailable

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8
_USBD_ParseDescriptors@16

silib.sys

_GenericDispatchPower@8
_GenericSaveRestoreComplete@4
_GenericCleanupControlRequests@12
_IsWin98@0
_GenericReleaseRemoveLock@8
_GenericAcquireRemoveLock@8
_GenericDispatchPnp@8
_GenericRegisterInterface@8
_InitializeGenericExtension@8
_GetSizeofGenericExtension@0

Sections

page
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

init
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engine.dat
gsc02.p
mfc42.dll
.dll regsvr32 windows:4 windows x86

1557eebc6134cee9eb9d0583a2b40341

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbsnbicmp
wcsncpy
wcscpy
_ltoa
_ultoa
swprintf
_itoa
modf
ceil
fabs
floor
labs
_ftol
_splitpath
_fullpath
atol
__p___argc
_EH_prolog
__p___argv
_beginthreadex
_endthreadex
_strdup
_mbsdec
_expand
strtod
strtol
strtoul
abs
calloc
_msize
_purecall
strftime
_mbctype
localtime
gmtime
time
_ismbcspace
atoi
_ismbcdigit
_mbsnbcmp
sprintf
strlen
_mbclen
vsprintf
_mbsrchr
_mbscspn
_mbsspn
_mbsstr
_mbsrev
_mbslwr
_mbsupr
_mbspbrk
_mbschr
wcslen
_mbscmp
realloc
fclose
fflush
fseek
ftell
fgets
fputs
fwrite
fread
clearerr
_open_osfhandle
_fdopen
__doserrno
_get_osfhandle
memset
_mbsinc
abort
free
malloc
memcmp
memmove
memcpy
_CxxThrowException
mktime
__CxxFrameHandler

kernel32

FindClose
FindFirstFileA
lstrcpyA
MultiByteToWideChar
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
GetShortPathNameA
GetModuleFileNameA
GlobalSize
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalFree
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
WaitForSingleObject
CreateSemaphoreA
DeleteFileA
LoadLibraryA
ReleaseMutex
InterlockedExchange
WaitForMultipleObjects
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
FreeLibrary
MulDiv
GetProfileIntA
VirtualProtect
FindResourceExA
SizeofResource
GetProcessVersion
GlobalFlags
GetTempFileNameA
GetDiskFreeSpaceA
LocalUnlock
LocalLock
GetTempPathA
SearchPathA
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
GetCurrentThread
SetErrorMode
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
FindNextFileA
GetTickCount
lstrlenW
CopyFileA
lstrcpyW
GetUserDefaultLCID
IsDBCSLeadByte
GetSystemDirectoryA
GetProcAddress
UnlockFile
MoveFileA
SetEndOfFile
FlushFileBuffers
LockFile
CloseHandle
ReadFile
SetFilePointer
WriteFile
DuplicateHandle
CreateFileA
GetCurrentProcess
lstrlenA
lstrcmpA
OutputDebugStringA
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
GetLastError
IsBadStringPtrW
lstrcpynA
ReleaseSemaphore
SetLastError
CreateMutexA
GetVolumeInformationA
CreateEventA
RaiseException

gdi32

TextOutA
GetPolyFillMode
EnumFontFamiliesA
GetPixel
CreatePalette
GetPaletteEntries
RealizePalette
OffsetRgn
SetBrushOrgEx
CreateMetaFileA
CopyMetaFileA
LPtoDP
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
DPtoLP
CombineRgn
SetRectRgn
GetMapMode
CreateDIBPatternBrushPt
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
EnumFontFamiliesExA
CreateDCA
CreateRectRgnIndirect
Rectangle
UnrealizeObject
PatBlt
CreateBitmap
CreatePatternBrush
CreatePen
CloseMetaFile
DeleteMetaFile
RectVisible
PtVisible
IntersectClipRect
GetViewportOrgEx
GetWindowOrgEx
SetWindowOrgEx
GetDeviceCaps
Escape
GetCurrentPositionEx
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetTextFaceA
GetWindowExtEx
GetViewportExtEx
GetROP2
GetBkMode
GetTextAlign
GetNearestColor
GetBkColor
GetTextColor
SaveDC
GetStockObject
RestoreDC
GetCharWidthA
DeleteObject
CreateFontA
StretchDIBits
DeleteDC
CreateCompatibleBitmap
GetTextExtentPoint32A
ExtTextOutA
CreateSolidBrush
BitBlt
CreateFontIndirectA
CreateCompatibleDC
GetTextMetricsA
GetObjectA
SelectObject
SetTextColor
GetClipBox
SetBkColor
GetStretchBltMode

