7ca33c4b10456f8e6afdeee3f34ec2ab

Sharing

Copy URL Twitter E-mail

General

Target

7ca33c4b10456f8e6afdeee3f34ec2ab
Size

7.1MB
MD5

7ca33c4b10456f8e6afdeee3f34ec2ab
SHA1

80989b431739456d780a94ee34d5dbcb96abdad8
SHA256

56cbc4b96ec52a881f141e0ef820ee1c416cd028b5aa7c7a084065f62e401bff
SHA512

1ca861d02c815b4a485aff945b11accb89c9511837d46b58bb933de541c08d887bb165db01d0879397317d275e506f3780e1be81e0944b28d43844ad08b36d41
SSDEEP

98304:J/dcdz0IC/V+bjIvs8QdEU/qQ2gPaQif5tS1yJpHNIQJYt5sQfZib2b0jLW1wNQ2:i0Fo7ElQ2gPnS0mRJYHxfctj61wK2

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/H2OEZE-W.exe
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/LZMA_UTILITY_IA32.DLL
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/PeiRebase/PeiRebase3_5B.exe
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/PeiRebase/PeiRebase3_7.exe
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/PeiRebase/PeiRebase5_0.exe
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/Plugins/IsH2OEZEPlugin.dll
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/iconv.dll
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/iscflash.dll
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/libxml2.dll
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/libxslt.dll
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/pcre.dll
unpack001/InsydeH2OEZE_x86_WIN_100.00.02.10/zlib1.dll

Files

7ca33c4b10456f8e6afdeee3f34ec2ab
.zip
InsydeH2OEZE_x86_WIN_100.00.02.10/CssStyle/Common.css
InsydeH2OEZE_x86_WIN_100.00.02.10/CssStyle/PopupWin.css
InsydeH2OEZE_x86_WIN_100.00.02.10/CssStyle/Setup.css
InsydeH2OEZE_x86_WIN_100.00.02.10/CssStyle/Tree.css
InsydeH2OEZE_x86_WIN_100.00.02.10/H2OEZE-W.exe
.exe windows:5 windows x86 arch:x86

69fa811568ed1947283c177e0ec479f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDisposeImage
GdipCloneImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc
GdipFree
GdiplusStartup
GdipDrawImageRectRect

libxml2

xmlAddPrevSibling
xmlNewDocPI
xmlDocSetRootElement
xmlNewDocNode
xmlNewDoc
xmlCleanupParser
xmlFreeDoc
xmlSaveFormatFileEnc
xmlNewProp
xmlNewChild
xmlParseFile
__xmlLoadExtDtdDefaultValue
xmlSubstituteEntitiesDefault

libxslt

xsltCleanupGlobals
xsltFreeStylesheet
xsltSaveResultToFilename
xsltApplyStylesheet
xsltParseStylesheetFile

iscflash

?CloseDriverHandle@@YAXXZ
?InitialDll@@YAXXZ
?GetPhysicalMemory@@YA_NPAU_PHYSICAL_MEMORY_DATA@@@Z
?CallDriver@@YA_NKPAXK0KPAK@Z
?CreateDriverHandle@@YA_NXZ

pcre

pcre_free
pcre_compile
pcre_exec

kernel32

GetFullPathNameW
GetDiskFreeSpaceW
VirtualProtect
MoveFileW
GetStringTypeExW
GetThreadLocale
lstrcmpiW
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetShortPathNameW
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCurrentThread
FileTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
GetFileSizeEx
FindResourceExW
SetErrorMode
GetSystemDirectoryW
GetTickCount
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
SetEnvironmentVariableW
ExitProcess
SetStdHandle
GetFileType
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetFileAttributesA
CreateFileA
GetTimeZoneInformation
LCMapStringA
GetLocaleInfoA
GetTempFileNameW
WriteConsoleA
GetConsoleOutputCP
GetExitCodeProcess
SetEnvironmentVariableA
GetProcessHeap
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
InterlockedDecrement
lstrcmpA
FormatMessageW
LocalFree
MulDiv
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
SetLastError
GetModuleHandleW
GetVersionExA
FreeResource
LoadLibraryA
GlobalAlloc
GlobalFree
lstrlenA
LoadLibraryW
GetProcAddress
CreateProcessW
WaitForSingleObject
GetExitCodeThread
CopyFileW
lstrcmpW
lstrcpyW
GetLocalTime
OutputDebugStringA
GetCurrentProcess
GetLastError
GetCurrentDirectoryW
GetModuleFileNameW
MultiByteToWideChar
GlobalLock
GlobalUnlock
lstrlenW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetNumberOfConsoleInputEvents
FlushConsoleInputBuffer
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
FreeConsole
GetStartupInfoW
AllocConsole
GetStdHandle
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
WriteFile
CreateFileW
GetFileSize
ReadFile
CloseHandle
FindFirstFileW
FindClose
CreateDirectoryW
SetFileAttributesW
LoadResource
LockResource
SizeofResource
FindResourceW
GetTempPathW
DeleteFileW
Sleep
GetFileTime
SetFileTime
GetFileAttributesW
GlobalGetAtomNameW
WritePrivateProfileStringW
InterlockedIncrement
DeleteFileA

user32

InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
DestroyMenu
ReuseDDElParam
UnpackDDElParam
SystemParametersInfoW
IsRectEmpty
DrawIcon
SetWindowRgn
SetTimer
KillTimer
SetCapture
LoadCursorW
IsZoomed
InflateRect
GetMenuItemInfoW
GetAsyncKeyState
MapDialogRect
CharUpperW
GetSysColorBrush
UnregisterClassW
DestroyIcon
CopyAcceleratorTableW
SetRect
InvalidateRgn
CharNextW
SetWindowContextHelpId
WindowFromPoint
RegisterClipboardFormatW
GetNextDlgGroupItem
PostThreadMessageW
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
GetMenuStringW
InsertMenuW
GetWindowThreadProcessId
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
CreatePopupMenu
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
LoadMenuW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
ReleaseDC
GetWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindowRect
OffsetRect
RedrawWindow
DrawTextW
FillRect
CopyRect
GetSubMenu
DeleteMenu
DrawMenuBar
EnableMenuItem
GetScrollRange
SetScrollPos
GetScrollPos
InvalidateRect
GetSystemMetrics
ExitWindowsEx
GetDC
GetSysColor
LoadBitmapW
UpdateWindow
PtInRect
GetKeyState
GetWindowLongW
GetFocus
TranslateMessage
DispatchMessageW
MessageBeep
GetParent
PostMessageW
OpenClipboard
GetClipboardData
CloseClipboard
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
ShowOwnedPopups
SetCursor
PostQuitMessage
GetMessageW
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
GetWindowDC
LoadImageW
GetClientRect
SendMessageW
EnableWindow
IsIconic

gdi32

SetBkColor
CreateCompatibleBitmap
GetClipBox
SetTextColor
CreateBitmap
MoveToEx
SaveDC
RestoreDC
SetBkMode
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ExtTextOutW
DeleteDC
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreatePen
CreateSolidBrush
CreateEllipticRgn
LPtoDP
Ellipse
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
EnumFontFamiliesExW
GetEnhMetaFilePaletteEntries
IntersectClipRect
ExcludeClipRect
SetMapMode
CreatePalette
SelectPalette
RealizePalette
PlayEnhMetaFile
GetDIBits
SetEnhMetaFileBits
GetEnhMetaFileHeader
DeleteEnhMetaFile
GetDeviceCaps
SetWinMetaFileBits
CreateRectRgnIndirect
BitBlt
GetObjectW
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontW
SetWindowExtEx
GetStockObject
LineTo

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

GetFileSecurityW
SetFileSecurityW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW

shell32

DragFinish
DragQueryFileW
SHGetFileInfoW
ExtractIconW
ShellExecuteW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringLen

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/H2OEZE.ini
InsydeH2OEZE_x86_WIN_100.00.02.10/Html/H2OEZE-HELP.chm
.chm
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back1.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back10.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back2.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back3.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back4.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back5.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back6.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back7.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back8.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Back9.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Close.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Close1.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Down.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/DownPic.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/FixedBottomBg.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/FixedBottomBg2.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/FixedBottomInfoBg.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/FixedBottomInfoBg2.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Insert.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/InsydeLogo.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/InsydeLogoEx.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/LineBG.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/MainBGCornerL.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/MainBGCornerR.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/MainFrameBG.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/MidFrameBG.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/RectangleBox.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/RectangleBox2.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/RectangleBox3.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Remove.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/StateFail.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/StateGood.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Test.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Thumbs.db
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/TopLeftBG.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/TopRightBG.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/TopRightBG2.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/TopRightBG3.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Triangle.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/Up.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/UpPic.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/icons.png
.png
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/loading.gif
.gif
InsydeH2OEZE_x86_WIN_100.00.02.10/Images/progressbar.gif
.gif
InsydeH2OEZE_x86_WIN_100.00.02.10/LZMA_UTILITY_IA32.DLL
.dll windows:5 windows x86 arch:x86

806e1662896730d7138e2bad5784393f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryW
DeleteFileW
GetWindowsDirectoryW
lstrlenW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempPathW
GetTempFileNameW
GetLastError
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetCurrentProcess
GetVersionExW
FileTimeToSystemTime
GetSystemInfo
GlobalMemoryStatus
GetProcAddress
GetModuleHandleW
GetStdHandle
WaitForMultipleObjects
GetTickCount
GetProcessTimes
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToDosDateTime
OpenFileMappingW
MapViewOfFile
OpenEventW
UnmapViewOfFile
SetCurrentDirectoryW
SystemTimeToFileTime
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
SetFileApisToOEM
FileTimeToLocalFileTime
CompareFileTime
SetConsoleCtrlHandler
GetSystemTimeAsFileTime

user32

CharLowerW
CharUpperW
CharUpperA
CharNextA
CharPrevA
CharPrevExA

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

oleaut32

VariantCopy
VariantClear
SysFreeString
SysAllocString

msvcr90

__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException
__CxxFrameHandler3
_purecall
memset
memcmp
strlen
memmove
malloc
free
fclose
feof
fgetc
__iob_func
fflush
memcpy
fprintf
_isatty
_fileno
_beginthreadex
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

Exports

Exports

CustomizedCompress
CustomizedDecompress
CustomizedGetInfo
MainEntry

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/Module_GUID_2_Name.ini
InsydeH2OEZE_x86_WIN_100.00.02.10/PeiRebase/PeiRebase3_5B.exe
.exe windows:4 windows x86 arch:x86

255223b02d156bf09758dcfe5c685871

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetLastError
DeleteFileA
HeapAlloc
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WriteFile
CloseHandle
ReadFile
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
CreateFileA
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
GetLocaleInfoA
VirtualProtect
GetSystemInfo
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEndOfFile
HeapSize

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
InsydeH2OEZE_x86_WIN_100.00.02.10/PeiRebase/PeiRebase3_7.exe
.exe windows:5 windows x86 arch:x86

7c6cc2e1fff41788e4f673e3910d9494

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
HeapFree
DeleteFileA
HeapAlloc
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
FatalAppExitA
VirtualAlloc
HeapReAlloc
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
MultiByteToWideChar
ReadFile
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
RtlUnwind
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
CreateFileA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
InsydeH2OEZE_x86_WIN_100.00.02.10/PeiRebase/PeiRebase5_0.exe
.exe windows:5 windows x86 arch:x86

7c6cc2e1fff41788e4f673e3910d9494

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
HeapFree
DeleteFileA
HeapAlloc
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
FatalAppExitA
VirtualAlloc
HeapReAlloc
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
MultiByteToWideChar
ReadFile
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
RtlUnwind
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
CreateFileA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
InsydeH2OEZE_x86_WIN_100.00.02.10/Plugins/IsH2OEZEPlugin.dll
.dll windows:5 windows x86 arch:x86

31b02c49bdb7e37d54ef2a091b530623

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
GetCommandLineA
RtlUnwind
Sleep
ExitProcess
HeapReAlloc
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FileTimeToSystemTime
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
CreateFileA
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
InterlockedIncrement
CompareStringW
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
CreateFileW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
SetLastError
GlobalFree
GlobalUnlock
FormatMessageW
SetErrorMode
lstrlenW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
WideCharToMultiByte
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
CloseHandle
WaitForSingleObject
CreateProcessW
FreeLibrary
GetProcAddress
LoadLibraryW
FindNextFileW
LocalFree
GetLastError
MultiByteToWideChar
lstrlenA
GetModuleFileNameW
GetModuleHandleExW
FindClose
FindFirstFileW
GetPrivateProfileStringW
GetFileAttributesExW
DeleteFileW
CopyFileW
FindResourceW
LoadResource
LockResource
SizeofResource
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GetModuleHandleW
GetCPInfo

user32

DestroyMenu
ShowWindow
LoadCursorW
GetSysColorBrush
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongW
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
MessageBoxW
AdjustWindowRectEx

gdi32

DeleteDC
GetStockObject
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

CommandLineToArgvW
SHFileOperationW

shlwapi

PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathIsDirectoryW

oleaut32

VariantClear
VariantChangeType
VariantInit

wintrust

WinVerifyTrust

Exports

Exports

EZH2O_GetVersion
EZH2O_IsSignedBIOSImage
EZH2O_PostSaveToFile
EZH2O_PreLoadData
EZH2O_PreSaveToFile

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/Release Note.txt
InsydeH2OEZE_x86_WIN_100.00.02.10/S675P008.fd
InsydeH2OEZE_x86_WIN_100.00.02.10/Scripts/common.js
.js
InsydeH2OEZE_x86_WIN_100.00.02.10/Scripts/cookie.js
.js
InsydeH2OEZE_x86_WIN_100.00.02.10/Scripts/formparser.js
.js
InsydeH2OEZE_x86_WIN_100.00.02.10/Scripts/jquery-1.7.1.min.js
.js
InsydeH2OEZE_x86_WIN_100.00.02.10/Scripts/jquery-1.8.1.min.js
.js
InsydeH2OEZE_x86_WIN_100.00.02.10/Scripts/jquery.hoverIntent.js
.js
InsydeH2OEZE_x86_WIN_100.00.02.10/Scripts/popupwin.js
.js
InsydeH2OEZE_x86_WIN_100.00.02.10/Scripts/setup.js
.js
InsydeH2OEZE_x86_WIN_100.00.02.10/iconv.dll
.dll windows:4 windows x86 arch:x86

2fecad82d36d88ec85ac574c16ce0ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
memcmp
free
qsort
strlen
sprintf
memcpy
strcmp
_initterm
_adjust_fdiv
memset
_errno
strchr
abort
_strdup

kernel32

GetModuleFileNameA
GetACP
Sleep

Exports

Exports

_libiconv_version
libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/iscflash.dll
.dll windows:5 windows x86 arch:x86

f4888e93415ff5556fc837fef08b7160

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GlobalFindAtomW
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
LCMapStringA
GetTimeFormatA
GetDateFormatA
GetVersionExA
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetProcessHeap
SetEnvironmentVariableA
GlobalFlags
GetModuleHandleA
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
CompareStringW
InterlockedIncrement
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
lstrcmpW
FreeLibrary
GetFullPathNameW
GetVolumeInformationW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
SetLastError
GetModuleFileNameW
lstrlenW
SetFileAttributesW
GetLastError
GetVersion
CreateFileW
CloseHandle
DeviceIoControl
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileSectionW
FreeConsole
GetStdHandle
WriteConsoleW
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetSystemPowerStatus
SetCurrentDirectoryW
FindFirstFileW
GetVersionExW
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
GetCurrentProcess
FindResourceW
LoadResource
LockResource
GetTimeZoneInformation
SizeofResource

user32

DestroyMenu
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
SendMessageW
wsprintfW
MessageBoxW
DispatchMessageW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
UnhookWindowsHookEx
GetWindowThreadProcessId
TranslateMessage
PeekMessageW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSystemMetrics
CharUpperW
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions

gdi32

GetStockObject
DeleteDC
TextOutW
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
DeleteService
ControlService
OpenServiceW
StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegFlushKey
RegCloseKey

shlwapi

PathIsUNCW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
StrToIntW
PathStripToRootW

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

?AloneFlashRegionMap@@YAHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_NPAUSPlatformInfo@@PAUSNewImageInfo@@PAHAAUSIntelRegionSetting@@PA_N06@Z
?AutoSearchRomFile@@YA_NAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?BackupPrivateMap@@YA_NPAUSBvdtMapTable@@0@Z
?BufferToFile@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAXK_N@Z
?BvdtProtectRomMap@@YAHK@Z
?CalculateHdrCrc32@@YA_NPAEKPAK@Z
?CallDriver@@YA_NKPAXK0KPAK@Z
?CheckNewFvImage@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@KKKPAK@Z
?CheckNewRomImage@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_NPAUSPlatformInfo@@PAUSNewImageInfo@@PAH@Z
?CheckPowerStatus@@YA_NAA_NAAE_N@Z
?ClearCMOS@@YAXXZ
?CloseDriverHandle@@YAXXZ
?CompalOADelete@@YAHXZ
?CompalOAWrite@@YAHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?CompareEc@@YA_NPAEK@Z
?CompareEc@@YA_NXZ
?ComparePrivateMap@@YAHPAUSBvdtMapTable@@0@Z
?ConsoleFlashEcWithPrograssBar@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@K@Z
?ConsolePrint@@YAXPAD@Z
?ConsolePrint@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?CreateDriverHandle@@YA_NXZ
?DescriptorRegionMap@@YAHAAUSIntelRegionSetting@@_NPA_N2V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DisplayDialog@@YAHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0I@Z
?DisplayDialog@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0W4EMessageType@CMessageHandle@@@Z
?DisplayErrorDialog@@YAXK@Z
?DisplayErrorDialog@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DisplayLastErrorMessage@@YAXE@Z
?EnableMouseKeyboardInput@@YA_N_N@Z
?EnterFunction@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ExitConsoleProcess@@YAXXZ
?FindBvdtTable@@YA_NPAEK@Z
?GetBiosFileInfo@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@2@1111@Z
?GetBvdtBuildDate@@YA_NPBEKAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetBvdtMultiPlatformName@@YA_NPBEKAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetBvdtProtectMap@@YA_NPBEKPAUSBvdtMapTable@@_N@Z
?GetBvdtReleaseDate@@YA_NPBEKAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetCalpellaMeFromFile@@YAHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetEfiDriverVersion@@YA_NAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetErrorMessage@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@K_N0@Z
?GetFilePrivateMap@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUSBvdtMapTable@@@Z
?GetIhisiErrorMessage@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@E@Z
?GetIniPath@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetIniValueTable@@YAPAUSIniValueTable@@XZ
?GetLastErrorCode@@YAKXZ
?GetLastErrorMessage@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetLastSMIReturnCode@@YAEXZ
?GetMessageString@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@K@Z
?GetNewImageInfo@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@2@AAUSNewImageInfo@@@Z
?GetOsVersion@@YA_NAAK@Z
?GetPhysicalMemory@@YA_NPAU_PHYSICAL_MEMORY_DATA@@@Z
?GetProgramDirectory@@YAKAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetUpdateExtraDataMessage@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@HE@Z
?GetVendorId@@YAGXZ
?GetVendorIdByPci@@YA_NPAG@Z
?InitConsoleParam@@YAXAAUSConsoleParam@@@Z
?InitConsoleProcess@@YAXPA_W@Z
?InitialBvdtMapTable@@YAXAAUSBvdtMapTable@@@Z
?InitialDll@@YAXXZ
?InitialLog@@YA_NXZ
?InitializeCrc32Table@@YAXXZ
?IsDescriptorModeInNewRom@@YA_NXZ
?IsNewBiosVersionAllowToFlash@@YA_NV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?IsOemSecurePlatform@@YA_NXZ
?IsOemSecurePlatformCheck@@YA_NXZ
?IsPfatImage@@YA_NPAEKPAK1AA_N@Z
?IsPfatImage@@YA_NXZ
?IsPfatSupport@@YA_NXZ
?IsRbuImage@@YA_NXZ
?IsRbuSecureFlashMode@@YA_NXZ
?IsRbuSecureImage@@YA_NXZ
?IsSecureBootSupport@@YA_NAA_N@Z
?IsSecureFlashMode@@YA_NXZ
?IsSecureImage@@YA_NXZ
?IsSecureImageCheck@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?IsSecurePlatform@@YA_NXZ
?IsSecurePlatformCheck@@YA_NXZ
?IsVendor@@YA_NG@Z
?IsWinPE@@YA_NXZ
?LeaveFunction@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?LoadFileToBuffer@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAPAEPAK@Z
?LoadIniDefaultForProtectAreaFlash@@YAXXZ
?LoadOnlyProtectAreaFile@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@KKV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@2@@Z
?Log@@YAXEPB_WZZ
?LogIniSetting@@YAXXZ
?OACompare@@YAHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OARead@@YAHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OAWrite@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ParseIniMultiFd@@YA_NAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?PrepareSecureIniFile@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ProcessIni@@YA_N_N@Z
?ProcessIniOverwrite@@YAXXZ
?ProcessInputCustomizeDataFormat@@YA_NPA_WPAE1@Z
?ProtectAllBlock@@YAX_N@Z
?ReadCMOS@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ReadCurrentRom@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0KK@Z
?ReadEcFile@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ReadExtendCMOS@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ReverseBits@@YAKK@Z
?RunPfatFlash@@YAHPAEKKKEPA_KPAVCProgressCtrl@@@Z
?SMI_AllocPhysicalSecureMemory@@YA_NK@Z
?SMI_CalpellaMeIsSupport@@YAKXZ
?SMI_CalpellaMeWrite@@YAHEK_N@Z
?SMI_CheckConditionalData@@YA_NEEGPAEAAE@Z
?SMI_CheckPasswordByBios@@YA_NEV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAE@Z
?SMI_CustomizeDataCommunication@@YA_NEK@Z
?SMI_CustomizeDataWrite@@YA_NKPAE@Z
?SMI_EcIsSupport@@YAKXZ
?SMI_EcRead@@YA_N_NPAKPAE@Z
?SMI_EcWrite@@YAHXZ
?SMI_EcWriteProgressBar@@YAHEK_N@Z
?SMI_ExtraDataCommunication@@YA_NPAHHPAK@Z
?SMI_ExtraDataWrite@@YA_NEK_NKH@Z
?SMI_FlashBeforeConfirm@@YA_NXZ
?SMI_FlashByBiosCheck@@YA_NPAUSBiosDecideInformation@@PAEKAAUSBiosDecideFlashOutput@@@Z
?SMI_FlashComplete@@YA_NXZ
?SMI_GetFlashPartInfo@@YA_NPAKKK@Z
?SMI_GetPlatformInfo@@YA_NAAUSPlatformInfo@@@Z
?SMI_GetPlatformProtectMap@@YA_NPA_N@Z
?SMI_GetPlatformRomMap@@YA_N_N0PAK1PAUSBvdtMapTable@@@Z
?SMI_GetSpecialBoardType@@YAEKAA_N@Z
?SMI_IsSupport@@YAHPAD0PAHPAE@Z
?SMI_OemOdmCustom2@@YA_NE@Z
?SMI_OemSecureFlash@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_NPAUSOemFlashOutput@@@Z
?SMI_PassPlatformIniSettings@@YA_NXZ
?SMI_PfatDataCommunication@@YA_NK@Z
?SMI_PfatDataGetResult@@YA_NAA_K@Z
?SMI_PfatDataWrite@@YA_NEPAEKE@Z
?SMI_SecureCapsuleFlash@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAE@Z
?SMI_SkipModelCheckVerify@@YA_NXZ
?SMI_VariableErase@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?SMI_VariableRead@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@000@Z
?SMI_VariableRead@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0PAEPAK@Z
?SMI_VariableWrite@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0000@Z
?SMI_VariableWrite@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAEK@Z
?SMI_WriteFv@@YAHPAK@Z
?SMI_WriteHdcpKey@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SMI_WriteRom@@YAHPAK_N@Z
?SearchRbuHdr@@YA_NPAEPAK1@Z
?SetConsoleParameterTable@@YAXPAUSConsoleParam@@PAUSFunctionSwitch@@@Z
?SetEcImageSize@@YAXK@Z
?SetFlashINISettings@@YA_NXZ
?SetFlashUIWnd@@YAXPAVCWnd@@@Z
?SetInitialString@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@00@Z
?SetLastErrorCode@@YAXK@Z
?SetLastErrorMessage@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetLastSMIReturnCode@@YAXE@Z
?SetMessageBoxParentWindowHandle@@YAXPAUHWND__@@@Z
?SetOemSecurePlatform@@YAXXZ
?SetPfatImage@@YAX_N@Z
?SetSecurePlatform@@YAX_N@Z
?SetVendorId@@YAXG@Z
?ShowIHISIVersion@@YAXPADV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H_N@Z
?Str2Hex@@YAKPAD@Z
?Str2Hex@@YAKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ValidateBIOSVersion@@YAHV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@2@@Z
?VerifyRbuImage@@YA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?VerifyRomFilePath@@YA_NAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?VersionToInt@@YA_NPADHPAH_N@Z
?VirtualToPhyAddress@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?WriteCMOS@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?WriteExtendCMOS@@YAXV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 248.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/iscflash.sys
.sys windows:5 windows x86 arch:x86

cd166189bb407d79126867eadd1f5ed8

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:88:ba:b0:0d:58:f2:fe:94:7f:a9:23:92:5a:ce:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/12/2009, 00:00

Not After

28/12/2012, 23:59

Subject

CN=Insyde Software Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Insyde Software Corp.,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:d5:ef:75:e8:78:d6:d7:68:8e:9f:b5:bb:5b:df:39:aa:c0:08:5d
Signer

Actual PE Digest

b5:d5:ef:75:e8:78:d6:d7:68:8e:9f:b5:bb:5b:df:39:aa:c0:08:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmFreeContiguousMemorySpecifyCache
MmGetPhysicalAddress
MmAllocateContiguousMemorySpecifyCache
MmUnmapIoSpace
MmMapIoSpace
ExFreePoolWithTag
RtlCompareMemory
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
WRITE_REGISTER_BUFFER_UCHAR
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
RtlQueryRegistryValues
ZwCreateFile
ZwClose
ZwWriteFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
KeTickCount
KeBugCheckEx
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
READ_REGISTER_BUFFER_UCHAR
_vsnprintf

hal

READ_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_ULONG
KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

init
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 301B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/iscflashx64.sys
.sys windows:5 windows x64 arch:x64

31a3c2c72c9a565dc4ba75ef26677569

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:88:ba:b0:0d:58:f2:fe:94:7f:a9:23:92:5a:ce:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/12/2009, 00:00

Not After

28/12/2012, 23:59

Subject

CN=Insyde Software Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Insyde Software Corp.,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:f7:db:af:f6:61:39:92:2c:fb:19:23:df:b7:79:4e:b8:9b:d3:ab
Signer

Actual PE Digest

52:f7:db:af:f6:61:39:92:2c:fb:19:23:df:b7:79:4e:b8:9b:d3:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_vsnprintf
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
MmFreeContiguousMemorySpecifyCache
MmGetPhysicalAddress
MmAllocateContiguousMemorySpecifyCache
MmUnmapIoSpace
MmMapIoSpace
ExFreePoolWithTag
RtlCompareMemory
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
MmMapLockedPagesSpecifyCache
RtlQueryRegistryValues
ZwCreateFile
ZwClose
ZwWriteFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeBugCheckEx

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

init
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/libxml2.dll
.dll windows:4 windows x86 arch:x86

1491d389848a4ecd93d4f1ad9e4afeb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSACleanup
inet_ntoa
__WSAFDIsSet
getsockopt
WSAGetLastError
WSAStartup
getsockname
bind
listen
gethostbyname
htons
socket
connect
send
select
recv
closesocket

iconv

libiconv
libiconv_open
libiconv_close

zlib1

inflateEnd
inflateInit2_
inflate
gzopen
gzdopen
gzread
gzwrite
gzclose
deflateEnd
crc32
deflateInit2_
deflate
gzdirect

kernel32

TlsGetValue
WaitForSingleObject
CloseHandle
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
GetCurrentThreadId
TlsFree
Sleep
TlsAlloc
InterlockedIncrement
TlsSetValue
MultiByteToWideChar
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersionExA
ReleaseMutex

msvcrt

_read
_close
_open
_adjust_fdiv
_initterm
_CIfmod
_CIpow
_write
_dup
_vsnprintf
fprintf
getenv
strncpy
_snprintf
_iob
fputc
fclose
fopen
sscanf
free
toupper
memmove
_errno
vfprintf
_getcwd
realloc
malloc
strchr
strncmp
strtol
fwrite
_wfopen
_wopen
strstr
_stat
_wstat
fread
fflush
printf
floor
_isnan
_fpclass

Exports

Exports

UTF8ToHtml
UTF8Toisolat1
__docbDefaultSAXHandler
__htmlDefaultSAXHandler
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXHandler
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlErrEncoding
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLastError
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlOutputBufferCreateFilenameValue
__xmlParserDebugEntities
__xmlParserInputBufferCreateFilenameValue
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRaiseError
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSimpleError
__xmlStructuredError
__xmlStructuredErrorContext
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
attribute
attributeDecl
cdataBlock
characters
checkNamespace
comment
docbCreateFileParserCtxt
docbCreatePushParserCtxt
docbDefaultSAXHandlerInit
docbEncodeEntities
docbFreeParserCtxt
docbParseChunk
docbParseDoc
docbParseDocument
docbParseFile
docbSAXParseDoc
docbSAXParseFile
elementDecl
emptyExp
endDocument
endElement
entityDecl
externalSubset
forbiddenExp
getColumnNumber
getEntity
getLineNumber
getNamespace
getParameterEntity
getPublicId
getSystemId
globalNamespace
hasExternalSubset
hasInternalSubset
htmlAttrAllowed
htmlAutoCloseTag
htmlCreateFileParserCtxt
htmlCreateMemoryParserCtxt
htmlCreatePushParserCtxt
htmlCtxtReadDoc
htmlCtxtReadFd
htmlCtxtReadFile
htmlCtxtReadIO
htmlCtxtReadMemory
htmlCtxtReset
htmlCtxtUseOptions
htmlDefaultSAXHandlerInit
htmlDocContentDumpFormatOutput
htmlDocContentDumpOutput
htmlDocDump
htmlDocDumpMemory
htmlDocDumpMemoryFormat
htmlElementAllowedHere
htmlElementStatusHere
htmlEncodeEntities
htmlEntityLookup
htmlEntityValueLookup
htmlFreeParserCtxt
htmlGetMetaEncoding
htmlHandleOmittedElem
htmlInitAutoClose
htmlIsAutoClosed
htmlIsBooleanAttr
htmlIsScriptAttribute
htmlNewDoc
htmlNewDocNoDtD
htmlNewParserCtxt
htmlNodeDump
htmlNodeDumpFile
htmlNodeDumpFileFormat
htmlNodeDumpFormatOutput
htmlNodeDumpOutput
htmlNodeStatus
htmlParseCharRef
htmlParseChunk
htmlParseDoc
htmlParseDocument
htmlParseElement
htmlParseEntityRef
htmlParseFile
htmlReadDoc
htmlReadFd
htmlReadFile
htmlReadIO
htmlReadMemory
htmlSAXParseDoc
htmlSAXParseFile
htmlSaveFile
htmlSaveFileEnc
htmlSaveFileFormat
htmlSetMetaEncoding
htmlTagLookup
ignorableWhitespace
initGenericErrorDefaultFunc
initdocbDefaultSAXHandler
inithtmlDefaultSAXHandler
initxmlDefaultSAXHandler
inputPop
inputPush
internalSubset
isStandalone
isolat1ToUTF8
namePop
namePush
namespaceDecl
nodePop
nodePush
notationDecl
processingInstruction
reference
resolveEntity
setDocumentLocator
setNamespace
startDocument
startElement
unparsedEntityDecl
valuePop
valuePush
xlinkGetDefaultDetect
xlinkGetDefaultHandler
xlinkIsLink
xlinkSetDefaultDetect
xlinkSetDefaultHandler
xmlACatalogAdd
xmlACatalogDump
xmlACatalogRemove
xmlACatalogResolve
xmlACatalogResolvePublic
xmlACatalogResolveSystem
xmlACatalogResolveURI
xmlAddAttributeDecl
xmlAddChild
xmlAddChildList
xmlAddDocEntity
xmlAddDtdEntity
xmlAddElementDecl
xmlAddEncodingAlias
xmlAddID
xmlAddNextSibling
xmlAddNotationDecl
xmlAddPrevSibling
xmlAddRef
xmlAddSibling
xmlAllocOutputBuffer
xmlAllocParserInputBuffer
xmlAttrSerializeTxtContent
xmlAutomataCompile
xmlAutomataGetInitState
xmlAutomataIsDeterminist
xmlAutomataNewAllTrans
xmlAutomataNewCountTrans
xmlAutomataNewCountTrans2
xmlAutomataNewCountedTrans
xmlAutomataNewCounter
xmlAutomataNewCounterTrans
xmlAutomataNewEpsilon
xmlAutomataNewNegTrans
xmlAutomataNewOnceTrans
xmlAutomataNewOnceTrans2
xmlAutomataNewState
xmlAutomataNewTransition
xmlAutomataNewTransition2
xmlAutomataSetFinalState
xmlBoolToText
xmlBufferAdd
xmlBufferAddHead
xmlBufferCCat
xmlBufferCat
xmlBufferContent
xmlBufferCreate
xmlBufferCreateSize
xmlBufferCreateStatic
xmlBufferDump
xmlBufferEmpty
xmlBufferFree
xmlBufferGrow
xmlBufferLength
xmlBufferResize
xmlBufferSetAllocationScheme
xmlBufferShrink
xmlBufferWriteCHAR
xmlBufferWriteChar
xmlBufferWriteQuotedString
xmlBuildQName
xmlBuildRelativeURI
xmlBuildURI
xmlByteConsumed
xmlC14NDocDumpMemory
xmlC14NDocSave
xmlC14NDocSaveTo
xmlC14NExecute
xmlCanonicPath
xmlCatalogAdd
xmlCatalogAddLocal
xmlCatalogCleanup
xmlCatalogConvert
xmlCatalogDump
xmlCatalogFreeLocal
xmlCatalogGetDefaults
xmlCatalogGetPublic
xmlCatalogGetSystem
xmlCatalogIsEmpty
xmlCatalogLocalResolve
xmlCatalogLocalResolveURI
xmlCatalogRemove
xmlCatalogResolve
xmlCatalogResolvePublic
xmlCatalogResolveSystem
xmlCatalogResolveURI
xmlCatalogSetDebug
xmlCatalogSetDefaultPrefer
xmlCatalogSetDefaults
xmlCharEncCloseFunc
xmlCharEncFirstLine
xmlCharEncInFunc
xmlCharEncOutFunc
xmlCharInRange
xmlCharStrdup
xmlCharStrndup
xmlCheckFilename
xmlCheckHTTPInput
xmlCheckLanguageID
xmlCheckUTF8
xmlCheckVersion
xmlChildElementCount
xmlCleanupCharEncodingHandlers
xmlCleanupEncodingAliases
xmlCleanupGlobals
xmlCleanupInputCallbacks
xmlCleanupMemory
xmlCleanupOutputCallbacks
xmlCleanupParser
xmlCleanupPredefinedEntities
xmlCleanupThreads
xmlClearNodeInfoSeq
xmlClearParserCtxt
xmlConvertSGMLCatalog
xmlCopyAttributeTable
xmlCopyChar
xmlCopyCharMultiByte
xmlCopyDoc
xmlCopyDocElementContent
xmlCopyDtd
xmlCopyElementContent
xmlCopyElementTable
xmlCopyEntitiesTable
xmlCopyEnumeration
xmlCopyError
xmlCopyNamespace
xmlCopyNamespaceList
xmlCopyNode
xmlCopyNodeList
xmlCopyNotationTable
xmlCopyProp
xmlCopyPropList
xmlCreateDocParserCtxt
xmlCreateEntitiesTable
xmlCreateEntityParserCtxt
xmlCreateEnumeration
xmlCreateFileParserCtxt
xmlCreateIOParserCtxt
xmlCreateIntSubset
xmlCreateMemoryParserCtxt
xmlCreatePushParserCtxt
xmlCreateURI
xmlCreateURLParserCtxt
xmlCtxtGetLastError
xmlCtxtReadDoc
xmlCtxtReadFd
xmlCtxtReadFile
xmlCtxtReadIO
xmlCtxtReadMemory
xmlCtxtReset
xmlCtxtResetLastError
xmlCtxtResetPush
xmlCtxtUseOptions
xmlCurrentChar
xmlDOMWrapAdoptNode
xmlDOMWrapCloneNode
xmlDOMWrapFreeCtxt
xmlDOMWrapNewCtxt
xmlDOMWrapReconcileNamespaces
xmlDOMWrapRemoveNode
xmlDebugCheckDocument
xmlDebugDumpAttr
xmlDebugDumpAttrList
xmlDebugDumpDTD
xmlDebugDumpDocument
xmlDebugDumpDocumentHead
xmlDebugDumpEntities
xmlDebugDumpNode
xmlDebugDumpNodeList
xmlDebugDumpOneNode
xmlDebugDumpString
xmlDecodeEntities
xmlDefaultSAXHandlerInit
xmlDelEncodingAlias
xmlDeregisterNodeDefault
xmlDetectCharEncoding
xmlDictCleanup
xmlDictCreate
xmlDictCreateSub
xmlDictExists
xmlDictFree
xmlDictLookup
xmlDictOwns
xmlDictQLookup
xmlDictReference
xmlDictSize
xmlDocCopyNode
xmlDocCopyNodeList
xmlDocDump
xmlDocDumpFormatMemory
xmlDocDumpFormatMemoryEnc
xmlDocDumpMemory
xmlDocDumpMemoryEnc
xmlDocFormatDump
xmlDocGetRootElement
xmlDocSetRootElement
xmlDumpAttributeDecl
xmlDumpAttributeTable
xmlDumpElementDecl
xmlDumpElementTable
xmlDumpEntitiesTable
xmlDumpEntityDecl
xmlDumpNotationDecl
xmlDumpNotationTable
xmlElemDump
xmlEncodeEntities
xmlEncodeEntitiesReentrant
xmlEncodeSpecialChars
xmlErrMemory
xmlExpCtxtNbCons
xmlExpCtxtNbNodes
xmlExpDump
xmlExpExpDerive
xmlExpFree
xmlExpFreeCtxt
xmlExpGetLanguage
xmlExpGetStart
xmlExpIsNillable
xmlExpMaxToken
xmlExpNewAtom
xmlExpNewCtxt
xmlExpNewOr
xmlExpNewRange
xmlExpNewSeq
xmlExpParse
xmlExpRef
xmlExpStringDerive
xmlExpSubsume
xmlFileClose
xmlFileMatch
xmlFileOpen
xmlFileRead
xmlFindCharEncodingHandler
xmlFirstElementChild
xmlFree
xmlFreeAttributeTable
xmlFreeAutomata
xmlFreeCatalog
xmlFreeDoc
xmlFreeDocElementContent
xmlFreeDtd
xmlFreeElementContent
xmlFreeElementTable
xmlFreeEntitiesTable
xmlFreeEnumeration
xmlFreeIDTable
xmlFreeInputStream
xmlFreeMutex
xmlFreeNode
xmlFreeNodeList
xmlFreeNotationTable
xmlFreeNs
xmlFreeNsList
xmlFreeParserCtxt
xmlFreeParserInputBuffer
xmlFreePattern
xmlFreePatternList
xmlFreeProp
xmlFreePropList
xmlFreeRMutex
xmlFreeRefTable
xmlFreeStreamCtxt
xmlFreeTextReader
xmlFreeTextWriter
xmlFreeURI
xmlFreeValidCtxt
xmlGcMemGet
xmlGcMemSetup
xmlGetBufferAllocationScheme
xmlGetCharEncodingHandler
xmlGetCharEncodingName
xmlGetCompressMode
xmlGetDocCompressMode
xmlGetDocEntity
xmlGetDtdAttrDesc
xmlGetDtdElementDesc
xmlGetDtdEntity
xmlGetDtdNotationDesc
xmlGetDtdQAttrDesc
xmlGetDtdQElementDesc
xmlGetEncodingAlias
xmlGetExternalEntityLoader
xmlGetFeature
xmlGetFeaturesList
xmlGetGlobalState
xmlGetID
xmlGetIntSubset
xmlGetLastChild
xmlGetLastError
xmlGetLineNo
xmlGetNoNsProp
xmlGetNodePath
xmlGetNsList
xmlGetNsProp
xmlGetParameterEntity
xmlGetPredefinedEntity
xmlGetProp
xmlGetRefs
xmlGetThreadId
xmlGetUTF8Char
xmlHandleEntity
xmlHasFeature
xmlHasNsProp
xmlHasProp
xmlHashAddEntry
xmlHashAddEntry2
xmlHashAddEntry3
xmlHashCopy
xmlHashCreate
xmlHashCreateDict
xmlHashFree
xmlHashLookup
xmlHashLookup2
xmlHashLookup3
xmlHashQLookup
xmlHashQLookup2
xmlHashQLookup3
xmlHashRemoveEntry
xmlHashRemoveEntry2
xmlHashRemoveEntry3
xmlHashScan
xmlHashScan3
xmlHashScanFull
xmlHashScanFull3
xmlHashSize
xmlHashUpdateEntry
xmlHashUpdateEntry2
xmlHashUpdateEntry3
xmlIOFTPClose
xmlIOFTPMatch
xmlIOFTPOpen
xmlIOFTPRead
xmlIOHTTPClose
xmlIOHTTPMatch
xmlIOHTTPOpen
xmlIOHTTPOpenW
xmlIOHTTPRead
xmlIOParseDTD
xmlInitCharEncodingHandlers
xmlInitGlobals
xmlInitMemory
xmlInitNodeInfoSeq
xmlInitParser
xmlInitParserCtxt

Sections

.text
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/libxslt.dll
.dll windows:4 windows x86 arch:x86

c19fec70edfa72aed5036a975741dd7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libxml2

xmlHashScanFull
xmlAddID
xmlIsID
xmlStringTextNoenc
xmlNewText
xmlSetNsProp
xmlStrdup
xmlHasNsProp
xmlSearchNs
xmlStrncasecmp
xmlValidateQName
xmlFreeDoc
xmlParseDocument
xmlParserGetDirectory
inputPush
xmlFreeParserCtxt
xmlLoadExternalEntity
xmlCtxtUseOptions
xmlDictReference
xmlDictFree
xmlNewParserCtxt
xmlXPathOrderDocElems
xmlDocGetRootElement
xmlXIncludeProcessFlags
xmlXPathRegisterFuncNS
xmlHashAddEntry
xmlMutexUnlock
xmlHashLookup
xmlMutexLock
xmlHashScan
xmlHashRemoveEntry
xmlHashRemoveEntry2
xmlAddChild
xmlNewComment
xmlNewMutex
xmlFreeMutex
xmlXPathDebugDumpObject
xmlXPathFreeObject
xmlXPathFreeContext
xmlXPtrEval
xmlXPtrNewContext
xmlFreeURI
xmlSaveUri
xmlParseURI
valuePush
xmlXPathNewNodeSet
xmlBuildURI
xmlNodeGetBase
xmlXPathNodeSetMerge
xmlXPathObjectCopy
xmlXPathStringFunction
valuePop
xmlXPathWrapNodeSet
xmlXPathNsLookup
xmlSplitQName2
xmlXPathNewString
xmlGetDocEntity
xmlXPathConvertString
xmlXPathNumberFunction
xmlXPathErr
xmlXPathNewCString
xmlXPathCmpNodes
xmlStrstr
xmlXPathNewBoolean
xmlXPathFunctionLookupNS
xmlXPathRegisterFunc
xmlXPathFreeCompExpr
xmlXPathFreeNodeSet
xmlStrncat
xmlStrcat
xmlGetNsList
xmlXPathNodeSetAdd
xmlXPathNodeSetCreate
xmlXPathCastToString
xmlXPathCastNodeToString
xmlXPathCompiledEval
xmlSearchNsByHref
xmlNewNs
xmlStrncmp
xmlBufferCat
xmlCopyCharMultiByte
xmlBufferCCat
xmlIsDigitGroup
xmlCharInRange
xmlIsBaseCharGroup
xmlStrndup
xmlStringCurrentChar
xmlXPathIsNaN
xmlXPathIsInf
xmlXPathFreeParserContext
xmlXPathNextAncestor
xmlXPathNextPrecedingSibling
xmlXPathNewParserContext
xmlHashFree
xmlXPathEvalExpression
xmlBufferContent
xmlBufferCreate
xmlBufferAdd
xmlUTF8Strpos
xmlUTF8Strloc
xmlStrlen
xmlXPathCtxtCompile
xmlXPathNewContext
xmlRealloc
xmlXPathEval
xmlGetID
xmlIsExtenderGroup
xmlIsCombiningGroup
xmlXPathIsNodeType
xmlHashUpdateEntry3
xmlHashLookup3
xmlHashAddEntry3
xmlCreateURI
xmlXPathEvalPredicate
xmlFreeNode
xmlNodeGetContent
xmlNewDocNode
xmlXPathCompile
xmlStrchr
xmlNewNsProp
xmlFreeNodeList
xmlNewDocProp
__xmlGenericErrorContext
__xmlGenericError
xmlNodeAddContent
xmlStringText
xmlNewTextLen
xmlNewCDataBlock
xmlDictOwns
xmlNodeListGetString
xmlDocCopyNode
xmlNewDocText
xmlNewDocPI
xmlStrcasecmp
xmlUnlinkNode
xmlCreateIntSubset
xmlIsBlankNode
xmlDictQLookup
xmlNewDoc
htmlNewDoc
htmlNewDocNoDtD
xmlURIEscapeStr
xmlNewDocNodeEatName
xmlXPathCompiledEvalToBoolean
xmlXPathNodeSetAddUnique
xmlXPathRegisterFuncLookup
xmlXPathRegisterVariableLookup
xmlXPathContextSetCache
xmlXPathInit
xmlDictCreateSub
xmlFreeDtd
xmlGetIntSubset
xmlFreeRefTable
xmlFreeIDTable
xmlXPathNewValueTree
xmlNewRMutex
xmlNodeGetSpacePreserve
xmlNodeSetContent
xmlHashUpdateEntry
xmlAddPrevSibling
xmlValidateNCName
xmlXPathStringEvalNumber
xmlDictCreate
xmlStrcmp
xmlRMutexUnlock
xmlRMutexLock
xmlGetDtdAttrDesc
xmlGetProp
xmlGetLineNo
xmlXPathConvertNumber
xmlNodeDumpOutput
xmlGetCharEncodingName
xmlBufferWriteQuotedString
xmlOutputBufferWriteString
htmlDocContentDumpOutput
xmlOutputBufferFlush
htmlDocContentDumpFormatOutput
htmlSetMetaEncoding
xmlOutputBufferClose
xmlFindCharEncodingHandler
xmlOutputBufferCreateFilename
xmlOutputBufferCreateFile
xmlOutputBufferCreateFd
xmlAllocOutputBuffer
xmlSetProp
xmlNewChild
xmlDocSetRootElement
xmlHashAddEntry2
xmlGetNsProp
xmlHashCreate
xmlHashLookup2
xmlStrEqual
xmlHashUpdateEntry2
xmlDictLookup
xmlFree
xmlBufferFree
xmlMalloc

msvcrt

vfprintf
_vsnprintf
free
_initterm
_adjust_fdiv
malloc
strncmp
_mkdir
sscanf
_CIpow
floor
_CIfmod
_snprintf
sprintf
_iob
fprintf
_stat

kernel32

GetFileAttributesA
CompareStringW
GetLocaleInfoA
EnumSystemLocalesA
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
MultiByteToWideChar

Exports

Exports

xslAddCall
xslDebugStatus
xslDropCall
xslHandleDebugger
xsltAddKey
xsltAddStackElemList
xsltAddTemplate
xsltAllocateExtra
xsltAllocateExtraCtxt
xsltApplyAttributeSet
xsltApplyImports
xsltApplyOneTemplate
xsltApplyStripSpaces
xsltApplyStylesheet
xsltApplyStylesheetUser
xsltApplyTemplates
xsltAttrListTemplateProcess
xsltAttrTemplateProcess
xsltAttrTemplateValueProcess
xsltAttrTemplateValueProcessNode
xsltAttribute
xsltCalibrateAdjust
xsltCallTemplate
xsltCheckExtPrefix
xsltCheckExtURI
xsltCheckRead
xsltCheckWrite
xsltChoose
xsltCleanupGlobals
xsltCleanupTemplates
xsltComment
xsltCompileAttr
xsltCompilePattern
xsltComputeSortResult
xsltCopy
xsltCopyNamespace
xsltCopyNamespaceList
xsltCopyOf
xsltCopyTextString
xsltCreateRVT
xsltDebug
xsltDebugDumpExtensions
xsltDebugGetDefaultTrace
xsltDebugSetDefaultTrace
xsltDecimalFormatGetByName
xsltDefaultSortFunction
xsltDoSortFunction
xsltDocDefaultLoader
xsltDocumentComp
xsltDocumentElem
xsltDocumentFunction
xsltDocumentSortFunction
xsltElement
xsltElementAvailableFunction
xsltEngineVersion
xsltEvalAVT
xsltEvalAttrValueTemplate
xsltEvalGlobalVariables
xsltEvalOneUserParam
xsltEvalStaticAttrValueTemplate
xsltEvalTemplateString
xsltEvalUserParams
xsltEvalXPathPredicate
xsltEvalXPathString
xsltEvalXPathStringNs
xsltExtElementLookup
xsltExtModuleElementLookup
xsltExtModuleElementPreComputeLookup
xsltExtModuleFunctionLookup
xsltExtModuleTopLevelLookup
xsltExtensionInstructionResultFinalize
xsltExtensionInstructionResultRegister
xsltFindDocument
xsltFindElemSpaceHandling
xsltFindTemplate
xsltForEach
xsltFormatNumberConversion
xsltFormatNumberFunction
xsltFreeAVTList
xsltFreeAttributeSetsHashes
xsltFreeCompMatchList
xsltFreeCtxtExts
xsltFreeDocumentKeys
xsltFreeDocuments
xsltFreeExts
xsltFreeGlobalVariables
xsltFreeKeys
xsltFreeNamespaceAliasHashes
xsltFreeRVTs
xsltFreeSecurityPrefs
xsltFreeStackElemList
xsltFreeStyleDocuments
xsltFreeStylePreComps
xsltFreeStylesheet
xsltFreeTemplateHashes
xsltFreeTransformContext
xsltFunctionAvailableFunction
xsltFunctionNodeSet
xsltGenerateIdFunction
xsltGenericDebug
xsltGenericDebugContext
xsltGenericError
xsltGenericErrorContext
xsltGetCNsProp
xsltGetDebuggerStatus
xsltGetDefaultSecurityPrefs
xsltGetExtData
xsltGetExtInfo
xsltGetKey
xsltGetNamespace
xsltGetNsProp
xsltGetPlainNamespace
xsltGetProfileInformation
xsltGetQNameURI
xsltGetQNameURI2
xsltGetSecurityPrefs
xsltGetSpecialNamespace
xsltGetTemplate
xsltGetUTF8Char
xsltGetXIncludeDefault
xsltIf
xsltInit
xsltInitAllDocKeys
xsltInitCtxtExts
xsltInitCtxtKey
xsltInitCtxtKeys
xsltInitElemPreComp
xsltInitGlobals
xsltIsBlank
xsltKeyFunction
xsltLibxmlVersion
xsltLibxsltVersion
xsltLoadDocument
xsltLoadStyleDocument
xsltLoadStylesheetPI
xsltLocalVariablePop
xsltLocalVariablePush
xsltMaxDepth
xsltMessage
xsltNamespaceAlias
xsltNeedElemSpaceHandling
xsltNewDocument
xsltNewElemPreComp
xsltNewSecurityPrefs
xsltNewStyleDocument
xsltNewStylesheet
xsltNewTransformContext
xsltNextImport
xsltNormalizeCompSteps
xsltNumber
xsltNumberFormat
xsltParseGlobalParam
xsltParseGlobalVariable
xsltParseStylesheetAttributeSet
xsltParseStylesheetCallerParam
xsltParseStylesheetDoc
xsltParseStylesheetFile
xsltParseStylesheetImport
xsltParseStylesheetImportedDoc
xsltParseStylesheetInclude
xsltParseStylesheetOutput
xsltParseStylesheetParam
xsltParseStylesheetProcess
xsltParseStylesheetVariable
xsltParseTemplateContent
xsltPreComputeExtModuleElement
xsltPrintErrorContext
xsltProcessOneNode
xsltProcessingInstruction
xsltProfileStylesheet
xsltQuoteOneUserParam
xsltQuoteUserParams
xsltRegisterAllElement
xsltRegisterAllExtras
xsltRegisterAllFunctions
xsltRegisterExtElement
xsltRegisterExtFunction
xsltRegisterExtModule
xsltRegisterExtModuleElement
xsltRegisterExtModuleFull
xsltRegisterExtModuleFunction
xsltRegisterExtModuleTopLevel
xsltRegisterExtPrefix
xsltRegisterExtras
xsltRegisterLocalRVT
xsltRegisterPersistRVT
xsltRegisterTestModule
xsltRegisterTmpRVT
xsltReleaseRVT
xsltResolveStylesheetAttributeSet
xsltRunStylesheet
xsltRunStylesheetUser
xsltSaveProfiling
xsltSaveResultTo
xsltSaveResultToFd
xsltSaveResultToFile
xsltSaveResultToFilename
xsltSaveResultToString
xsltSecurityAllow
xsltSecurityForbid
xsltSetCtxtParseOptions
xsltSetCtxtSecurityPrefs
xsltSetCtxtSortFunc
xsltSetDebuggerCallbacks
xsltSetDebuggerStatus
xsltSetDefaultSecurityPrefs
xsltSetGenericDebugFunc
xsltSetGenericErrorFunc
xsltSetLoaderFunc
xsltSetSecurityPrefs
xsltSetSortFunc
xsltSetTransformErrorFunc
xsltSetXIncludeDefault
xsltShutdownCtxtExts
xsltShutdownExts
xsltSort
xsltSplitQName
xsltStyleGetExtData
xsltStylePreCompute
xsltSystemPropertyFunction
xsltTemplateProcess
xsltTestCompMatchList
xsltText
xsltTimestamp
xsltTransformError
xsltUninit
xsltUnparsedEntityURIFunction
xsltUnregisterExtModule
xsltUnregisterExtModuleElement
xsltUnregisterExtModuleFunction
xsltUnregisterExtModuleTopLevel
xsltValueOf
xsltVariableLookup
xsltXPathCompile
xsltXPathFunctionLookup
xsltXPathGetTransformContext
xsltXPathVariableLookup

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/pcre.dll
.dll windows:5 windows x86 arch:x86

027a3f89e0794f9e384f6a142ad1b43a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr90

isupper
islower
toupper
tolower
memset
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
isdigit
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
isalnum
isspace
isxdigit
isgraph
isprint
ispunct
iscntrl
strchr
isalpha
free
malloc
memmove
strncmp
_initterm_e
memcpy

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

pcre_assign_jit_stack
pcre_callout
pcre_compile
pcre_compile2
pcre_config
pcre_copy_named_substring
pcre_copy_substring
pcre_dfa_exec
pcre_exec
pcre_free
pcre_free_study
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_named_substring
pcre_get_stringnumber
pcre_get_stringtable_entries
pcre_get_substring
pcre_get_substring_list
pcre_jit_stack_alloc
pcre_jit_stack_free
pcre_maketables
pcre_malloc
pcre_pattern_to_host_byte_order
pcre_refcount
pcre_stack_free
pcre_stack_malloc
pcre_study
pcre_version

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InsydeH2OEZE_x86_WIN_100.00.02.10/setup.css
InsydeH2OEZE_x86_WIN_100.00.02.10/setup.xslt
.xml
InsydeH2OEZE_x86_WIN_100.00.02.10/zlib1.dll
.dll windows:4 windows x86 arch:x86

9bf8c9ea52f2f2dcae9feb70c8257ba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strerror
_errno
memchr
_vsnprintf
_initterm
sprintf
free
_adjust_fdiv
malloc
_lseek
_open
_read
_close
_write

kernel32

Sleep
DisableThreadLibraryCalls

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69fa811568ed1947283c177e0ec479f7

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

libxml2

libxslt

iscflash

pcre

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 391KB - Virtual size: 390KB

.data Size: 27KB - Virtual size: 83KB

.rsrc Size: 302KB - Virtual size: 302KB

806e1662896730d7138e2bad5784393f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

msvcr90

Exports

Exports

Sections

.text Size: 336KB - Virtual size: 336KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 15KB - Virtual size: 37KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 23KB

255223b02d156bf09758dcfe5c685871

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 15KB

.idata Size: 4KB - Virtual size: 1KB

7c6cc2e1fff41788e4f673e3910d9494

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 9KB - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 2KB

7c6cc2e1fff41788e4f673e3910d9494

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 9KB - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 2KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 391KB - Virtual size: 390KB

.data
Size: 27KB - Virtual size: 83KB

.rsrc
Size: 302KB - Virtual size: 302KB

.text
Size: 336KB - Virtual size: 336KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 15KB - Virtual size: 37KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 15KB

.idata
Size: 4KB - Virtual size: 1KB

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 9KB - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 2KB

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 9KB - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 2KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 800KB - Virtual size: 799KB

.data
Size: 4KB - Virtual size: 344B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 8KB - Virtual size: 248.1MB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 225KB - Virtual size: 225KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6d:88:ba:b0:0d:58:f2:fe:94:7f:a9:23:92:5a:ce:f4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate