4406f8e965c0cb4037928fab788ae9a9

Sharing

Copy URL Twitter E-mail

General

Target

4406f8e965c0cb4037928fab788ae9a9
Size

2.6MB
MD5

4406f8e965c0cb4037928fab788ae9a9
SHA1

b325899db88d7d85d2143129092a73e2280ca66c
SHA256

21ae68a4d5f2e89ffe6cf04935b31ab50eb57d2c091e29c0f210cea208e8b15c
SHA512

9dbd2fee753cd45e6c07d8fd8888904a2d4b6595d224ae603a3db6b4eb87274f337ed1fac72e03b12774f2f9dc247631503c140be18cb69c3cb9febb2cc0ce13
SSDEEP

49152:P800GQjJVEriZEj9jpwDTsEKPuOayaBvpOkknaq7ydOlUIWKEHh2:P8/GQjLEWy9dwnWaymYn3DEB2

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/HDInspectorPortable/App/HDInspector/HDInspector.exe	aspack_v212_v242

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HDInspectorPortable/App/HDInspector/HDInspector.exe
unpack001/HDInspectorPortable/App/HDInspector/dbghelp.dll
unpack001/HDInspectorPortable/HDInspectorPortable.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/HDInspectorPortable/HDInspectorPortable.exe	nsis_installer_1
static1/unpack001/HDInspectorPortable/HDInspectorPortable.exe	nsis_installer_2

Files

4406f8e965c0cb4037928fab788ae9a9
.rar
HDInspectorPortable/App/HDInspector/BadSmart.wav
HDInspectorPortable/App/HDInspector/HDDInfo.dll
.dll regsvr32 windows:4 windows x86 arch:x86

915714f6a3197856f93a9c274ec3a983

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:e0:ce:37:2c:de:00:64:c5:60:e0:ab:fc:81:ea:a3:bf:b3:d9:64
Signer

Actual PE Digest

ed:e0:ce:37:2c:de:00:64:c5:60:e0:ab:fc:81:ea:a3:bf:b3:d9:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetFileSize
WideCharToMultiByte
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
HeapFree
HeapAlloc
GetProcessHeap
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReleaseMutex
WaitForSingleObject
CreateMutexW
LocalAlloc
GetVersionExA
GetProcAddress
LoadLibraryW
lstrlenA
GetComputerNameW
GlobalMemoryStatus
GetLocalTime
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
CreateProcessW
GetFileAttributesW
OpenProcess
GetTickCount
SetFilePointer
VirtualFree
GlobalAlloc
GetExitCodeProcess
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
FlushFileBuffers
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
LockResource
GetVolumeInformationW
IsBadReadPtr
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcatW
lstrcpynW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
lstrcmpiW
RaiseException
lstrcpyW
lstrlenW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
SetLastError
ReadFile
GetDevicePowerState
GetLogicalDrives
GetVersion
IsBadWritePtr
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetDiskFreeSpaceExW
GetLastError
FormatMessageW
LocalFree
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetDriveTypeW
QueryDosDeviceW
Sleep
CreateFileW
DeviceIoControl
GlobalFree
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
FatalAppExitA
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
TlsAlloc
ExitProcess
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
RtlUnwind
CreateThread
ResumeThread
ExitThread
LoadLibraryA

user32

LoadStringW
KillTimer
SetTimer
UnregisterClassW
GetSystemMetrics
CharNextW
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
GetWindowRect
DestroyIcon
PeekMessageW
DispatchMessageW
CreateIconFromResource
UnregisterClassA
GetDC
ReleaseDC
FindWindowExW
SystemParametersInfoW
LoadCursorW
ExitWindowsEx
GetIconInfo
FillRect

gdi32

GdiFlush
CreatePen
SetROP2
Polyline
GetObjectW
CreateBitmap
DeleteObject
SelectObject
GetStockObject
BitBlt
CreateSolidBrush
GetBitmapBits
GetPixel
SetPixel
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetClipBox
GetDCOrgEx
CreateDIBSection

advapi32

RegEnumKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
StartServiceW
QueryServiceStatus
LookupPrivilegeValueW
GetUserNameW
RegRestoreKeyW
RegLoadKeyW
RegOpenKeyW
RegUnLoadKeyW
RegEnumValueW
RegSaveKeyW
RegQueryValueExW
IsTextUnicode
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHAppBarMessage

ole32

CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemRealloc
WriteClassStm
OleSaveToStream
CoTaskMemFree
CoTaskMemAlloc
OleLoadFromStream
CoSetProxyBlanket

oleaut32

VarBstrCmp
VarBstrCat
SysAllocStringByteLen
SysReAllocString
SysStringByteLen
VariantCopy
VariantClear
VarDecCmp
VarCyCmp
VariantCopyInd
VariantChangeTypeEx
VarBstrFromR8
SafeArrayUnaccessData
SafeArrayAccessData
VarDateFromUdate
VarUdateFromDate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreateVector
SetErrorInfo
SysAllocStringLen
VariantChangeType
VarBstrFromR4
GetErrorInfo
CreateErrorInfo
SysAllocString
SysStringLen
VarBstrFromUI4
VarBstrFromI4
VarBstrFromI2
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayDestroy
SysFreeString

shlwapi

PathFindExtensionW

netapi32

Netbios

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/HDDSvc.exe
.exe windows:4 windows x86 arch:x86

859999f7cd407278699688b807ca1d17

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:e0:5a:16:60:05:fe:ca:59:2f:19:77:a7:a0:cc:3a:73:28:06:a7
Signer

Actual PE Digest

08:e0:5a:16:60:05:fe:ca:59:2f:19:77:a7:a0:cc:3a:73:28:06:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

VirtualQuery
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
FatalAppExitA
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsBadReadPtr
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
GetSystemInfo
GetLastError
IsBadWritePtr
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
LocalFree
FormatMessageW
Sleep
GetTickCount
lstrcpyW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
lstrcmpiW
GetVersion
CloseHandle
GetCurrentProcess
GetCurrentThread
InterlockedIncrement
lstrcpynW
lstrcatW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetDriveTypeW
GetCurrentThreadId
GetCommandLineW
GetLocalTime
LockResource
GetTimeFormatW
GetDateFormatW
GetComputerNameW
SetLastError
GetProcAddress
LoadLibraryW
CreateProcessW
VirtualProtect
HeapReAlloc
RtlUnwind
GetStartupInfoW
GetFileTime
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetStringTypeExW
MoveFileW
SetErrorMode
GetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
GetVersionExA
GlobalFlags
lstrcmpW
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetFileAttributesW
lstrcmpA
SystemTimeToFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
OpenProcess
WriteFile
CreateFileW
SetFilePointer
ReadFile
GetFileSize
GlobalFree
GlobalAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
CopyFileW
MulDiv
GlobalSize
GlobalLock
GlobalUnlock
CreateMutexW
ReleaseMutex
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetProcessHeap
HeapAlloc
HeapFree
DeleteFileW
VirtualAlloc
VirtualFree
GetLocaleInfoW
GetNumberFormatW
WideCharToMultiByte
lstrlenA
SetEndOfFile
WaitForSingleObject
GetExitCodeProcess

user32

InflateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageA
IsWindow
IsChild
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
UnregisterClassA
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
PostMessageW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
GetMenuItemInfoW
GetClassInfoW
RegisterClassW
SetWindowPlacement
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowPos
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowLongW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDialogBaseUnits
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
wsprintfW
GetScrollPos
SetScrollPos
SetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetFocus
GetDesktopWindow
SetWindowTextW
GetClassNameW
SetWindowsHookExW
CallNextHookEx
DestroyMenu
PostQuitMessage
SetCursor
ShowOwnedPopups
TranslateMessage
GetActiveWindow
DeleteMenu
CharUpperW
EndDialog
GetNextDlgTabItem
SetScrollInfo
CreateDialogIndirectParamW
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
PeekMessageW
CreateIconFromResource
DestroyIcon
GetDC
ReleaseDC
FindWindowExW
GetWindowRect
SystemParametersInfoW
LoadCursorW
ExitWindowsEx
GetIconInfo
FillRect
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
UnregisterClassW
SetTimer
RegisterDeviceNotificationW
GetMessageW
DispatchMessageW
KillTimer
UnregisterDeviceNotification
PostThreadMessageW
LoadStringW
MessageBoxW
CharNextW
SetDlgItemInt
OffsetRect
ScrollWindow

gdi32

RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
PtVisible
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsW
StartDocW
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetPixel
GetPixel
GetBitmapBits
DeleteDC
CreateSolidBrush
BitBlt
GetStockObject
SelectObject
CreateCompatibleDC
DeleteObject
CreateBitmap
GetObjectW
Polyline
SetROP2
CreatePen
GdiFlush
CreateDIBSection
GetTextExtentExPointW
GetDeviceCaps
CopyMetaFileW
CreateDCW
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
CreateDIBPatternBrushPt
SetTextJustification
SetTextAlign

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SetSecurityDescriptorGroup
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegRestoreKeyW
RegLoadKeyW
RegOpenKeyW
RegUnLoadKeyW
RegEnumValueW
RegSaveKeyW
IsTextUnicode
GetUserNameW
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
CreateServiceW
ChangeServiceConfig2W
StartServiceW
GetTokenInformation
CloseServiceHandle
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
OpenServiceW

shell32

SHGetFileInfoW
ExtractIconW
SHAppBarMessage

comctl32

ord17

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

SetConvertStg
OleSaveToStream
WriteClassStm
OleLoadFromStream
StringFromCLSID
CoCreateGuid
StringFromIID
CoInitializeEx
CoInitializeSecurity
WriteFmtUserTypeStg
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
OleRun
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CoResumeClassObjects

oleaut32

VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDecFromStr
VarBstrFromDec
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
SafeArrayGetUBound
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetElemsize
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VarCyCmp
VarDecCmp
VariantInit
SysStringByteLen
SysReAllocString
VarBstrCat
VarBstrCmp
VarBstrFromR8
VarBstrFromR4
VarBstrFromUI4
VarBstrFromI4
VarBstrFromI2
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
SetErrorInfo
SysAllocStringLen
CreateErrorInfo
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VarDateFromUdate
VarUdateFromDate
VariantCopyInd
GetErrorInfo
SafeArrayGetLBound

psapi

EmptyWorkingSet

Sections

.text
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/HDInspector.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 611KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 89KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

XXXXX
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HDInspectorPortable/App/HDInspector/Localization/Arabic_SA.lng
HDInspectorPortable/App/HDInspector/Localization/Arabic_Syr.lng
HDInspectorPortable/App/HDInspector/Localization/Armenian.lng
HDInspectorPortable/App/HDInspector/Localization/Belarusian.lng
HDInspectorPortable/App/HDInspector/Localization/Bulgarian.lng
HDInspectorPortable/App/HDInspector/Localization/Chinese.lng
HDInspectorPortable/App/HDInspector/Localization/Czech.lng
HDInspectorPortable/App/HDInspector/Localization/DutchBelg.lng
HDInspectorPortable/App/HDInspector/Localization/DutchNeth.lng
HDInspectorPortable/App/HDInspector/Localization/English.lng
HDInspectorPortable/App/HDInspector/Localization/Farsi.lng
HDInspectorPortable/App/HDInspector/Localization/Finnish.lng
HDInspectorPortable/App/HDInspector/Localization/French.lng
HDInspectorPortable/App/HDInspector/Localization/German.lng
HDInspectorPortable/App/HDInspector/Localization/Greek.lng
HDInspectorPortable/App/HDInspector/Localization/HddSI_1033.chm
.chm
HDInspectorPortable/App/HDInspector/Localization/HddSI_1049.chm
.chm
HDInspectorPortable/App/HDInspector/Localization/Hebrew.lng
HDInspectorPortable/App/HDInspector/Localization/Hungarian.lng
HDInspectorPortable/App/HDInspector/Localization/Indonesian.lng
HDInspectorPortable/App/HDInspector/Localization/Italian.lng
HDInspectorPortable/App/HDInspector/Localization/Korean.lng
HDInspectorPortable/App/HDInspector/Localization/Norsk.lng
HDInspectorPortable/App/HDInspector/Localization/Polish.lng
HDInspectorPortable/App/HDInspector/Localization/Romanian.lng
HDInspectorPortable/App/HDInspector/Localization/Russian.lng
HDInspectorPortable/App/HDInspector/Localization/Slovak.lng
HDInspectorPortable/App/HDInspector/Localization/Slovenian.lng
HDInspectorPortable/App/HDInspector/Localization/Spanish.lng
HDInspectorPortable/App/HDInspector/Localization/Turkish.lng
HDInspectorPortable/App/HDInspector/Localization/Ukrainian.lng
HDInspectorPortable/App/HDInspector/Localization/Vietnamese.lng
HDInspectorPortable/App/HDInspector/Localization/pt-brazil.lng
HDInspectorPortable/App/HDInspector/Localization/pt-portugal.lng
HDInspectorPortable/App/HDInspector/Localization/zh-tw.lng
HDInspectorPortable/App/HDInspector/MiniDump.dll
.dll windows:4 windows x86 arch:x86

643c966eb17342ff93dfbe2ef4a901c9

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:ca:7a:0f:27:24:50:73:09:5b:2b:72:1e:c6:3c:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/04/2007, 00:00

Not After

23/04/2008, 23:59

Subject

CN=Altrix Software Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Altrix Software Ltd,L=Irkutsk,ST=Irkutskaya oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:a9:a9:c6:2f:5d:cc:58:2e:06:3b:49:64:eb:bf:d8:e5:d9:c5:9b
Signer

Actual PE Digest

82:a9:a9:c6:2f:5d:cc:58:2e:06:3b:49:64:eb:bf:d8:e5:d9:c5:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dbghelp

SymGetModuleInfo
SymFunctionTableAccess
StackWalk
SymGetSymFromAddr
SymGetModuleBase
SymGetOptions
SymSetOptions
SymGetLineFromAddr
SymInitialize
SymCleanup
SymLoadModule

kernel32

GetSystemInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLastError
HeapAlloc
GetCurrentProcessId
SetLastError
IsBadWritePtr
lstrcpynA
lstrlenA
GetModuleFileNameA
CreateFileA
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
ReadProcessMemory
GetCurrentProcess
IsBadReadPtr
IsBadCodePtr
OutputDebugStringA
FormatMessageA
GetModuleHandleA
GetCurrentThread
lstrlenW
OutputDebugStringW
VirtualQueryEx
GetVersionExA
GetProcAddress
LoadLibraryA
GetThreadContext
ExitProcess
LocalFree
DisableThreadLibraryCalls
VirtualProtect
VirtualQuery
IsBadStringPtrA
WideCharToMultiByte
CloseHandle
CreateFileW
WaitForSingleObject
IsBadStringPtrW
MultiByteToWideChar
OpenProcess
GetLocaleInfoA
GetCPInfo
GetOEMCP
WriteFile
RtlUnwind
RaiseException
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InterlockedExchange
TerminateProcess
HeapSize
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
GetACP

user32

SetLastErrorEx
GetActiveWindow
GetLastActivePopup
MessageBoxA
wvsprintfW
wsprintfA
wvsprintfA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyA

Exports

Exports

AddClientDV
AddCrashHandlerLimitModule
AddDiagAssertModule
AllocAndFillProcessModuleList
BSUGetModuleBaseName
BSUGetModuleFileNameEx
BSUSymInitialize
CreateCurrentProcessMiniDumpA
CreateCurrentProcessMiniDumpW
DiagAssertA
DiagAssertVB
DiagAssertW
DiagOutputA
DiagOutputVB
DiagOutputW
GetFaultReason
GetFaultReasonVB
GetFirstStackTraceString
GetFirstStackTraceStringVB
GetLimitModuleCount
GetLimitModulesArray
GetLoadedModules
GetNextStackTraceString
GetNextStackTraceStringVB
GetRegisterString
GetRegisterStringVB
HookImportedFunctionsByName
HookOrdinalExport
IsMiniDumpFunctionAvailable
IsNT
MemStressInitializeA
MemStressInitializeW
MemStressTerminate
SetCrashHandlerFilter
SetDiagAssertFile
SetDiagAssertOptions
SetDiagOutputFile
ValidateAllBlocks

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/dbghelp.dll
.dll windows:5 windows x86 arch:x86

bfdf63b29852e4529780d92b76de1d65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_initterm
_except_handler3
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
__CxxFrameHandler
_wcsicmp
_wsplitpath
_wcsnicmp
towlower
wcsncmp
__unDName
wcsncpy
_wfopen
fopen
_osver
fclose
fread
fseek
_CxxThrowException
bsearch
wcscmp
_snwprintf
mbstowcs
wcstol
_mbsnbcpy
fflush
_iob
time
_wmakepath
wcsrchr
_onexit
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_lseeki64
_chsize
_close
_open_osfhandle
_waccess
_mbscmp
_memicmp
wcsncat
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
isxdigit
wcslen
sprintf
wcscpy
strrchr
strncpy
_splitpath
_stricmp
strchr
_strnicmp
wprintf

kernel32

CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileA
Sleep
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
GetDriveTypeW
GetDriveTypeA
SetEndOfFile
MapViewOfFileEx
FlushViewOfFile
SetFileAttributesA
CreateThread
TerminateThread
lstrcmpW
SuspendThread
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQueryEx
GetProcessHeap
ResumeThread
GetCurrentThreadId
GetThreadSelectorEntry
GetThreadContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/file_id.diz
HDInspectorPortable/App/HDInspector/license.txt
HDInspectorPortable/App/HDInspector/order.txt
HDInspectorPortable/App/HDInspector/overheat.wav
HDInspectorPortable/App/HDInspector/readme.txt
HDInspectorPortable/App/HDInspector/res/bmpres.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:9c:32:35:ca:b8:8a:7d:a8:30:87:2d:c3:2e:52:3f:82:92:4b:ce
Signer

Actual PE Digest

11:9c:32:35:ca:b8:8a:7d:a8:30:87:2d:c3:2e:52:3f:82:92:4b:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/res/dlgres.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:3f:e7:d4:81:e2:4a:34:ff:e3:d1:44:95:12:83:01:74:2b:33:cf
Signer

Actual PE Digest

05:3f:e7:d4:81:e2:4a:34:ff:e3:d1:44:95:12:83:01:74:2b:33:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/res/htmlres.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:b2:fb:e6:0e:56:cb:d0:32:38:31:39:53:e4:b8:88:b2:38:20:30
Signer

Actual PE Digest

a0:b2:fb:e6:0e:56:cb:d0:32:38:31:39:53:e4:b8:88:b2:38:20:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/res/menures.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:0b:4b:8e:95:ec:83:58:d4:97:45:e9:99:d6:d6:6d:51:3e:32:62
Signer

Actual PE Digest

3b:0b:4b:8e:95:ec:83:58:d4:97:45:e9:99:d6:d6:6d:51:3e:32:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/res/strres.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:78:ce:5d:9b:19:61:6b:f5:aa:85:42:3c:8b:61:4a:c8:75:27:9f
Signer

Actual PE Digest

a0:78:ce:5d:9b:19:61:6b:f5:aa:85:42:3c:8b:61:4a:c8:75:27:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDInspectorPortable/App/HDInspector/whatsnew.txt
HDInspectorPortable/HDInspectorPortable.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HDInspectorPortable/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

915714f6a3197856f93a9c274ec3a983

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12Certificate

Extended Key Usages

Key Usages

ed:e0:ce:37:2c:de:00:64:c5:60:e0:ab:fc:81:ea:a3:bf:b3:d9:64Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

version

Exports

Exports

Sections

.text Size: 312KB - Virtual size: 309KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 12KB - Virtual size: 81KB

.rsrc Size: 24KB - Virtual size: 20KB

.reloc Size: 28KB - Virtual size: 24KB

859999f7cd407278699688b807ca1d17

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12Certificate

Extended Key Usages

Key Usages

08:e0:5a:16:60:05:fe:ca:59:2f:19:77:a7:a0:cc:3a:73:28:06:a7Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

psapi

Sections

.text Size: 288KB - Virtual size: 285KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 12KB - Virtual size: 9KB

Headers

File Characteristics

Sections

.text Size: 611KB - Virtual size: 1.8MB

.data Size: 89KB - Virtual size: 344KB

Size: 6KB - Virtual size: 68KB

.rsrc Size: 40KB - Virtual size: 148KB

.idata Size: 6KB - Virtual size: 16KB

XXXXX Size: 34KB - Virtual size: 36KB

.adata Size: - Virtual size: 4KB

643c966eb17342ff93dfbe2ef4a901c9

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

ed:e0:ce:37:2c:de:00:64:c5:60:e0:ab:fc:81:ea:a3:bf:b3:d9:64
Signer

.text
Size: 312KB - Virtual size: 309KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 12KB - Virtual size: 81KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 28KB - Virtual size: 24KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

08:e0:5a:16:60:05:fe:ca:59:2f:19:77:a7:a0:cc:3a:73:28:06:a7
Signer

.text
Size: 288KB - Virtual size: 285KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 12KB - Virtual size: 9KB

.text
Size: 611KB - Virtual size: 1.8MB

.data
Size: 89KB - Virtual size: 344KB

.rsrc
Size: 40KB - Virtual size: 148KB

.idata
Size: 6KB - Virtual size: 16KB

XXXXX
Size: 34KB - Virtual size: 36KB

.adata
Size: - Virtual size: 4KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

39:ca:7a:0f:27:24:50:73:09:5b:2b:72:1e:c6:3c:9d
Certificate

82:a9:a9:c6:2f:5d:cc:58:2e:06:3b:49:64:eb:bf:d8:e5:d9:c5:9b
Signer

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 800B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 440KB - Virtual size: 440KB

.data
Size: 10KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 25KB - Virtual size: 25KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

11:9c:32:35:ca:b8:8a:7d:a8:30:87:2d:c3:2e:52:3f:82:92:4b:ce
Signer

.rdata
Size: 4KB - Virtual size: 123B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 8B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate