4344eb2221d8684512f32df607035cc8

Sharing

Copy URL Twitter E-mail

General

Target

4344eb2221d8684512f32df607035cc8
Size

649KB
MD5

4344eb2221d8684512f32df607035cc8
SHA1

e9e1a4292016afa2beedf84fc1b272d107dab781
SHA256

c004c3bd07db392fa65dad22f895d4f5a322bef2e2c548069a7d237af1a4cba7
SHA512

7558f4a15d7ab20f5f97bd4907e3454781fda0e46b88e2358655cf9c30ef50bf02794ebb0d011a351ecc3bf3374b8a05006a5c75325c3c8a894892bbaf2db03f
SSDEEP

12288:y1ynUohWOEfV4U6FtOolvDSSgWm5gDJP/wRIQ4ig1Swhon9URublJC:y1yUE0f+j3vE8ZBig1S4ony4fC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TCPZ_20090108/VirtualDevice/RemoveWatermarkX64.exe

Files

4344eb2221d8684512f32df607035cc8
.zip
TCPZ_20090108/Files.EN.txt
TCPZ_20090108/ReadMe.en.txt
TCPZ_20090108/ReadMe.txt
TCPZ_20090108/TCPZ.exe
.exe windows:4 windows x86 arch:x86

e37fe79a91169838f9bac1c5d9e491f8

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:2c:3d:81:e3:08:91:ff:a3:15:7d:da:d1:35:a5:5c:df:97:5e:71
Signer

Actual PE Digest

eb:2c:3d:81:e3:08:91:ff:a3:15:7d:da:d1:35:a5:5c:df:97:5e:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
RtlUnwind
HeapReAlloc
RaiseException
HeapSize
VirtualProtect
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
GetSystemTimeAsFileTime
HeapFree
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetTickCount
GetFileTime
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
lstrlenA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
GetCurrentProcessId
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
SetLastError
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoW
GetEnvironmentVariableW
DeviceIoControl
GetFileAttributesW
GetCurrentDirectoryW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetLastError
CreateMutexW
Sleep
GetTempPathW
lstrlenW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
WriteFile
DeleteFileW
CopyFileW
SetFilePointer
lstrcmpW
GetModuleFileNameW
FindResourceExW
lstrcmpiW
GetWindowsDirectoryW
lstrcatW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersion
GetCurrentProcess
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
VirtualFree
CloseHandle
ReadFile
VirtualAlloc
GetFileSize
CreateFileW
TerminateProcess
lstrcpyW

user32

RegisterClipboardFormatW
PostThreadMessageW
SetCapture
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetMenuState
GetMenuItemID
GetMenuItemCount
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindowTextLengthW
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
IsWindowEnabled
EndDialog
DrawTextW
GetTopWindow
SetParent
GetKeyState
ScrollDC
SetCursor
LoadCursorW
GetParent
DrawStateW
DrawEdge
CopyRect
PtInRect
InvalidateRect
GetSysColor
InflateRect
GetWindowPlacement
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
OffsetRect
ReleaseCapture
DrawIcon
IsIconic
MessageBeep
GetNextDlgGroupItem
CheckMenuItem
SetWindowPos
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
DefWindowProcW
CharUpperW
SetWindowRgn
GetClientRect
SetWindowLongW
GetWindowLongW
AppendMenuW
GetSystemMenu
LoadIconW
GetSystemMetrics
TranslateAcceleratorW
ReleaseDC
GetDC
LoadAcceleratorsW
EnumWindows
FindWindowW
SetForegroundWindow
GetWindowTextW
MessageBoxW
GetDlgItem
GetClassNameW
RedrawWindow
LoadBitmapW
GetFocus
GetNextDlgTabItem
SetFocus
PostMessageW
KillTimer
SetTimer
wsprintfW
SendMessageW
EnableWindow
DrawIconEx
GetWindowRect
LoadImageW
EndPaint
UnregisterClassA

gdi32

ExtSelectClipRgn
CreateBitmap
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
GetClipBox
SetMapMode
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetTextAlign
MoveToEx
CreateSolidBrush
SetBkMode
RestoreDC
SaveDC
FloodFill
SetTextColor
SetBkColor
Ellipse
SetPixel
CreateFontW
EnumFontFamiliesExW
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
DeleteObject
CreatePen
GetBkColor
FrameRgn
StretchBlt
GetObjectW
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CombineRgn
CreateRectRgn
CreateRoundRectRgn
GetDeviceCaps
GetStockObject
LineTo

comdlg32

GetSaveFileNameW
GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

OpenEventLogW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
CloseEventLog
ReadEventLogW
RegOpenKeyExW
ControlService
StartServiceW
DeleteService
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW

shell32

DragFinish
Shell_NotifyIconW
ShellExecuteW
DragQueryFileW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

iphlpapi

GetAdaptersInfo
GetTcpTable
GetTcpStatistics
GetIfEntry

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

CheckSumMappedFile

gdiplus

GdipFree
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ_20090108/TCPZ64.exe
.exe windows:4 windows x64 arch:x64

8308547c6c7b8a3b73a966efe463dcf1

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:6d:57:a5:f2:dc:19:d8:31:6a:7c:09:cf:c2:cd:63:2b:f5:52:7d
Signer

Actual PE Digest

5c:6d:57:a5:f2:dc:19:d8:31:6a:7c:09:cf:c2:cd:63:2b:f5:52:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
RaiseException
RtlPcToFileHeader
HeapSize
VirtualProtect
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
GetFileTime
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
lstrlenA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
SetLastError
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoW
GetEnvironmentVariableW
DeviceIoControl
GetFileAttributesW
GetCurrentDirectoryW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetLastError
CreateMutexW
Sleep
GetTempPathW
lstrlenW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
WriteFile
DeleteFileW
CopyFileW
SetFilePointer
lstrcmpW
GetModuleFileNameW
FindResourceExW
lstrcmpiW
GetWindowsDirectoryW
lstrcatW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersion
GetCurrentProcess
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
VirtualFree
CloseHandle
ReadFile
VirtualAlloc
GetFileSize
CreateFileW
GetSystemTimeAsFileTime
lstrcpyW

user32

RegisterClipboardFormatW
PostThreadMessageW
SetCapture
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetMenuState
GetMenuItemID
GetMenuItemCount
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindowTextLengthW
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
IsWindowEnabled
EndDialog
DrawTextW
GetTopWindow
SetParent
GetKeyState
ScrollDC
SetCursor
LoadCursorW
GetParent
DrawStateW
DrawEdge
CopyRect
PtInRect
InvalidateRect
GetSysColor
InflateRect
GetWindowPlacement
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
OffsetRect
ReleaseCapture
DrawIcon
IsIconic
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
CheckMenuItem
SetWindowPos
IsRectEmpty
CopyAcceleratorTableW
CharNextW
CharUpperW
SetWindowRgn
GetClientRect
SetWindowLongW
GetWindowLongW
AppendMenuW
GetSystemMenu
LoadIconW
GetSystemMetrics
TranslateAcceleratorW
ReleaseDC
GetDC
LoadAcceleratorsW
EnumWindows
FindWindowW
SetForegroundWindow
GetWindowTextW
MessageBoxW
GetDlgItem
GetClassNameW
RedrawWindow
LoadBitmapW
GetFocus
GetNextDlgTabItem
SetFocus
PostMessageW
KillTimer
SetTimer
wsprintfW
SendMessageW
EnableWindow
DrawIconEx
GetWindowRect
LoadImageW
GetWindowDC
UnregisterClassA

gdi32

ExtSelectClipRgn
CreateBitmap
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
GetClipBox
SetMapMode
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetTextAlign
MoveToEx
CreateSolidBrush
SetBkMode
RestoreDC
SaveDC
FloodFill
SetTextColor
SetBkColor
Ellipse
SetPixel
CreateFontW
EnumFontFamiliesExW
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
DeleteObject
CreatePen
GetBkColor
FrameRgn
StretchBlt
GetObjectW
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CombineRgn
CreateRectRgn
CreateRoundRectRgn
GetDeviceCaps
GetStockObject
LineTo

comdlg32

GetSaveFileNameW
GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

OpenEventLogW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
CloseEventLog
ReadEventLogW
RegOpenKeyExW
ControlService
StartServiceW
DeleteService
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW

shell32

DragFinish
Shell_NotifyIconW
ShellExecuteW
DragQueryFileW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysStringLen

iphlpapi

GetAdaptersInfo
GetTcpTable
GetTcpStatistics
GetIfEntry

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

CheckSumMappedFile

gdiplus

GdipFree
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ_20090108/VirtualDevice/Driver/TcpzPropPage-x64.DLL
.dll windows:5 windows x64 arch:x64

c1de49a8d9e4547b2a474baa62696454

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:86:40:c8:44:82:c3:2e:f7:5a:f8:7e:e7:f3:77:98:18:f8:d6:0c
Signer

Actual PE Digest

50:86:40:c8:44:82:c3:2e:f7:5a:f8:7e:e7:f3:77:98:18:f8:d6:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_wtoi
free
malloc
memset
_initterm
??3@YAXPEAX@Z

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW

kernel32

GetCurrentProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
GetModuleHandleW
CreateFileW
CloseHandle
DeviceIoControl
lstrcatW
DisableThreadLibraryCalls
lstrcpyW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
lstrcmpW
GetLocaleInfoW
GetVersion
GetSystemInfo
GetProcAddress
FindResourceExW
GetVersionExW
GetWindowsDirectoryW
lstrlenW
FreeResource
lstrcpynW
LockResource
LoadResource

user32

GetSystemMetrics
EnableWindow
GetDlgItem
SetDlgItemTextW
wsprintfW
SendMessageW
MessageBoxW
GetDlgItemTextW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllMain
TcpzPropPageProvider

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPZ_20090108/VirtualDevice/Driver/TcpzPropPage-x86.DLL
.dll windows:5 windows x86 arch:x86

ec19c06e19e154f74cbda3a540bf4798

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:97:4a:06:12:ce:28:57:bd:f6:26:a0:89:d2:c2:7e:ab:fb:94:22
Signer

Actual PE Digest

21:97:4a:06:12:ce:28:57:bd:f6:26:a0:89:d2:c2:7e:ab:fb:94:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
??3@YAXPAX@Z
malloc
free
_wtoi
wcslen

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW

kernel32

UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
GetVersionExW
CreateFileW
CloseHandle
DeviceIoControl
lstrcatW
DisableThreadLibraryCalls
lstrcpyW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
lstrcmpW
GetLocaleInfoW
GetVersion
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetWindowsDirectoryW
lstrlenW
FreeResource
lstrcpynW
LockResource
LoadResource
FindResourceExW
QueryPerformanceCounter
GetTickCount

user32

SetDlgItemTextW
wsprintfW
SendMessageW
GetSystemMetrics
GetDlgItemTextW
GetDlgItem
EnableWindow
MessageBoxW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllMain
TcpzPropPageProvider

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPZ_20090108/VirtualDevice/Driver/tcpz-x64d.sys
.sys windows:5 windows x64 arch:x64

64260cc5baf777edc9741651db052262

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:bb:85:c0:c1:f8:81:77:0e:e5:b1:27:09:95:d3:9a:3c:c8:5c:54
Signer

Actual PE Digest

78:bb:85:c0:c1:f8:81:77:0e:e5:b1:27:09:95:d3:9a:3c:c8:5c:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlGetVersion
MmIsAddressValid
RtlQueryRegistryValues
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeDelayExecutionThread
IofCompleteRequest
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPZ_20090108/VirtualDevice/Driver/tcpz-x86d.sys
.sys windows:5 windows x86 arch:x86

82b42a17eeb102b8e89ec0a6d2ae5cec

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:c1:df:ad:a6:6e:06:df:73:c4:07:db:ec:53:98:3b:f6:13:d0:83
Signer

Actual PE Digest

23:c1:df:ad:a6:6e:06:df:73:c4:07:db:ec:53:98:3b:f6:13:d0:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlGetVersion
MmIsAddressValid
RtlQueryRegistryValues
RtlInitUnicodeString
IofCompleteRequest
PsCreateSystemThread
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
IoDeleteSymbolicLink
KeDelayExecutionThread
IoDeleteDevice

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPZ_20090108/VirtualDevice/Driver/tcpz.cat
TCPZ_20090108/VirtualDevice/Driver/tcpz.inf
TCPZ_20090108/VirtualDevice/RemoveWatermarkX64.exe
.exe windows:4 windows x64 arch:x64

639fd801083073ce729fa3e3f7bbe58f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imagehlp

CheckSumMappedFile

shlwapi

PathFileExistsA

kernel32

HeapAlloc
GetProcessHeap
lstrlenA
GetCommandLineA
ExitProcess
UnmapViewOfFile
IsBadReadPtr
CloseHandle
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
DeleteFileA
CopyFileA
MoveFileExA
GetTempFileNameA
GetModuleFileNameA
GetLastError
WaitForSingleObject
lstrcpyA
WriteFile
ReadFile
SetFilePointer
lstrcatA
GetWindowsDirectoryA
GetVersion
HeapFree
ReadConsoleA
GetStdHandle
WriteConsoleA
CreateProcessA

user32

wsprintfA
wvsprintfA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ_20090108/VirtualDevice/TCPZ_Setup-x64.exe
.exe windows:5 windows x64 arch:x64

10afc90e59035551b6de2784fb57150c

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:7e:f3:53:d1:2b:07:77:43:4b:a0:76:35:33:2f:77:2e:fd:89:c6
Signer

Actual PE Digest

53:7e:f3:53:d1:2b:07:77:43:4b:a0:76:35:33:2f:77:2e:fd:89:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
malloc
free
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
_wcsdup
wprintf
wcsstr
memset

advapi32

GetSidSubAuthorityCount
RegOpenKeyW
RegDeleteKeyW
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GetFullPathNameW
GetCurrentProcessId
LoadLibraryA
CreateProcessW
WaitForSingleObject
LoadLibraryW
GetProcAddress
GetStartupInfoA
lstrlenW
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrcpynW
lstrcpyW
DeleteFileW
lstrcatW
GetWindowsDirectoryW
Sleep
GetFileAttributesW
CreateMutexW
GetCurrentProcess
FreeResource
LockResource
LoadResource
RtlCaptureContext
GetEnvironmentVariableW
GetVersion
lstrcmpW
GetLocaleInfoW
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
FreeLibrary
FindResourceExW

user32

DialogBoxParamW
ExitWindowsEx
CharNextW
PostMessageW
SetWindowTextW
ShowWindow
EndDialog
LoadStringW
MessageBoxW
SetDlgItemTextW
GetDlgItem
EnableWindow
GetWindowThreadProcessId
FindWindowW

setupapi

SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
SetupDiClassGuidsFromNameExW
CM_Get_DevNode_Status_Ex
SetupDiDestroyDeviceInfoList

shlwapi

PathFileExistsW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ_20090108/VirtualDevice/TCPZ_Setup-x86.exe
.exe windows:5 windows x86 arch:x86

c71a614e4dfee7ebddb39579cd77a787

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:20:77:4a:25:3b:97:56:6a:d0:92:38:97:81:5d:13:a7:4c:f4:73
Signer

Actual PE Digest

df:20:77:4a:25:3b:97:56:6a:d0:92:38:97:81:5d:13:a7:4c:f4:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
malloc
free
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
_wcsdup
wprintf
wcsstr

advapi32

LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

CreateProcessW
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
OpenProcess
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetCurrentProcessId
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FindResourceExW
LoadResource
LockResource
FreeResource
GetFileAttributesW
GetFullPathNameW
lstrlenW
lstrcpynW
LoadLibraryA
lstrcpyW
DeleteFileW
lstrcatW
GetWindowsDirectoryW
Sleep
CreateMutexW
GetModuleFileNameW
UnhandledExceptionFilter
GetEnvironmentVariableW
GetVersion
lstrcmpW
GetLocaleInfoW
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetCurrentProcess

user32

DialogBoxParamW
ExitWindowsEx
CharNextW
PostMessageW
SetWindowTextW
ShowWindow
EndDialog
LoadStringW
MessageBoxW
SetDlgItemTextW
GetDlgItem
EnableWindow
FindWindowW
GetWindowThreadProcessId

setupapi

SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
SetupDiClassGuidsFromNameExW
CM_Get_DevNode_Status_Ex
SetupDiDestroyDeviceInfoList

shlwapi

PathFileExistsW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ_20090108/VirtualDevice/readme.EN.txt
TCPZ_20090108/VirtualDevice/readme.txt
TCPZ_20090108/files.txt

Sharing

General

Malware Config

Signatures

Files

e37fe79a91169838f9bac1c5d9e491f8

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

eb:2c:3d:81:e3:08:91:ff:a3:15:7d:da:d1:35:a5:5c:df:97:5e:71Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

version

imagehlp

gdiplus

Sections

.text Size: 268KB - Virtual size: 264KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 212KB - Virtual size: 209KB

8308547c6c7b8a3b73a966efe463dcf1

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:6d:57:a5:f2:dc:19:d8:31:6a:7c:09:cf:c2:cd:63:2b:f5:52:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

version

imagehlp

gdiplus

Sections

.text Size: 373KB - Virtual size: 373KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 15KB - Virtual size: 38KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 210KB - Virtual size: 209KB

c1de49a8d9e4547b2a474baa62696454

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

eb:2c:3d:81:e3:08:91:ff:a3:15:7d:da:d1:35:a5:5c:df:97:5e:71
Signer

.text
Size: 268KB - Virtual size: 264KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 212KB - Virtual size: 209KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:6d:57:a5:f2:dc:19:d8:31:6a:7c:09:cf:c2:cd:63:2b:f5:52:7d
Signer

.text
Size: 373KB - Virtual size: 373KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 15KB - Virtual size: 38KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 210KB - Virtual size: 209KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

50:86:40:c8:44:82:c3:2e:f7:5a:f8:7e:e7:f3:77:98:18:f8:d6:0c
Signer

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 360B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 84B

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:97:4a:06:12:ce:28:57:bd:f6:26:a0:89:d2:c2:7e:ab:fb:94:22
Signer

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1008B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 856B

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

78:bb:85:c0:c1:f8:81:77:0e:e5:b1:27:09:95:d3:9a:3c:c8:5c:54
Signer

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 1024B - Virtual size: 920B

.data
Size: 512B - Virtual size: 328B

.pdata
Size: 512B - Virtual size: 396B

INIT
Size: 1024B - Virtual size: 710B