user32

SetCapture
CharToOemA
OemToCharA
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SendMessageA
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetKeyState
GetDlgCtrlID
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetParent
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
IsWindowVisible
EnableWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
IsWindow
SetActiveWindow
GetFocus
DispatchMessageA
PeekMessageA
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
PostMessageA
LoadIconA
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
IsWindowEnabled
GetDesktopWindow
ShowWindow
GetActiveWindow
DestroyMenu
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
LoadCursorA
GetSystemMetrics
WaitMessage
GetCursorPos
GetWindowThreadProcessId
WindowFromPoint
ClientToScreen
TranslateMessage
GetMessageA
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
RedrawWindow
LoadBitmapA
InflateRect
PtInRect
ReleaseDC
InvertRect
GetWindowDC
FillRect
SetTimer
KillTimer
SetRect
GetDC
IsZoomed
SetParent
IsRectEmpty
AppendMenuA
DeleteMenu
GetSystemMenu
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextA
GrayStringA
UnionRect
DrawFocusRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
wvsprintfA
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
BeginPaint
EndPaint
TabbedTextOutA
GetSysColorBrush
GetClassNameA
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowA
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
GetMenuStringA
RegisterClipboardFormatA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
InvalidateRgn
FrameRect
LoadStringA
CharUpperA
wsprintfA

Exports

Exports

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 616KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcrt.dll
.dll windows:4 windows x86

179b04fb57bf5f17850c94a941db63fa

Code Sign

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 07:00

Not After

31-12-1999 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 07:00

Not After

31-12-1999 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

72:b5:13:47:ab:f8:11:d2:a4:1e:00:c0:4f:79:fe:8e
Certificate

Issuer

CN=Microsoft Beta PCA Authority,OU=Copyright (c) 1999 Microsoft Corp.+OU=Microsoft Corporation

Not Before

13-01-1999 07:00

Not After

01-02-2000 07:00

Subject

CN=Microsoft Windows 2000 Beta,OU=Copyright (c) 1999 Microsoft Corp.+OU=Microsoft Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

4f:ff:a6:23:54:b1:ee:2d:5b:e1:ff:3f:b0:86:01:72
Certificate

Issuer

CN=Microsoft Beta Root Authority,OU=Copyright (c) 1999 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11-01-1999 07:00

Not After

31-12-2005 07:00

Subject

CN=Microsoft Beta PCA Authority,OU=Copyright (c) 1999 Microsoft Corp.+OU=Microsoft Corporation

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnumSystemLocalesA
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
SetEnvironmentVariableW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
RaiseException
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
HeapSize
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctime64
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stat64
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_time64
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_utime64
_vsnprintf
_vsnwprintf
_waccess
_wasctime

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.ini
silib.sys
.sys windows:4 windows x86

2ac19d4852ec6cee4cf8efa0ee57ef45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql

ntoskrnl.exe

InterlockedDecrement
ExFreePool
KefReleaseSpinLockFromDpcLevel
ExAllocatePoolWithTag
InterlockedIncrement
KeSetEvent
KeWaitForSingleObject
KeClearEvent
KeInitializeEvent
KeInitializeSpinLock
IoIsWdmVersionAvailable
IofCallDriver
KeInitializeSemaphore
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
PoSetPowerState
IoInvalidateDeviceState
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KefAcquireSpinLockAtDpcLevel
InterlockedExchange
IoRegisterDeviceInterface
PoRegisterDeviceForIdleDetection
PoCallDriver
PoStartNextPowerIrp
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
PoRequestPowerIrp
ZwSetValueKey
IoFreeIrp
ExQueueWorkItem
IofCompleteRequest
IoCancelIrp
IoAllocateIrp
RtlUnicodeStringToAnsiString

Exports

Exports

_AbortAllRequests@12
_AbortRequests@8
_AllowAllRequests@8
_AllowRequests@4
_AreRequestsBeingAborted@4
_CancelRequest@8
_CheckAnyBusyAndStall@12
_CheckBusyAndStall@4
_CleanupAllRequests@16
_CleanupGenericExtension@4
_CleanupRequests@12
_GenericAcquireRemoveLock@8
_GenericCacheControlRequest@12
_GenericCleanupAllRequests@12
_GenericCleanupControlRequests@12
_GenericDeregisterInterface@8
_GenericDispatchPnp@8
_GenericDispatchPower@8
_GenericEnableInterface@12
_GenericGetVersion@0
_GenericHandlePowerIoctl@8
_GenericIdleDevice@12
_GenericInitializeRemoveLock@16
_GenericMarkDeviceBusy@4
_GenericRegisterForIdleDetection@16
_GenericRegisterInterface@8
_GenericReleaseRemoveLock@8
_GenericReleaseRemoveLockAndWait@8
_GenericSaveRestoreComplete@4
_GenericSetDeviceState@8
_GenericUncacheControlRequest@8
_GenericWakeupControl@8
_GenericWakeupFromIdle@8
_GetCurrentIrp@4
_GetSizeofGenericExtension@0
_InitializeGenericExtension@8
_InitializeQueue@8
_IsWin98@0
_RestartAllRequests@12
_RestartRequests@8
_StallAllRequests@8
_StallAllRequestsAndNotify@16
_StallRequests@4
_StallRequestsAndNotify@12
_StartNextPacket@8
_StartPacket@16
_WaitForCurrentIrp@4
_WaitForCurrentIrps@8

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

init
Size: 128B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
temp.dat
temp_water.dat
1.09_1.09_full/DISK/GReddy e-manage Ultimate.msi
.msi
1.09_1.09_full/DISK/Setup.ini
1.09_1.09_full/DISK/_vti_cnf/0x0409.ini
1.09_1.09_full/DISK/_vti_cnf/0x0411.ini
1.09_1.09_full/DISK/_vti_cnf/1033.mst
1.09_1.09_full/DISK/_vti_cnf/1041.mst
1.09_1.09_full/DISK/_vti_cnf/Data1.cab
1.09_1.09_full/DISK/_vti_cnf/GReddy e-manage Ultimate.msi
1.09_1.09_full/DISK/_vti_cnf/Setup.ini
1.09_1.09_full/DISK/_vti_cnf/instmsia.exe
1.09_1.09_full/DISK/_vti_cnf/instmsiw.exe
1.09_1.09_full/DISK/_vti_cnf/isscript.msi
1.09_1.09_full/DISK/_vti_cnf/setup.bmp
1.09_1.09_full/DISK/_vti_cnf/setup.exe
1.09_1.09_full/DISK/instmsia.exe
.exe windows:5 windows x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:2a:8d:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29-03-2001 21:27

Not After

29-05-2002 21:37

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2001 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1.09_1.09_full/DISK/instmsiw.exe
.exe windows:5 windows x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:2a:8d:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29-03-2001 21:27

Not After

29-05-2002 21:37

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2001 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1.09_1.09_full/DISK/isscript.msi
.msi
1.09_1.09_full/DISK/setup.bmp
1.09_1.09_full/DISK/setup.exe
.exe windows:4 windows x86

ba1b8fbc2b1c93935a67fb0c7432f51b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerLanguageNameA
VerQueryValueA
GetFileVersionInfoSizeA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ord17

kernel32

QueryPerformanceFrequency
CreateEventA
Sleep
InterlockedDecrement
lstrcatA
CompareStringA
CompareStringW
GetVersionExA
SetFilePointer
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LockResource
WriteFile
SizeofResource
FindResourceA
GetModuleFileNameA
GetTickCount
GetSystemDefaultLCID
GlobalHandle
GetPrivateProfileSectionA
SetCurrentDirectoryA
lstrlenW
InterlockedIncrement
GetSystemInfo
SetLastError
IsValidCodePage
LocalFree
FormatMessageA
GetDiskFreeSpaceA
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
GetCurrentThread
GetLocaleInfoA
GetPrivateProfileStringA
lstrlenA
CreateFileA
GetFileSize
GlobalAlloc
CloseHandle
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
WideCharToMultiByte
DeleteFileA
GetLastError
CreateThread
CopyFileA
MultiByteToWideChar
ExpandEnvironmentStringsA
GetExitCodeThread
lstrcmpiA
SetErrorMode
GetPrivateProfileIntA
GetTempPathA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetTempFileNameA
lstrcmpA
lstrcpyA
MoveFileA
LoadResource
IsBadCodePtr
GetVersion
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetFileType
GetStdHandle
SetHandleCount
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TerminateProcess
ExitProcess
RaiseException
HeapAlloc
HeapFree
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
WaitForSingleObject
lstrcpynA
SearchPathA
FindFirstFileA
VirtualProtect
VirtualQuery
FindClose
SetStdHandle
LCMapStringW

user32

CharNextA
ReleaseDC
GetDC
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
PostQuitMessage
KillTimer
PostMessageA
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
GetDesktopWindow
DialogBoxParamA
ShowWindow
GetDlgItem
EndDialog
GetWindowDC
SetWindowPos
ClientToScreen
GetClientRect
SetWindowLongA
EndPaint
BeginPaint
GetWindowLongA
DestroyWindow
CreateDialogParamA
SendDlgItemMessageA
ExitWindowsEx
CharPrevA
LoadStringA
GetClassInfoA
UpdateWindow
SetCursor
GetDlgItemTextA
EnableWindow
MessageBoxA
GetParent
GetWindowTextLengthA
GetWindowTextA
MoveWindow
GetWindowPlacement
DrawIcon
DestroyIcon
SetWindowTextA
FillRect
GetSysColor
GetSysColorBrush
IsDialogMessageA
SendMessageA
GetSystemMetrics
SetRect
FindWindowA
IntersectRect
SubtractRect
IsWindow
GetWindowRect
GetDlgCtrlID
CharLowerBuffA

gdi32

CreateDIBitmap
GetDeviceCaps
CreatePalette
SelectPalette
GetStockObject
DeleteObject
GetSystemPaletteEntries
BitBlt
SelectObject
DeleteDC
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectA
TranslateCharsetInfo
GetTextExtentPointA
RealizePalette

advapi32

FreeSid
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
EqualSid
RegOpenKeyExA
RegSetValueExA
RegEnumValueA
RegDeleteKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
StgIsStorageFile
StgOpenStorage

oleaut32

SysStringLen
SysReAllocStringLen
SysFreeString
SysAllocString
SysAllocStringLen

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1.09_1.09_full/PreInstaller.exe
.exe windows:4 windows x86

85b5d65290228ded0f1c0d12d52c4a69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupCopyOEMInfA

mfc42

ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord617
ord641
ord800
ord2514
ord5301
ord5214
ord296
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2725
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord860
ord540
ord1576
ord2645
ord6215
ord3092
ord858
ord4129
ord5683
ord5572
ord2915
ord4160
ord2863
ord2379
ord755
ord470
ord537
ord6334
ord535
ord6283
ord6282
ord940
ord823
ord1200
ord2818
ord2614
ord6662
ord6877
ord6663
ord922
ord924
ord941
ord2764
ord939
ord926
ord6779
ord2763
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord2648
ord2370

msvcrt

__set_app_type
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mbscmp
__CxxFrameHandler
_setmbcp

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
ReadFile
CloseHandle
CreateFileA
GetWindowsDirectoryA
CopyFileA
SetEndOfFile
WriteFile
GetLastError
CreateDirectoryA
GetSystemDirectoryA
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetClientRect
EnableWindow
DrawIcon
GetSystemMenu
SendMessageA
GetSystemMetrics
AppendMenuA
IsIconic
LoadIconA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1.09_1.09_full/_vti_cnf/AUTORUN.INF
1.09_1.09_full/_vti_cnf/PreInstaller.exe
1.09_1.09_full/_vti_cnf/emng2uni.exe
1.09_1.09_full/_vti_cnf/emng2uni.u2k
1.09_1.09_full/_vti_cnf/emng2uni.u98
1.09_1.09_full/_vti_cnf/emng2uni2k.exe
1.09_1.09_full/_vti_cnf/emng2usb.inf
1.09_1.09_full/_vti_cnf/emng2usb.sys
1.09_1.09_full/_vti_cnf/setup.ini
1.09_1.09_full/_vti_cnf/silib.sys
1.09_1.09_full/emng2uni.exe
.exe windows:4 windows x86

72e251564dda5624138f16e19f08e581

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiSetSelectedDriverA
SetupOpenFileQueue
SetupScanFileQueueA
SetupCloseFileQueue
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiClassGuidsFromNameExA
SetupDiCreateDeviceInfoListExA
SetupDiGetClassDevsExA
SetupDiOpenDeviceInfoA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstallParamsA

mfc42

ord939
ord858
ord540
ord860
ord823
ord535
ord6283
ord6282
ord940
ord537
ord800
ord825

msvcrt

_mbschr
printf
_mbctoupper
_ismbcalpha
_mbsnbicmp
_mbsicmp
sprintf
_strdup
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler
_mbscmp
_chdir
_mbctolower

kernel32

GetVersionExA
lstrcmpA
lstrcpyA
ReadFile
lstrlenA
SetConsoleTitleA
CreateFileA
CloseHandle
GetWindowsDirectoryA
DeleteFileA
GetLastError
WinExec
SetFileAttributesA

user32

FindWindowA
ShowWindow
MessageBoxA
ExitWindowsEx
CharNextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1.09_1.09_full/emng2uni.u2k
1.09_1.09_full/emng2uni.u98
1.09_1.09_full/emng2uni2k.exe
.exe windows:5 windows x86

5bbdc91d5b6912229d4f577ef917757c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcsstr
_wcsnset
swprintf
_wcsdup
strstr
free
wprintf
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
??2@YAPAXI@Z
??3@YAXPAX@Z
_iob
fputs
fputws

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
AdjustTokenPrivileges

kernel32

FreeLibrary
FileTimeToSystemTime
GetDateFormatW
lstrcmpW
lstrcpyW
CreateFileW
MultiByteToWideChar
GetProcAddress
lstrcmpiW
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
FormatMessageW
LocalFree
LoadLibraryW
GetFullPathNameW
DeleteFileW
SetFileAttributesW
GetModuleHandleA
lstrcpynW
ReadFile

user32

LoadStringW
MessageBoxW
CharNextW
ExitWindowsEx

setupapi

CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
SetupDiClassGuidsFromNameExW
CM_Free_Log_Conf_Handle
CM_Get_First_Log_Conf_Ex
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiOpenDevRegKey
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupCloseFileQueue
SetupScanFileQueueW
SetupDiCallClassInstaller
SetupOpenFileQueue
SetupDiSetSelectedDriverW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
SetupDiGetClassDescriptionExW
SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoListExW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Connect_MachineW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoListExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW
SetupDiEnumDeviceInfo

shell32

SHFileOperationW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1.09_1.09_full/emng2usb.inf
1.09_1.09_full/emng2usb.sys
.sys windows:4 windows x86

729a032b6f2bf04004157514ff8f97e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock

ntoskrnl.exe

IofCompleteRequest
IofCallDriver
IoDeleteDevice
IoDetachDevice
ExFreePool
IoAttachDeviceToDeviceStack
RtlCopyUnicodeString
ExAllocatePoolWithTag
KeInitializeSpinLock
IoCreateDevice
RtlInitUnicodeString
RtlFreeUnicodeString
IoFreeIrp
IoAllocateIrp
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoCancelIrp
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
DbgPrint
memmove
RtlUnwind
IoIsWdmVersionAvailable

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8
_USBD_ParseDescriptors@16

silib.sys

_GenericDispatchPower@8
_GenericSaveRestoreComplete@4
_GenericCleanupControlRequests@12
_IsWin98@0
_GenericReleaseRemoveLock@8
_GenericAcquireRemoveLock@8
_GenericDispatchPnp@8
_GenericRegisterInterface@8
_InitializeGenericExtension@8
_GetSizeofGenericExtension@0

Sections

page
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

init
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.09_1.09_full/setup.ini
1.09_1.09_full/silib.sys
.sys windows:4 windows x86

2ac19d4852ec6cee4cf8efa0ee57ef45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql

ntoskrnl.exe

InterlockedDecrement
ExFreePool
KefReleaseSpinLockFromDpcLevel
ExAllocatePoolWithTag
InterlockedIncrement
KeSetEvent
KeWaitForSingleObject
KeClearEvent
KeInitializeEvent
KeInitializeSpinLock
IoIsWdmVersionAvailable
IofCallDriver
KeInitializeSemaphore
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
PoSetPowerState
IoInvalidateDeviceState
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KefAcquireSpinLockAtDpcLevel
InterlockedExchange
IoRegisterDeviceInterface
PoRegisterDeviceForIdleDetection
PoCallDriver
PoStartNextPowerIrp
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
PoRequestPowerIrp
ZwSetValueKey
IoFreeIrp
ExQueueWorkItem
IofCompleteRequest
IoCancelIrp
IoAllocateIrp
RtlUnicodeStringToAnsiString

Exports

Exports

_AbortAllRequests@12
_AbortRequests@8
_AllowAllRequests@8
_AllowRequests@4
_AreRequestsBeingAborted@4
_CancelRequest@8
_CheckAnyBusyAndStall@12
_CheckBusyAndStall@4
_CleanupAllRequests@16
_CleanupGenericExtension@4
_CleanupRequests@12
_GenericAcquireRemoveLock@8
_GenericCacheControlRequest@12
_GenericCleanupAllRequests@12
_GenericCleanupControlRequests@12
_GenericDeregisterInterface@8
_GenericDispatchPnp@8
_GenericDispatchPower@8
_GenericEnableInterface@12
_GenericGetVersion@0
_GenericHandlePowerIoctl@8
_GenericIdleDevice@12
_GenericInitializeRemoveLock@16
_GenericMarkDeviceBusy@4
_GenericRegisterForIdleDetection@16
_GenericRegisterInterface@8
_GenericReleaseRemoveLock@8
_GenericReleaseRemoveLockAndWait@8
_GenericSaveRestoreComplete@4
_GenericSetDeviceState@8
_GenericUncacheControlRequest@8
_GenericWakeupControl@8
_GenericWakeupFromIdle@8
_GetCurrentIrp@4
_GetSizeofGenericExtension@0
_InitializeGenericExtension@8
_InitializeQueue@8
_IsWin98@0
_RestartAllRequests@12
_RestartRequests@8
_StallAllRequests@8
_StallAllRequestsAndNotify@16
_StallRequests@4
_StallRequestsAndNotify@12
_StartNextPacket@8
_StartPacket@16
_WaitForCurrentIrp@4
_WaitForCurrentIrps@8

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

init
Size: 128B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

507d8257edae6d323a161615d39097e1

Headers

File Characteristics

Imports

siusbxp

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 4KB - Virtual size: 3KB

138f160cfefa07306f399d9bfa41ad11

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 13KB - Virtual size: 13KB

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 8KB - Virtual size: 7KB

56ac46dcc88f67428b0149d3d554a99b

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

olepro32

comctl32

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 21KB - Virtual size: 30KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 18KB - Virtual size: 18KB

85b5d65290228ded0f1c0d12d52c4a69

Headers

File Characteristics

Imports

setupapi

mfc42

msvcrt

kernel32

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 4KB - Virtual size: 3KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 8KB - Virtual size: 7KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 21KB - Virtual size: 30KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 888B

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 760KB - Virtual size: 757KB

.rdata
Size: 116KB - Virtual size: 114KB

.data
Size: 32KB - Virtual size: 1.1MB

.rsrc
Size: 32KB - Virtual size: 29KB

.text
Size: 4KB - Virtual size: 508B

.rdata
Size: 4KB - Virtual size: 280B

.data
Size: 4KB - Virtual size: 76B

.rsrc
Size: 104KB - Virtual size: 102KB

.reloc
Size: 4KB - Virtual size: 362B

.text
Size: 4KB - Virtual size: 508B

.rdata
Size: 4KB - Virtual size: 280B

.data
Size: 4KB - Virtual size: 76B

.rsrc
Size: 80KB - Virtual size: 77KB

.reloc
Size: 4KB - Virtual size: 302B