56d9d145ca55d9b75637a021663a693b

Sharing

Copy URL Twitter E-mail

General

Target

56d9d145ca55d9b75637a021663a693b
Size

1.5MB
MD5

56d9d145ca55d9b75637a021663a693b
SHA1

721a373b8b35b185f62ff02c4eea7b25760a27fd
SHA256

21e46e0973cdc4568bab38a979e5aa19e60aa357d64078eb7452af83dfd82aa8
SHA512

a0570f7e8cf6ff2840746919b3d8371b9b0169b4b2ae27eebef38eed05f5df3f3b70876fb2e46300b4713c54a3aef0d5931026b922122730fc6acd141dc915d8
SSDEEP

24576:qtbCWws/WShjav3lIOS9XK1D7UiI+8A+q1sWFYRBOG+nUlOOWHz:qtX/Jh23KYnU3H01siGLlOOw

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	upx

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/ask.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack003/out.upx
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$PLUGINSDIR/nsProcess2.dll
unpack001/$PROGRAMFILES/Bench/BService/bhelper.dll
unpack001/$PROGRAMFILES/Bench/BService/bservice.exe
unpack001/$PROGRAMFILES/Bench/NmHost/nmhost.exe
unpack001/$PROGRAMFILES/Bench/Updater/1.7.0.0/updater.exe
unpack001/$PROGRAMFILES/Bench/Updater/updater.exe
unpack001/$PROGRAMFILES/Bench/Wd/wd.exe
unpack001/$R0/$PROGRAMFILES/Bench/Proxy/cl.exe
unpack001/$R0/$PROGRAMFILES/Bench/Proxy/proc.exe
unpack001/$R0/$PROGRAMFILES/Bench/Proxy/pwdg.exe
unpack001/SoftwareDetector.exe
unpack001/gpedit.exe
unpack001/sqlite3.exe
unpack001/storageedit.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_2
static1/unpack001/$PLUGINSDIR/ask.exe	nsis_installer_2

Files

56d9d145ca55d9b75637a021663a693b
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:f4:7d:57:21:2b:01:2c:50:6e:1c:b5:ce:9a:f0:f8
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/03/2014, 00:00

Not After

25/03/2015, 23:59

Subject

CN=App Squad,O=App Squad,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:50:90:16:d7:4c:ba:60:2f:34:cc:a2:8f:82:27:00:83:d7:73:51
Signer

Actual PE Digest

3b:50:90:16:d7:4c:ba:60:2f:34:cc:a2:8f:82:27:00:83:d7:73:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

ea0aa0a9e9dc166e514586b9219c0789

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
free
fwrite
malloc
memcpy
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ask.exe
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

ea0aa0a9e9dc166e514586b9219c0789

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
free
fwrite
malloc
memcpy
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

4fb4d15e957b6564bf15c23e80f0202a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

SetTextColor

kernel32

GetCurrentDirectoryA
GetFileAttributesA
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
SetCurrentDirectoryA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

user32

CallWindowProcA
CharNextA
CharPrevA
CreateDialogParamA
CreateWindowExA
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
GetClientRect
GetDlgItem
GetMessageA
GetPropA
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
IsWindow
KillTimer
LoadCursorA
MapDialogRect
MapWindowPoints
RemovePropA
SendMessageA
SetCursor
SetPropA
SetTimer
SetWindowLongA
SetWindowPos
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

06e07a9e2c8ec78ec44f1a538a1bd2a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
DeleteFileA
ExitProcess
GetCommandLineA
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTempFileNameA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
MapViewOfFile
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

user32

CharNextA
CharPrevA
FindWindowExA
OemToCharBuffA
SendMessageA
wsprintfA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ping.js
.js
$PLUGINSDIR/splash.bmp
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

4fb4d15e957b6564bf15c23e80f0202a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

SetTextColor

kernel32

GetCurrentDirectoryA
GetFileAttributesA
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
SetCurrentDirectoryA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

user32

CallWindowProcA
CharNextA
CharPrevA
CreateDialogParamA
CreateWindowExA
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
GetClientRect
GetDlgItem
GetMessageA
GetPropA
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
IsWindow
KillTimer
LoadCursorA
MapDialogRect
MapWindowPoints
RemovePropA
SendMessageA
SetCursor
SetPropA
SetTimer
SetWindowLongA
SetWindowPos
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

06e07a9e2c8ec78ec44f1a538a1bd2a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
DeleteFileA
ExitProcess
GetCommandLineA
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTempFileNameA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
MapViewOfFile
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

user32

CharNextA
CharPrevA
FindWindowExA
OemToCharBuffA
SendMessageA
wsprintfA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess2.dll
.dll windows:5 windows x86 arch:x86

a17b21d6d2e59cd74bd6cdff8263fb9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
Process32First
OpenProcess
TerminateProcess
Module32First
Process32Next
CreateToolhelp32Snapshot
CloseHandle
IsProcessorFeaturePresent
RtlUnwind
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetLastError
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
HeapSize

user32

wsprintfA

Exports

Exports

KillProcessByName

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ping.js
.js
$PROGRAMFILES/Bench/BService/bhelper.dll
.dll windows:5 windows x86 arch:x86

4bef99650e1a1ce11d5ea940e31f762d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

NetApiBufferAllocate

kernel32

TlsAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
VirtualProtect
GetLastError
IsBadStringPtrA
IsBadCodePtr
IsBadReadPtr
lstrcmpiA
GetStringTypeW
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
WriteFile
LCMapStringW

user32

CallNextHookEx

shlwapi

PathFindFileNameW

Exports

Exports

InstallHook

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/BService/bservice.exe
.exe windows:5 windows x86 arch:x86

bf3b63d36dcb0ae20e4a81b8b7b27750

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
SetCurrentDirectoryW
LoadLibraryW
GetProcAddress
SetLastError
OpenMutexW
GetLastError
CreateMutexW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetStringTypeW
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
Sleep
RtlUnwind
GetCPInfo
GetACP

user32

GetMessageW
UnhookWindowsHookEx
SetWindowsHookExW
TranslateMessage
DispatchMessageW

shlwapi

PathRemoveFileSpecW
PathAppendW

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/NmHost/manifest.json
$PROGRAMFILES/Bench/NmHost/nmhost.exe
.exe windows:5 windows x86 arch:x86

d69fdefcb26f6901696ce759b0109d19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
GetProcAddress
GetModuleHandleW
GetLastError
ReadFile
FindResourceExW
GetModuleFileNameW
TerminateProcess
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
RtlUnwind
LCMapStringW
GetCPInfo
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
SetEndOfFile

shlwapi

PathAppendW
PathAddBackslashW
PathRemoveFileSpecW

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/Updater/$R0
.xml
$PROGRAMFILES/Bench/Updater/1.7.0.0/updater.exe
.exe windows:5 windows x86 arch:x86

549d1990b731f0020523ba6d14199141

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
WaitForSingleObject
lstrcmpiW
CreateMutexW
LoadLibraryExW
GetModuleFileNameW
CreateDirectoryW
OpenProcess
TerminateProcess
SetLastError
FindClose
LoadLibraryW
CreateProcessW
GetTempPathW
RemoveDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
WTSGetActiveConsoleSessionId
ReadFile
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
GetVersionExW
GetConsoleCP
FlushFileBuffers
SetStdHandle
LCMapStringW
FreeLibrary
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
CreateFileW
FindResourceExW
FindResourceW
GetModuleHandleW
CloseHandle
SetFilePointer
SetEndOfFile
WriteFile
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DecodePointer
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalFree
GetProcAddress
GetStringTypeW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
RtlUnwind
EncodePointer
OutputDebugStringW
IsDebuggerPresent
LockResource
WriteConsoleW

user32

LoadImageW
SendMessageW
GetSystemMetrics
DestroyWindow
IsDialogMessageW
DefWindowProcW
GetMonitorInfoW
SetWindowPos
MonitorFromWindow
EndDialog
GetClientRect
CharNextW
GetWindowRect
MapWindowPoints
GetWindowLongW
GetParent
GetWindow
PostQuitMessage
SetWindowLongW

advapi32

OpenProcessToken
RegCreateKeyExW
RegOpenKeyW
RegEnumValueW
RegEnumKeyW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CheckTokenMembership
CreateProcessAsUserW
ImpersonateLoggedOnUser
GetUserNameW
FreeSid
AllocateAndInitializeSid
RevertToSelf
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathAddBackslashW
PathAppendW
PathFindFileNameW
PathCanonicalizeW
PathRemoveFileSpecW
PathFileExistsW

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW

comctl32

InitCommonControlsEx

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

wtsapi32

WTSQueryUserToken

rpcrt4

UuidCreate

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/Updater/updater.exe
.exe windows:5 windows x86 arch:x86

5fc60cdeaa443836f430e420109925d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW
CreateProcessW
CloseHandle
CreateFileW
LCMapStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetStringTypeW
LoadLibraryW
SetStdHandle
WriteConsoleW
FlushFileBuffers

shlwapi

PathRemoveFileSpecW
PathFindFileNameW

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/Wd/wd.exe
.exe windows:5 windows x86 arch:x86

7c59b980dcf53707695f1f8ad5f48c25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetLastError
Process32NextW
CreateToolhelp32Snapshot
Sleep
CreateMutexW
OpenMutexW
SetLastError
CreateFileW
WriteConsoleW
SetStdHandle
ExpandEnvironmentStringsW
GetProcAddress
TerminateProcess
CloseHandle
GetModuleHandleW
GetModuleFileNameW
Process32FirstW
LCMapStringW
LoadLibraryW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
WriteFile
GetStdHandle
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
SetFilePointer
WideCharToMultiByte
FlushFileBuffers

user32

TranslateMessage
DispatchMessageW
GetMessageW

shell32

ShellExecuteW

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Savings Wizard/AppFramework/appAPI_bg.js
.js
$PROGRAMFILES/Savings Wizard/AppFramework/appAPI_browseraction.js
.js
$PROGRAMFILES/Savings Wizard/AppFramework/appAPI_common.js
.js
$PROGRAMFILES/Savings Wizard/AppFramework/appAPI_content.js
.js
$PROGRAMFILES/Savings Wizard/AppFramework/appAPI_settings.js
.js
$PROGRAMFILES/Savings Wizard/AppFramework/appAPI_webrequest.js
.js
$PROGRAMFILES/Savings Wizard/AppFramework/jquery.min.js
.js
$PROGRAMFILES/Savings Wizard/CanvasFramework/canvas_bg.js
.js
$PROGRAMFILES/Savings Wizard/CanvasFramework/canvasscript_engine.js
.js
$PROGRAMFILES/Savings Wizard/CanvasFramework/md5.js
.js
$PROGRAMFILES/Savings Wizard/CanvasFramework/registry.js
.js
$PROGRAMFILES/Savings Wizard/CanvasFramework/webrequest.js
.js
$PROGRAMFILES/Savings Wizard/FrameworkBHO.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c4edfd99b54e26e218d031d7d8e75403

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:f4:7d:57:21:2b:01:2c:50:6e:1c:b5:ce:9a:f0:f8
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/03/2014, 00:00

Not After

25/03/2015, 23:59

Subject

CN=App Squad,O=App Squad,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:12:a6:43:46:6e:b6:c5:5e:e3:84:e8:89:a0:a5:01:b2:5a:1c:8e
Signer

Actual PE Digest

3e:12:a6:43:46:6e:b6:c5:5e:e3:84:e8:89:a0:a5:01:b2:5a:1c:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipFree
GdipCreateHBITMAPFromBitmap
GdipDeletePath
GdiplusShutdown
GdiplusStartup
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillPath
GdipAddPathArcI
GdipClosePathFigure
GdipAlloc
GdipCreatePath
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillRectangleI
GdipGraphicsClear
GdipSetPageUnit

wininet

InternetSetCookieW
InternetGetCookieExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
GetFileType
SetFilePointerEx
GetConsoleMode
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LoadResource
SizeofResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetProcAddress
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
GetLastError
SetLastError
Sleep
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MulDiv
lstrcmpW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
OutputDebugStringA
GetFileAttributesW
DecodePointer
FreeLibrary
TerminateProcess
CloseHandle
CreateFileW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetVersionExW
lstrcmpiW
LoadLibraryExW
LoadLibraryA
EncodePointer
GetThreadLocale
SetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
RtlUnwind
WideCharToMultiByte
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleW
EnterCriticalSection

user32

GetActiveWindow
GetMonitorInfoW
MonitorFromPoint
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetSystemMetrics
IsWindowVisible
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowDC
GetMenu
UpdateLayeredWindow
LoadCursorW
GetWindow
GetClassNameW
FindWindowExW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
SetWindowPos
MoveWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
RegisterWindowMessageW
IsChild

gdi32

ExtTextOutW
SetBkMode
GetTextExtentPoint32W
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateInstance
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysStringLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
UnRegisterTypeLi
OleCreateFontIndirect
VariantCopy
VarUI4FromStr
RegisterTypeLi

shlwapi

PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW

urlmon

CoInternetGetSession
CreateUri

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Savings Wizard/FrameworkBHO64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

901d313dc767fd00906e2c8daf14cc1b

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:f4:7d:57:21:2b:01:2c:50:6e:1c:b5:ce:9a:f0:f8
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/03/2014, 00:00

Not After

25/03/2015, 23:59

Subject

CN=App Squad,O=App Squad,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:d9:5a:6d:64:fe:42:6f:2f:52:02:82:e5:13:62:79:0c:50:58:5d
Signer

Actual PE Digest

5d:d9:5a:6d:64:fe:42:6f:2f:52:02:82:e5:13:62:79:0c:50:58:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipFree
GdipCreateHBITMAPFromBitmap
GdipDeletePath
GdiplusShutdown
GdiplusStartup
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillPath
GdipAddPathArcI
GdipClosePathFigure
GdipAlloc
GdipCreatePath
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillRectangleI
GdipGraphicsClear
GdipSetPageUnit

wininet

InternetSetCookieW
InternetGetCookieExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
GetFileType
SetFilePointerEx
GetConsoleMode
WriteFile
GetStdHandle
ExitProcess
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LoadResource
SizeofResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
lstrcmpW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleExW
OutputDebugStringA
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
DecodePointer
FreeLibrary
GetProcAddress
TerminateProcess
CloseHandle
GetModuleHandleW
CreateFileW
InitializeCriticalSection
DisableThreadLibraryCalls
GetVersionExW
lstrcmpiW
LoadLibraryExW
EncodePointer
GetThreadLocale
SetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
WideCharToMultiByte
IsProcessorFeaturePresent
GetCommandLineA
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleW
MulDiv

user32

GetActiveWindow
GetMonitorInfoW
MonitorFromPoint
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetSystemMetrics
IsWindowVisible
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowDC
GetMenu
UpdateLayeredWindow
LoadCursorW
GetWindow
GetClassNameW
FindWindowExW
GetParent
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
RegisterWindowMessageW
SetWindowPos

gdi32

ExtTextOutW
SetBkMode
GetTextExtentPoint32W
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateInstance
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysStringLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VariantChangeType
OleCreateFontIndirect
VariantCopy
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW

urlmon

CoInternetGetSession
CreateUri

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Savings Wizard/FrameworkEngine.exe
.exe windows:5 windows x86 arch:x86

35c26e987cd9a70d7e8718d281a8c5c2

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:f4:7d:57:21:2b:01:2c:50:6e:1c:b5:ce:9a:f0:f8
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/03/2014, 00:00

Not After

25/03/2015, 23:59

Subject

CN=App Squad,O=App Squad,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d4:88:1e:02:c9:1f:f0:c8:f1:a1:be:a4:d7:1e:c0:af:f3:9e:a9:ef
Signer

Actual PE Digest

d4:88:1e:02:c9:1f:f0:c8:f1:a1:be:a4:d7:1e:c0:af:f3:9e:a9:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieW
InternetSetCookieExW
InternetGetCookieExW

kernel32

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MulDiv
lstrcmpW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
OutputDebugStringA
GetFileAttributesW
DecodePointer
FreeLibrary
TerminateProcess
GetFileSize
ReadFile
CloseHandle
CreateFileW
WriteFile
FindClose
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
GetStdHandle
AllocConsole
FreeConsole
SetConsoleTitleW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
CreateThread
SetEvent
WaitForSingleObject
Sleep
lstrcmpiW
CreateEventW
LoadLibraryA
LoadLibraryExW
GetCommandLineW
TerminateThread
TlsAlloc
EnterCriticalSection
UnhandledExceptionFilter
GetStartupInfoW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
ExitThread
RtlUnwind
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
TlsGetValue
GetConsoleCP
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersion
GetProcAddress
MultiByteToWideChar
FindResourceExW
FindResourceW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
SetEndOfFile

user32

GetClassNameW
FindWindowExW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetWindow
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
LoadCursorW
EndDialog
MapWindowPoints
MonitorFromWindow
GetMonitorInfoW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
LoadImageW
ShowWindow
DialogBoxParamW
GetActiveWindow
GetSystemMetrics
GetForegroundWindow
MessageBoxW
SystemParametersInfoW
SetTimer
KillTimer
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
SetWindowPos
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
RegisterWindowMessageW
GetWindowRect

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
CryptAcquireContextW

shell32

SHGetFolderPathW

ole32

CoTaskMemRealloc
StringFromCLSID
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
CoDisconnectObject
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocStringLen
SysFreeString
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantCopy
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysAllocString

shlwapi

PathStripPathW
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW

urlmon

URLDownloadToFileW

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Savings Wizard/background.html
$PROGRAMFILES/Savings Wizard/config.xml
.xml
$PROGRAMFILES/Savings Wizard/extension_info.json
$PROGRAMFILES/Savings Wizard/framework-ui/browser_button.js
.js
$PROGRAMFILES/Savings Wizard/framework-ui/context_menu.js
.js
$PROGRAMFILES/Savings Wizard/framework-ui/context_menu_item_handler.html
.html
$PROGRAMFILES/Savings Wizard/framework-ui/framework_api.js
.js
$PROGRAMFILES/Savings Wizard/framework-ui/notification.html
.html .js polyglot
$PROGRAMFILES/Savings Wizard/framework-ui/notifications.js
.js
$PROGRAMFILES/Savings Wizard/framework-ui/options.js
.js
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/bottom-left.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/bottom-middle.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/bottom-right.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/middle-left.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/middle-right.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/tail-bottom.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/tail-left.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/tail-right.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/tail-top.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/top-left.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/top-middle.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/theme/bubble/top-right.png
.png
$PROGRAMFILES/Savings Wizard/framework-ui/ui_base.js
.js
$PROGRAMFILES/Savings Wizard/framework/backgroundscript_engine.js
.js
$PROGRAMFILES/Savings Wizard/framework/base.js
.js
$PROGRAMFILES/Savings Wizard/framework/browser.js
.js
$PROGRAMFILES/Savings Wizard/framework/console.js
.js
$PROGRAMFILES/Savings Wizard/framework/framework.js
.js
$PROGRAMFILES/Savings Wizard/framework/global.js
.js
$PROGRAMFILES/Savings Wizard/framework/i18n.js
.js
$PROGRAMFILES/Savings Wizard/framework/initialize.js
.js
$PROGRAMFILES/Savings Wizard/framework/invoke_async.js
.js
$PROGRAMFILES/Savings Wizard/framework/io.js
.js
$PROGRAMFILES/Savings Wizard/framework/json2.js
.js
$PROGRAMFILES/Savings Wizard/framework/lang.js
.js
$PROGRAMFILES/Savings Wizard/framework/legacy.js
$PROGRAMFILES/Savings Wizard/framework/message_target.js
.js
$PROGRAMFILES/Savings Wizard/framework/messaging.js
.js
$PROGRAMFILES/Savings Wizard/framework/storage.js
.js
$PROGRAMFILES/Savings Wizard/framework/timer.js
.js
$PROGRAMFILES/Savings Wizard/framework/updater.js
.js
$PROGRAMFILES/Savings Wizard/framework/userscript_client.js
.js
$PROGRAMFILES/Savings Wizard/framework/userscript_engine.js
.js
$PROGRAMFILES/Savings Wizard/framework/utils.js
.js
$PROGRAMFILES/Savings Wizard/framework/xhr.js
.js
$PROGRAMFILES/Savings Wizard/icons/button.png
.png
$PROGRAMFILES/Savings Wizard/icons/icon100.png
.png
$PROGRAMFILES/Savings Wizard/icons/icon128.png
.png
$PROGRAMFILES/Savings Wizard/icons/icon32.png
.png
$PROGRAMFILES/Savings Wizard/icons/icon48.png
.png
$R0/$PROGRAMFILES/Bench/Proxy/cl.exe
.exe windows:5 windows x86 arch:x86

53e440eab525a2322ed7c3bbc0d56450

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindResourceExW
MultiByteToWideChar
GetModuleHandleW
FindResourceW
GetProcAddress
LoadLibraryW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
IsProcessorFeaturePresent
RtlUnwind
LCMapStringW
GetStringTypeW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

wininet

InternetSetOptionW

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/$PROGRAMFILES/Bench/Proxy/icon.ico
$R0/$PROGRAMFILES/Bench/Proxy/proc.exe
.exe windows:5 windows x86 arch:x86

86c8c56c46ff9ead5cd630a195e059e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
TerminateProcess
OpenProcess
LoadLibraryW
GetModuleFileNameW
CreateProcessW
WTSGetActiveConsoleSessionId
GetTempPathW
FreeLibrary
CreateDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetVersionExW
GetCurrentThreadId
WaitForMultipleObjects
GlobalFree
CompareStringW
SetEndOfFile
WriteConsoleW
SetLastError
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
DeleteFileW
GetFileSize
WriteFile
ReadFile
CreateFileW
ReleaseMutex
CloseHandle
CreateMutexW
CreateThread
Sleep
WaitForSingleObject
TerminateThread
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetProcAddress
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedExchange
SetConsoleCtrlHandler
FatalAppExitA
SetEnvironmentVariableA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetLocaleInfoW
GetTimeZoneInformation
LCMapStringW
IsProcessorFeaturePresent
GetCurrentThread
GetLastError
RaiseException
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetStdHandle
ExitProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
HeapSize
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc

user32

SetWindowLongW
GetWindowLongW

advapi32

RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptDestroyKey
CryptDestroyHash
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString

shlwapi

PathAddBackslashW
PathCanonicalizeW
PathFileExistsW
PathFindFileNameW
PathIsDirectoryW
PathSkipRootW
PathRemoveBackslashW
PathRemoveFileSpecW

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

wtsapi32

WTSQueryUserToken

rpcrt4

UuidCreate

iphlpapi

GetExtendedTcpTable

ws2_32

socket
getaddrinfo
WSAStartup
connect
freeaddrinfo
WSACleanup
recv
send
bind
listen
ntohs
WSAGetLastError
select
closesocket
accept

wininet

InternetReadFile
InternetSetOptionW
InternetQueryOptionW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/$PROGRAMFILES/Bench/Proxy/pwdg.exe
.exe windows:5 windows x86 arch:x86

2f13c2677d291fa2e758804355daaaf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
WriteFile
GlobalFree
Sleep
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
FlushInstructionCache
CreateThread
TerminateThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
HeapCreate
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TerminateProcess
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
OpenProcess
SetLastError
CreateFileW
WaitForSingleObject
GetModuleFileNameW
CloseHandle
GetLastError
GetCurrentProcess
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
GetProcAddress
LockResource
SizeofResource
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
FlushFileBuffers
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
WriteConsoleW
HeapAlloc
HeapDestroy
GetModuleHandleW
TlsGetValue
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection

user32

MonitorFromPoint
UnregisterClassA
GetSubMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
LoadImageW
LoadMenuW
GetMonitorInfoW
PostMessageW
DestroyIcon
CallWindowProcW
PostQuitMessage
RegisterClassExW
LoadCursorW
GetClassInfoExW
DefWindowProcW
CreateWindowExW
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongW
SetWindowLongW
DestroyMenu

advapi32

RegOpenKeyExW
RegEnumKeyW
RegOpenKeyW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteW

shlwapi

PathRemoveFileSpecW

psapi

GetModuleFileNameExW

wininet

InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW
InternetSetOptionW
InternetQueryOptionW

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareDetector.exe
.exe windows:5 windows x86 arch:x86

444e96572d3541961a9bbf448f64ab12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetProcAddress
lstrlenW
InterlockedDecrement
ReadFile
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwind
GetCommandLineW
HeapSetInformation
HeapFree
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapAlloc
IsProcessorFeaturePresent
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileW
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
WriteConsoleW
SetEndOfFile
GetProcessHeap

user32

LoadStringW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chrome_gp_update.js
.js
chrome_installer.js
.js
common.js
.js
firefox/AppFramework/appAPI_bg.js
.js
firefox/AppFramework/appAPI_browseraction.js
.js
firefox/AppFramework/appAPI_common.js
.js
firefox/AppFramework/appAPI_content.js
.js
firefox/AppFramework/appAPI_settings.js
.js
firefox/AppFramework/appAPI_webrequest.js
.js
firefox/AppFramework/jquery.min.js
.js
firefox/CanvasFramework/canvas_bg.js
.js
firefox/CanvasFramework/canvasscript_engine.js
.js
firefox/CanvasFramework/md5.js
.js
firefox/CanvasFramework/registry.js
.js
firefox/CanvasFramework/webrequest.js
.js
firefox/background.html
firefox/bootstrap.js
.js
firefox/chrome.manifest
firefox/extension_info.json
firefox/framework-ui/browser_button.js
.js
firefox/framework-ui/contentNotification.tmpl
firefox/framework-ui/contentNotificationStyle.tmpl
firefox/framework-ui/content_notifications.js
.js
firefox/framework-ui/context_menu.js
.js
firefox/framework-ui/framework_api.js
.js
firefox/framework-ui/notifications.js
.js
firefox/framework-ui/options.js
.js
firefox/framework-ui/ui_base.js
.js
firefox/framework/backgroundscript_engine.js
.js
firefox/framework/base.js
.js
firefox/framework/browser.js
.js
firefox/framework/chrome_windows.js
.js
firefox/framework/console.js
.js
firefox/framework/content_proxy.js
.js
firefox/framework/framework.js
.js
firefox/framework/i18n.js
.js
firefox/framework/invoke_async.js
.js
firefox/framework/io.js
.js
firefox/framework/lang.js
.js
firefox/framework/legacy.js
firefox/framework/message_target.js
.js
firefox/framework/messaging.js
.js
firefox/framework/storage.js
.js
firefox/framework/timer.js
.js
firefox/framework/uninstall.js
.js
firefox/framework/userscript_client.js
.js
firefox/framework/userscript_engine.js
.js
firefox/framework/utils.js
.js
firefox/framework/xhr.js
.js
firefox/icons/button.png
.png
firefox/icons/icon100.png
.png
firefox/icons/icon128.png
.png
firefox/icons/icon32.png
.png
firefox/icons/icon48.png
.png
firefox/install.rdf
.xml
firefox_installer.js
.js
gpedit.exe
.exe windows:5 windows x86 arch:x86

0dd4bd1864f18648d2a3b14d2c8df7be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
LoadResource
MultiByteToWideChar
LockResource
SizeofResource
lstrlenW
GetModuleHandleW
FindResourceExW
GetProcAddress
FlushFileBuffers
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
LoadLibraryW
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
CreateFileW
CloseHandle

advapi32

RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icon.ico
ie_installer.js
.js
info.xml
.xml
installer.js
.js
main_installer.js
.js
migrate.js
.js
projectInstaller.js
.js
repair.js
.js
sqlite3.exe
.exe windows:4 windows x86 arch:x86

27da149de9afed20b5dc5d5889566b10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsGetValue
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_assert
_cexit
_flsbuf
_iob
_isatty
_isctype
_onexit
_pclose
_pctype
_popen
_setmode
_winmajor
abort
atexit
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
free
fwrite
getenv
localtime
malloc
memcmp
memmove
memset
printf
putchar
puts
qsort
realloc
signal
strcmp
strncmp
strncpy
strtol
tolower
vfprintf

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
storageedit.exe
.exe windows:5 windows x86 arch:x86

6003f1768a9ba54a9f149b29b92d5dd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetLastError
GetProcAddress
LockResource
CloseHandle
CreateFileW
DeleteFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetModuleFileNameW
ReadFile
TerminateProcess
SizeofResource
LoadLibraryW
GetModuleHandleW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
GetFileSize
WriteFile
LCMapStringW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

advapi32

CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData

shell32

SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree

shlwapi

PathFileExistsW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

49:f4:7d:57:21:2b:01:2c:50:6e:1c:b5:ce:9a:f0:f8Certificate

Extended Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

3b:50:90:16:d7:4c:ba:60:2f:34:cc:a2:8f:82:27:00:83:d7:73:51Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 140B

.rdata Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 106KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 76KB

.rsrc Size: 34KB - Virtual size: 34KB

ea0aa0a9e9dc166e514586b9219c0789

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 52B

.rdata Size: 1024B - Virtual size: 828B

.bss Size: - Virtual size: 1KB

.edata Size: 512B - Virtual size: 160B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1KB - Virtual size: 1KB

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 140B

.rdata Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 106KB

.idata Size: 5KB - Virtual size: 4KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

49:f4:7d:57:21:2b:01:2c:50:6e:1c:b5:ce:9a:f0:f8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

3b:50:90:16:d7:4c:ba:60:2f:34:cc:a2:8f:82:27:00:83:d7:73:51
Signer

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 140B

.rdata
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 106KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 76KB

.rsrc
Size: 34KB - Virtual size: 34KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 1024B - Virtual size: 828B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 160B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 140B

.rdata
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 106KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 48KB

.rsrc
Size: 36KB - Virtual size: 36KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 1024B - Virtual size: 828B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 160B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 176B

.bss
Size: - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 363B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 140B

.reloc
Size: 512B - Virtual size: 464B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 100B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 108B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 308B

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB