097b9455fd54ef3784995040870a96b7

Sharing

Copy URL Twitter E-mail

General

Target

097b9455fd54ef3784995040870a96b7
Size

7.5MB
MD5

097b9455fd54ef3784995040870a96b7
SHA1

a5f3306346eb582fc38b42a79bb3ce7e2b09a69e
SHA256

8ef1c7e88b0d1158f65b96b76720df53af955c1e356c5c60556a6d25cb9a7921
SHA512

82e0edb55ff790188e0e1032a1ebff9999e2a30bb429ff1b4b804d5aa16e64c1fbd6a9f63db1aaa0a6f1447f283500db58376913c7e846dc9c11e9919a562a10
SSDEEP

196608:fQBe0+zxHg6yNATJYlTHvzoLtrf+Bmb/e2AAvdNLRuoMJ:fQB7+dAXAGlvoLZSBjAFBMJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/DIYDiyTool 2009 V4/sys/everest/everest.exe	upx
static1/unpack001/DIYDiyTool 2009 V4/sys/everest/everest_start.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DIYDiyTool 2009 V4/DiyTool.exe
unpack001/DIYDiyTool 2009 V4/sys/BatteryMon/BatteryMon.exe
unpack001/DIYDiyTool 2009 V4/sys/CD/CDSpeed.exe
unpack001/DIYDiyTool 2009 V4/sys/Cpu-Z/cpuz.exe
unpack001/DIYDiyTool 2009 V4/sys/CrystalCPUID/CrystalCPUID.exe
unpack001/DIYDiyTool 2009 V4/sys/Fritz Chess Benchmark/Fritz Chess Benchmark.exe
unpack001/DIYDiyTool 2009 V4/sys/GPU-Z/GPU-Z.exe
unpack001/DIYDiyTool 2009 V4/sys/HDTune/HDTune.exe
unpack001/DIYDiyTool 2009 V4/sys/MemTest/MemTest.exe
unpack001/DIYDiyTool 2009 V4/sys/OCCT/OCCT.exe
unpack001/DIYDiyTool 2009 V4/sys/OCCT/bin/CUDAMemTest/CUDAMemTest.exe
unpack001/DIYDiyTool 2009 V4/sys/everest/everest_start.exe
unpack003/out.upx

Files

097b9455fd54ef3784995040870a96b7
.rar
DIYDiyTool 2009 V4/DiyTool.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 197KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DIYDiyTool 2009 V4/sys/BatteryMon/BatteryMon.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/CD/CDSpeed.exe
.exe windows:4 windows x86 arch:x86

9198ce9797fc20d0836d87aaa032f147

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetFileTime
GetCurrentDirectoryA
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
TlsFree
CreateThread
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadCodePtr
GetLocaleInfoW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
FindResourceExA
ReleaseMutex
CreateMutexA
WritePrivateProfileStringA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
SetLastError
VirtualProtect
LocalAlloc
FreeResource
GetSystemDefaultLangID
lstrcatA
WinExec
GetFileAttributesA
GetWindowsDirectoryA
lstrcpyA
IsBadReadPtr
FormatMessageA
LocalFree
LeaveCriticalSection
EnterCriticalSection
SetThreadLocale
lstrcpynA
SetProcessWorkingSetSize
VirtualLock
CompareStringW
CompareStringA
lstrlenA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
GetLocalTime
GetModuleFileNameA
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
GetFileSize
ReadFile
SetFilePointer
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
GetSystemDirectoryA
QueryDosDeviceA
CreateEventA
ResetEvent
WaitForSingleObject
lstrcmpiA
GetModuleHandleA
GetProcAddress
GetLastError
GetLogicalDrives
GetDriveTypeA
DeviceIoControl
CreateFileA
CloseHandle
lstrlenW
GetCurrentProcess
SetPriorityClass
HeapAlloc
HeapFree
Sleep
GlobalSize
GlobalReAlloc
GlobalFree
LoadLibraryA
FreeLibrary
GetTickCount
GetSystemTime
GetTempPathA
CopyFileA
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ExitThread

user32

SetWindowContextHelpId
PostQuitMessage
DestroyMenu
GetMessageA
ValidateRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
CheckMenuItem
GetMenuCheckMarkDimensions
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
RemovePropA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
IntersectRect
EndPaint
BeginPaint
UnhookWindowsHookEx
GetMenuState
GetWindowTextLengthA
MoveWindow
SendDlgItemMessageA
CheckRadioButton
ShowWindow
GetCapture
GetActiveWindow
SetActiveWindow
GetAsyncKeyState
SetFocus
GetDlgItem
SetWindowTextA
GetDesktopWindow
GetDlgCtrlID
GetWindowTextA
IsDialogMessageA
PostThreadMessageA
MapDialogRect
MessageBeep
CopyIcon
DrawFocusRect
DestroyCursor
SetRectEmpty
IsChild
PostMessageA
SystemParametersInfoA
IsWindow
DestroyWindow
SetRect
GetSysColorBrush
CopyRect
IsMenu
GetClassNameA
GetWindow
RegisterWindowMessageA
GetFocus
ScreenToClient
DrawEdge
FillRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnregisterClassA
CharUpperA
RemoveMenu
SetCursor
RedrawWindow
UpdateWindow
GetDialogBaseUnits
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
TranslateMessage
MessageBoxA
wsprintfA
DrawStateA
LoadImageA
GetKeyState
LoadCursorA
IsIconic
GetSystemMenu
GetMenu
ModifyMenuA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
EnableMenuItem
AppendMenuA
DrawIcon
LoadBitmapA
SetPropA
RegisterClipboardFormatA
ClientToScreen
ReleaseCapture
SetCapture
SetWindowLongA
GetWindowDC
CallWindowProcA
InflateRect
PtInRect
OffsetRect
GetWindowLongA
GetSystemMetrics
SetWindowPos
GetPropA
ReleaseDC
GetDC
IsRectEmpty
GetCursorPos
TrackPopupMenu
KillTimer
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
IsWindowVisible
CharNextA
SetTimer
LoadMenuA
GetSubMenu
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetSysColor
GetClientRect
LoadIconA
EnableWindow
GetParent
InvalidateRect
GetWindowRect
SendMessageA
WinHelpA
WindowFromPoint
IsWindowEnabled
GetWindowPlacement

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
SelectPalette
GetMapMode
DPtoLP
SetWindowOrgEx
EnumFontFamiliesExA
GetTextColor
GetRgnBox
CreateRectRgn
Escape
ExtTextOutA
RectVisible
PtVisible
GetCurrentObject
GetBkColor
DeleteDC
GetStockObject
MoveToEx
LineTo
Polygon
SetTextColor
SetPixel
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
GetClipBox
SetMapMode
SetTextJustification
RestoreDC
SaveDC
GetDeviceCaps
SetBkMode
GetTextExtentPoint32A
SetTextAlign
TextOutA
Rectangle
SelectObject
CreateFontIndirectA
CreateSolidBrush
Ellipse
SetBkColor
CreatePen
CreateRectRgnIndirect
GetSystemPaletteEntries
GetDIBits
GetBitmapBits
DeleteObject
BitBlt
RealizePalette
CreateCompatibleDC
CreatePalette
GetObjectA
CreateCompatibleBitmap
GetTextExtentPointA

comdlg32

ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHGetPathFromIDListA

comctl32

ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_GetBkColor
ImageList_GetImageInfo
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_Create
ImageList_AddMasked
ImageList_DrawIndirect

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathFindFileNameA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

VariantInit
SysStringLen
OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 756KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/Cpu-Z/cpuz.exe
.exe windows:4 windows x86 arch:x86

ccc0e829fe1206cd39d147ca374725d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemTime
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/CrystalCPUID/CrystalCPUID.exe
.exe windows:4 windows x86 arch:x86

bc5ce990cf54f8d435a68eb97512f73e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/Fritz Chess Benchmark/Fritz Chess Benchmark.exe
.exe windows:4 windows x86 arch:x86

3c24872422970de84c473016cd31b9f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GlobalDeleteAtom
FreeLibrary
GlobalAddAtomA
FreeResource
InterlockedDecrement
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
RaiseException
InterlockedIncrement
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
WritePrivateProfileStringA
MulDiv
GlobalFlags
SetErrorMode
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
ReadFile
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
InitializeCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
WriteFile
SetFilePointer
HeapSize
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
TerminateProcess
ExitProcess
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetLastError
TlsAlloc
IsBadWritePtr
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCommandLineA
GetStartupInfoA
RtlUnwind
VirtualQuery
VirtualAlloc
VirtualProtect
CreateThread
ResumeThread
CloseHandle
ExitThread
HeapFree
HeapAlloc
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
GlobalMemoryStatusEx
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemInfo
GetVersionExA
GetThreadPriority
GetModuleFileNameA
InterlockedExchange
GetModuleHandleA
GetCurrentThread
SetThreadAffinityMask
SetThreadPriority
Sleep
GlobalFree
GlobalAlloc
GetTickCount

user32

LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
GetWindowPlacement
GetWindowRect
PtInRect
GetWindow
GetSysColor
SystemParametersInfoA
DestroyMenu
GetMessageTime
MessageBoxA
LoadBitmapA
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
InvalidateRect
UnhookWindowsHookEx
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
EnableWindow
LoadIconA
GetSystemMetrics
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostMessageA
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetParent

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

QDATA
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/GPU-Z/GPU-Z.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

S2C!
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Fox!
Size: 390KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2008
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DIYDiyTool 2009 V4/sys/HDTune/HDTune.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 125KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.psgl
Size: 334KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DIYDiyTool 2009 V4/sys/MemTest/MemTest.exe
.exe windows:4 windows x86 arch:x86

b8caa0988f4b58aa11035f0d8ca1babd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord540
ord561
ord825
ord800
ord823
ord2621
ord4698
ord1200
ord4593
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord3922
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1146
ord1168
ord4224
ord5953
ord2863
ord2379
ord1106
ord2818
ord2642
ord3092
ord3095
ord6199
ord1948
ord5303
ord5715
ord565
ord817
ord2726
ord4226
ord4699
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1775
ord4673
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit
__dllonexit
_ftol
time
_purecall
sprintf
__CxxFrameHandler
_setmbcp
_XcptFilter

kernel32

ResumeThread
WaitForSingleObject
VirtualAlloc
VirtualFree
GetModuleHandleA
GetStartupInfoA
GlobalMemoryStatus

user32

KillTimer
GetSystemMenu
PostQuitMessage
EnableWindow
AppendMenuA
PostThreadMessageA
SetTimer
LoadIconA
SendMessageA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/NTEST2/NTEST2.EXE
DIYDiyTool 2009 V4/sys/OCCT/OCCT.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1021KB - Virtual size: 1021KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/OCCT/OCCT.ini
DIYDiyTool 2009 V4/sys/OCCT/bin/CUDAMemTest/CUDAMemTest.exe
.exe windows:4 windows x86 arch:x86

bfc2aba761373bc6833e4aa6c2e916e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cudart

cudaMemset
cudaFree
__cudaUnregisterFatBinary
cudaLaunch
cudaMemcpy
cudaSetupArgument
__cudaRegisterFunction
__cudaRegisterFatBinary
cudaThreadSynchronize
cudaConfigureCall
cudaMalloc
cudaSetDevice
cudaGetDeviceCount
cudaGetDeviceProperties

cutil32

_cutDeleteTimer@4
_cutGetTimerValue@4
_cutStopTimer@4
_cutStartTimer@4
_cutCreateTimer@4
_cutCheckCmdLineFlag@12
_cutGetCmdLineArgumenti@16

nvcuda

cuMemGetInfo
cuCtxCreate
cuDeviceGet
cuInit
cuCtxDetach

kernel32

GetStdHandle
CreateFileA
ReadFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
MultiByteToWideChar
RtlUnwind
GetOEMCP
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
Sleep
HeapAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
WriteFile
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
LoadLibraryA
InitializeCriticalSection
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nvFatBi
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/OCCT/bin/linpack/32/linpack_xeon32.exe
.exe windows:4 windows x86 arch:x86

dc396035cbaff68ca62865b1835ed884

Code Sign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16/02/2006, 18:01

Not After

19/02/2016, 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:95:25:ab:00:00:00:00:01:c8
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

28/08/2006, 17:05

Not After

27/08/2009, 17:05

Subject

CN=\ Intel(R) Software Development Products\ ,O=Intel Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:94:89:00:00:00:00:00:05
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

22/03/2006, 22:22

Not After

22/03/2012, 22:32

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:eb:40:55:1a:83:46:b6:89:1b:32:9c:b3:a0:5a:94:34:76:6b:20
Signer

Actual PE Digest

2a:eb:40:55:1a:83:46:b6:89:1b:32:9c:b3:a0:5a:94:34:76:6b:20

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
Sleep
SetThreadAffinityMask
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetStdHandle
AllocConsole
LocalFree
FormatMessageA
GetLastError
CloseHandle
VirtualQuery
SleepEx
GetExitCodeThread
SetEvent
TerminateThread
WaitForSingleObject
SetThreadPriority
GetCurrentThreadId
CreateThread
CreateEventA
DuplicateHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResetEvent
GetSystemInfo
FreeLibrary
LoadLibraryA
GetThreadLocale
WideCharToMultiByte
FormatMessageW
SetEnvironmentVariableA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetComputerNameA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetCommandLineA
GetVersionExA
HeapReAlloc
SetStdHandle
GetFileType
GetCurrentProcessId
SetConsoleCtrlHandler
SetHandleCount
GetStartupInfoA
SetFilePointer
SetLastError
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
HeapSize
InterlockedExchange
CreateFileA
ReadFile
MultiByteToWideChar
VirtualProtect
GetStringTypeA
GetStringTypeW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
GetTickCount
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
SetEndOfFile
WriteConsoleA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DIYDiyTool 2009 V4/sys/OCCT/bin/linpack/64/linpack_xeon64.exe
.exe windows:4 windows x64 arch:x64

916745012f75ca25f862feaefef539e3

Code Sign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16/02/2006, 18:01

Not After

19/02/2016, 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:95:25:ab:00:00:00:00:01:c8
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

28/08/2006, 17:05

Not After

27/08/2009, 17:05

Subject

CN=\ Intel(R) Software Development Products\ ,O=Intel Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:94:89:00:00:00:00:00:05
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

22/03/2006, 22:22

Not After

22/03/2012, 22:32

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:af:53:39:12:46:11:e0:54:51:be:e3:c3:8c:ae:f5:dc:e9:f2:33
Signer

Actual PE Digest

ff:af:53:39:12:46:11:e0:54:51:be:e3:c3:8c:ae:f5:dc:e9:f2:33

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libiomp5md

ord135
ord137
ord710
ord126
ord150
ord138
ord148
ord145
ord123
ord113
ord106
ord707
ord119
ord117
ord703
ord705
ord120
ord141
ord110

kernel32

RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetTickCount
SetEnvironmentVariableA
CompareStringW
CompareStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
SetEndOfFile
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
LoadLibraryA
GetThreadLocale
FormatMessageA
GetEnvironmentVariableA
Sleep
SetThreadAffinityMask
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetProcAddress
GetModuleHandleA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
RtlCaptureContext
GetLastError
SetFilePointer
SetLastError
GetCurrentThreadId
CloseHandle
WideCharToMultiByte
GetTimeZoneInformation
HeapSetInformation
HeapCreate
WriteFile
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
SetStdHandle
CreateFileA
ReadFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetLocaleInfoA

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/OCCT/locale/names.txt
DIYDiyTool 2009 V4/sys/ORTHOS/local.ini
DIYDiyTool 2009 V4/sys/ORTHOS/prime.ini
DIYDiyTool 2009 V4/sys/ORTHOS/splog.txt
DIYDiyTool 2009 V4/sys/everest/everest.exe
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:9a:73:c1:86:4a:e2:7d:7d:9c:dc:f7:05:58:88:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/09/2008, 00:00

Not After

17/10/2010, 23:59

Subject

CN=LAVALYS,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Licensing Department,O=LAVALYS,L=Laval,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:c8:bf:ef:43:a6:d8:d6:74:c3:fb:16:f4:2f:5e:07:8c:95:dd:4b
Signer

Actual PE Digest

0e:c8:bf:ef:43:a6:d8:d6:74:c3:fb:16:f4:2f:5e:07:8c:95:dd:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 9.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 314KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DIYDiyTool 2009 V4/sys/everest/everest_start.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DIYDiyTool 2009 V4/sys/everest/lang_cn.txt
DIYDiyTool 2009 V4/sys/everest/license.txt
DIYDiyTool 2009 V4/sys/everest/pkey.txt
DIYDiyTool 2009 V4/sys/super_pi/pi_data.txt
DIYDiyTool 2009 V4/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 197KB - Virtual size: 420KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 28KB

.rsrc Size: 30KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 73KB - Virtual size: 76KB

.rdata Size: 6KB - Virtual size: 8KB

.data Size: 61KB - Virtual size: 64KB

���� Size: - Virtual size: 256KB

���� Size: - Virtual size: 64KB

���� Size: - Virtual size: 128KB

���� Size: - Virtual size: 256KB

.rsrc Size: 360KB - Virtual size: 360KB

9198ce9797fc20d0836d87aaa032f147

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 756KB - Virtual size: 752KB

.rdata Size: 156KB - Virtual size: 154KB

.data Size: 60KB - Virtual size: 1.3MB

.rsrc Size: 768KB - Virtual size: 765KB

ccc0e829fe1206cd39d147ca374725d4

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

.text Size: 78KB - Virtual size: 80KB

.data Size: 2KB - Virtual size: 32KB

.idata Size: 4KB - Virtual size: 8KB

.rsrc Size: 117KB - Virtual size: 117KB

bc5ce990cf54f8d435a68eb97512f73e

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

CODE
Size: 197KB - Virtual size: 420KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 28KB

.rsrc
Size: 30KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 4KB

.text
Size: 73KB - Virtual size: 76KB

.rdata
Size: 6KB - Virtual size: 8KB

.data
Size: 61KB - Virtual size: 64KB

��
Size: - Virtual size: 256KB

��
Size: - Virtual size: 64KB

��
Size: - Virtual size: 128KB

��
Size: - Virtual size: 256KB

.rsrc
Size: 360KB - Virtual size: 360KB

.text
Size: 756KB - Virtual size: 752KB

.rdata
Size: 156KB - Virtual size: 154KB

.data
Size: 60KB - Virtual size: 1.3MB

.rsrc
Size: 768KB - Virtual size: 765KB

.text
Size: 78KB - Virtual size: 80KB

.data
Size: 2KB - Virtual size: 32KB

.idata
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 117KB - Virtual size: 117KB

.text
Size: 78KB - Virtual size: 80KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 113KB - Virtual size: 112KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 45KB

QDATA
Size: 188KB - Virtual size: 184KB

.rsrc
Size: 60KB - Virtual size: 57KB

S2C!
Size: - Virtual size: 1.9MB

Fox!
Size: 390KB - Virtual size: 392KB

.2008
Size: 30KB - Virtual size: 32KB

.rsrc
Size: 44KB - Virtual size: 44KB

.psgl
Size: 334KB - Virtual size: 336KB

.adata
Size: - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

CODE
Size: 1.1MB - Virtual size: 1.1MB

DATA
Size: 26KB - Virtual size: 25KB

BSS
Size: - Virtual size: 13KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: - Virtual size: 72B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 77KB - Virtual size: 77KB

.rsrc
Size: 1021KB - Virtual size: 1021KB