635456d66e68c04fc75137dbc81eb055

Sharing

Copy URL Twitter E-mail

General

Target

635456d66e68c04fc75137dbc81eb055
Size

4.8MB
MD5

635456d66e68c04fc75137dbc81eb055
SHA1

23d9464d362dd728b1a454acdb2fd2835689bbd6
SHA256

1e9fcd7c8fe8b9f667ddbde5cf7215e90b5313105d822c1c6c3ce5690a171bcd
SHA512

02726206f8f8c4559d9bdc4cd07ddf92ad842fbe9cc14549c4a4d75c8cde940f2dfbb09625c3bb5ce4d478962fafd9fced7924bb17f629b75609c0b0c70b2e34
SSDEEP

98304:0OOO3q6Ruwq1gO1EVpxhGLZadvj5P93oPFmb+mgON7Dlg55MjnPVA1:793wwjvp6LZad5P94Fe+KpO5knPVA1

Score

3^/10

Malware Config

Signatures

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/PGSetupHlp.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/saction.dll
unpack001/GrabKernel.dll
unpack001/IEProFrm.dll
unpack001/IEProRes.dll
unpack001/IEProRs.dll
unpack001/modules/adblock.dll
unpack001/modules/autoform.dll
unpack001/modules/basemod.dll
unpack001/modules/downmod.dll
unpack001/modules/fasterie.dll
unpack001/modules/findbar.dll
unpack001/modules/ie6mod.dll
unpack001/modules/iecleaner.dll
unpack001/modules/iescript.dll
unpack001/modules/liveserv.dll
unpack001/modules/singleie.dll
unpack001/modules/spellchk.dll
unpack001/winfile.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

635456d66e68c04fc75137dbc81eb055
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:9a:14:f6:dc:91:d2:06:d7:e0:2a:b5:b7:73:f8:cf:c3:90:53:4d
Signer

Actual PE Digest

ec:9a:14:f6:dc:91:d2:06:d7:e0:2a:b5:b7:73:f8:cf:c3:90:53:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PGSetupHlp.dll
.dll windows:4 windows x86 arch:x86

94ec55716a858ec8506ae712ae2c0ff8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetLongPathNameW
GetProcessHeap
HeapFree
WriteFile
HeapAlloc
GetTempFileNameW
GetTempPathW
DeleteFileW
GetSystemTimeAsFileTime
GetCurrentProcessId
LoadLibraryW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcAddress
GetVersionExA
LockResource
GetVersionExW
ReadFile
GetFileSize
FreeResource
CreateFileW
ReleaseMutex
Sleep
CreateThread
CloseHandle
WaitForSingleObject
GetTickCount
CreateMutexW
WideCharToMultiByte
IsValidCodePage
GlobalLock
MulDiv
GlobalUnlock
InitializeCriticalSection
SizeofResource
lstrcpynA
GetModuleHandleW
GlobalFree
GetLastError
DeleteCriticalSection
LoadResource
InterlockedIncrement
lstrcpyA
GlobalAlloc
FreeLibrary
lstrcmpiW
lstrlenW
FindResourceW
InterlockedDecrement
LoadLibraryExW
MultiByteToWideChar
GetModuleFileNameW
EnterCriticalSection
SetLastError
RaiseException
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
LeaveCriticalSection
QueryPerformanceCounter

user32

GetDesktopWindow
LoadImageW
InvalidateRect
GetCapture
GetParent
ScreenToClient
WindowFromPoint
GetClientRect
GetWindowDC
SendMessageW
DestroyIcon
GetCursorPos
DefWindowProcW
CallWindowProcW
GetClassInfoExW
ReleaseCapture
SetWindowPos
GetDC
EndDialog
ClientToScreen
GetDlgItem
PtInRect
SetParent
wsprintfA
CharNextW
CreateDialogParamW
ShowWindow
GetSysColor
GetTabbedTextExtentW
TabbedTextOutW
GetIconInfo
LoadStringW
FillRect
DrawTextExW
PostMessageW
SetRect
UnregisterClassW
CallNextHookEx
UnhookWindowsHookEx
GetSysColorBrush
SetTimer
IsWindowVisible
DrawStateW
GetWindowThreadProcessId
SystemParametersInfoW
SetWindowsHookExW
KillTimer
GetActiveWindow
GetSystemMetrics
GetWindowLongW
RegisterClassExW
GetWindowRect
SetWindowRgn
SetCursor
DrawTextW
DrawIconEx
EndPaint
ReleaseDC
IsWindow
GetWindowTextW
UpdateWindow
DestroyWindow
LoadCursorW
BeginPaint
CreateWindowExW
SetWindowLongW
SetCapture
UnregisterClassA
GetClassInfoW

gdi32

DeleteDC
BitBlt
SelectObject
RestoreDC
GetDeviceCaps
SaveDC
GetDIBits
CreateSolidBrush
Ellipse
RoundRect
SetBkMode
GetTextMetricsW
FillRgn
CreateRoundRectRgn
CreatePolygonRgn
FrameRgn
StretchBlt
GetObjectType
DeleteObject
CreateRectRgn
GetStockObject
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
CreateCompatibleBitmap
CombineRgn
SetTextColor
CreatePen
SetBkColor

advapi32

RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
VarBoolFromStr
VarDateFromStr
LoadTypeLi
SysFreeString
SysAllocString
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantInit
VariantClear
DispCallFunc

comctl32

ImageList_LoadImageW
ImageList_Draw
ImageList_Destroy

msvcp80

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

msvcr80

_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
wcstod
_purecall
calloc
_resetstkoflw
_wtol
_wtoi
memmove
_amsg_exit
_wcsupr_s
realloc
wcsrchr
iswspace
malloc
atol
memcpy_s
??2@YAPAXI@Z
free
wcsncpy_s
??_V@YAXPAX@Z
_recalloc
swprintf_s
??3@YAXPAX@Z
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcschr
memcpy
__clean_type_info_names_internal
__CxxFrameHandler3
_CxxThrowException

Exports

Exports

GetCheckRet
RunSetupDlg

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

c193ea402999ea8ce8faa9fef22de03d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
DrawFocusRect
CharPrevA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
GetWindowLongA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
GetUserData
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/saction.dll
.dll windows:4 windows x86 arch:x86

e0dbe201ef881c2240becf6ab72022a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
WSACleanup
gethostbyname

kernel32

WideCharToMultiByte
CreateDirectoryW
MultiByteToWideChar
FindResourceW
WritePrivateProfileStringA
SizeofResource
lstrlenA
LockResource
LoadResource
FindResourceExW
FindFirstFileW
GetFullPathNameW
SetLastError
FindNextFileW
CopyFileW
FindClose
GetWindowsDirectoryW
lstrcatW
lstrcpyW
lstrcmpiW
GetProcAddress
WaitForSingleObject
CloseHandle
GetUserDefaultLangID
GetVersionExW
GetTickCount
GetPrivateProfileStringA
lstrcpyA
GlobalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcpynW
Sleep
lstrcmpiA
CreateFileA
GetLocaleInfoW
SetStdHandle
FreeLibrary
LoadLibraryW
GetFileAttributesW
lstrlenW
CreateFileW
CreateThread
HeapAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
SetEndOfFile
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind

user32

wsprintfA
UnregisterClassA
SendMessageW
FindWindowW
WaitForInputIdle

advapi32

RegOpenKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoCreateGuid
CoTaskMemFree

shlwapi

UrlCompareW
StrStrIW
SHRegSetUSValueW

Exports

Exports

DoDelIE7ProButton
DoIE7ProButtonSet
DoSetAction
DoSetIntelAction
DoSetSearch
FindGrabBtn
FindIEInstance
FindIeProBtn
IntelShowHelp
OnInstall
OnUnInstall
PreInstall
PreUnInstall
ShowHelp

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GrabKernel.dll
.dll windows:4 windows x86 arch:x86

ac56e1ff9c0ad8d8b16e6a22147f9cb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
ResumeThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
SetThreadContext
GetThreadContext
SuspendThread
GetCurrentThread
SetLastError
WriteFile
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
CreateSemaphoreA
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

GetHookApiManager

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEPro.dll
.dll regsvr32 windows:4 windows x86 arch:x86

619617dfec8670a9662ec6f6e8e87e51

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:1d:94:fa:53:bc:dc:3f:7b:06:90:a5:75:d9:c8:43:ce:71:56:4b
Signer

Actual PE Digest

00:1d:94:fa:53:bc:dc:3f:7b:06:90:a5:75:d9:c8:43:ce:71:56:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdiplusStartup

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
HttpEndRequestW
HttpSendRequestExW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetSetOptionW
InternetGetConnectedStateExW
InternetQueryOptionW

psapi

GetModuleFileNameExW
EnumProcessModules

urlmon

CoInternetGetSession

oleacc

AccessibleObjectFromWindow
WindowFromAccessibleObject

kernel32

GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
EnterCriticalSection
LeaveCriticalSection
CompareStringW
lstrlenW
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
lstrcmpiW
InterlockedIncrement
FreeLibrary
CloseHandle
WaitForSingleObject
Sleep
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryExW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
lstrcpynW
lstrlenA
DebugBreak
OutputDebugStringW
DeleteFileW
WideCharToMultiByte
GetTickCount
CreateDirectoryW
WriteFile
CreateFileW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
lstrcmpW
CreateThread
lstrcpyW
GetModuleHandleA
GetThreadLocale
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetCurrentProcessId
FindNextFileW
FindClose
GetFullPathNameW
FindFirstFileW
ReadFile
GetUserDefaultLangID
WritePrivateProfileStringA
GetPrivateProfileStringA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateProcessW
GlobalFree
lstrcatW
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LoadLibraryW
LoadLibraryA
GetUserDefaultLCID
EnumSystemLocalesA
GetStdHandle
GetModuleFileNameA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
GetOEMCP
SetThreadLocale
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
IsValidCodePage

user32

wsprintfA
SetMenuDefaultItem
InsertMenuItemW
GetKeyNameTextW
MapVirtualKeyW
LoadIconW
GetWindowThreadProcessId
CreateAcceleratorTableW
UnhookWindowsHookEx
DestroyAcceleratorTable
GetDesktopWindow
IsChild
RedrawWindow
InvalidateRgn
MoveWindow
RegisterWindowMessageW
GetMenuItemCount
MessageBoxW
EnableWindow
MessageBeep
ClientToScreen
wsprintfW
GetForegroundWindow
GetSystemMetrics
LoadImageW
SetDlgItemTextW
CreateDialogParamW
GetClassInfoExW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
AdjustWindowRect
DrawTextExW
GetTopWindow
LoadMenuW
RegisterClassExW
UnregisterClassW
SetWindowsHookExW
GetClassLongW
SetClassLongW
SetPropW
PostMessageW
CallNextHookEx
SetTimer
KillTimer
IsWindowVisible
GetPropW
FindWindowExW
EnumChildWindows
EnumThreadWindows
GetActiveWindow
SetCursor
EndPaint
BeginPaint
GetCapture
ReleaseCapture
GetSysColor
GetFocus
GetCursorPos
PtInRect
CallWindowProcW
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
DestroyWindow
DrawFocusRect
FillRect
GetClassNameW
LoadCursorW
GetSubMenu
SetMenuItemInfoW
TrackPopupMenu
DestroyMenu
SetRectEmpty
OffsetRect
ReleaseDC
GetDC
CharNextW
DialogBoxParamW
CreateWindowExW
DefWindowProcW
LoadStringW
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SetWindowPos
IsWindow
GetDlgItem
GetParent
GetDlgItemTextW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
SetWindowLongW
DrawTextW
SendMessageW
EndDialog
GetMenuItemInfoW
SetRect
CharLowerW
UnregisterClassA
IsIconic

gdi32

GetObjectW
SelectObject
CreateSolidBrush
GetDeviceCaps
GetTextMetricsW
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
SetBkColor
ExtTextOutW
DeleteDC
CreateFontIndirectW
GetStockObject
SetTextColor
SetBkMode
DeleteObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

ord680
ShellExecuteW

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
UnRegisterTypeLi
RegisterTypeLi
VariantCopy
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
OleCreateFontIndirect
VariantClear
VariantInit
VariantChangeType
SysFreeString

shlwapi

SHDeleteValueW
SHRegGetBoolUSValueW
StrStrW
UrlCompareW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProCx.exe
.exe windows:4 windows x86 arch:x86

fbea30d1ae4e4be75d031416cae6d364

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:2d:30:90:23:9e:96:61:3e:f8:6d:34:42:94:5c:9f:85:54:55:b2
Signer

Actual PE Digest

db:2d:30:90:23:9e:96:61:3e:f8:6d:34:42:94:5c:9f:85:54:55:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionW
InternetQueryOptionW
InternetGetConnectedStateExW

kernel32

GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
lstrcmpW
GetProcAddress
LoadLibraryW
lstrlenA
TerminateProcess
WaitForSingleObject
Sleep
CloseHandle
OpenProcess
DeleteCriticalSection
MoveFileExW
DeleteFileW
GetUserDefaultLangID
lstrcpynW
lstrcatW
ReadFile
GetFileSize
CreateFileW
CreateProcessW
GlobalFree
FindNextFileW
RemoveDirectoryW
FindClose
ExitProcess
CreateDirectoryW
GetStartupInfoW
HeapReAlloc
GetModuleHandleA
HeapFree
HeapSize
HeapAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CopyFileW
FindFirstFileW
GetCurrentProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetProcessHeap
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

CharNextA
wsprintfW
UnregisterClassA
LoadStringW
DestroyWindow
CharNextW
MessageBoxW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

SHDeleteKeyW
StrToIntExW
StrToInt64ExW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IEProFrm.dll
.dll windows:4 windows x86 arch:x86

8dbe57bf3e6b7d123302bc0cd9194f39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleacc

AccessibleObjectFromWindow
WindowFromAccessibleObject

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
ImmGetOpenStatus

kernel32

RtlUnwind
TlsGetValue
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetVersion
InterlockedIncrement
GetModuleFileNameW
GetFileAttributesW
InterlockedDecrement
GetCurrentThreadId
SetLastError
GetModuleHandleW
GetModuleHandleA
GetLastError
OutputDebugStringA
LoadLibraryW
RaiseException
UnmapViewOfFile
CloseHandle
OpenFileMappingW
MapViewOfFile
lstrcmpiW
lstrlenW
GetCurrentProcessId
GetCurrentProcess
FlushInstructionCache
lstrcpyW
FindFirstFileW
FindClose
CreateFileW
GetFileSize
ReadFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetModuleFileNameA
GetStdHandle
GetCommandLineA
WriteFile
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
Sleep
TlsFree
TlsSetValue
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc

user32

GetWindowTextW
GetWindowTextLengthW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
GetWindowLongW
SetWindowLongW
IsWindow
CallWindowProcW
DefWindowProcW
SetWindowTextW
SendInput
GetFocus
KillTimer
SetTimer
GetPropW
IsWindowVisible
SetClassLongW
SetKeyboardState
GetClassLongW
GetKeyboardState
PostMessageW
GetDlgCtrlID
ScreenToClient
GetCursorPos
GetKeyState
FindWindowExW
EnumChildWindows
EnumThreadWindows
GetParent
SendMessageW
SetPropW
RegisterWindowMessageW
SetWindowsHookExW
GetWindowThreadProcessId
CallNextHookEx
UnhookWindowsHookEx
GetClassNameW
PtInRect
GetClassInfoExW
UnregisterClassA

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

CoCreateInstance

oleaut32

VariantInit
SysFreeString
VariantClear

Exports

Exports

installHook

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProRecorder.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e24c35ee44e3e74a3b14f01386cabe85

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:80:90:da:7b:fc:91:8d:74:38:8f:93:4f:84:00:b5:29:ca:c8:9e
Signer

Actual PE Digest

8e:80:90:da:7b:fc:91:8d:74:38:8f:93:4f:84:00:b5:29:ca:c8:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetGetLastResponseInfoA
InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

kernel32

CreateDirectoryA
GetPrivateProfileStringA
GetEnvironmentVariableA
GetVersionExA
FindClose
FindFirstFileA
Sleep
CreateProcessA
CreateFileMappingA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetTempPathA
GetModuleFileNameA
WideCharToMultiByte
GetWindowsDirectoryA
GetTickCount
lstrcmpiA
CreateFileA
RemoveDirectoryA
FindNextFileA
DeleteFileA
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
CreateThread
lstrlenW
LoadLibraryExA
IsDBCSLeadByte
SizeofResource
GetCurrentProcessId
CompareStringA
lstrcpynA
CopyFileA
lstrcpyA
WriteFile
FreeConsole
AllocConsole
lstrcmpA
GlobalUnlock
GlobalLock
GlobalAlloc
DisableThreadLibraryCalls
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalReAlloc
FormatMessageA
GetFileAttributesA
InterlockedCompareExchange
VirtualAlloc
VirtualFree
IsBadWritePtr
CreateMutexA
ReleaseMutex
PostQueuedCompletionStatus
GetPrivateProfileIntA
GetQueuedCompletionStatus
GetSystemInfo
GlobalFree
SetEndOfFile
SetFilePointer
VirtualProtect
VirtualQuery
ExitThread
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetThreadLocale
GetLocaleInfoA
GetACP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
FatalAppExitA
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
WritePrivateProfileStringA
FreeLibrary
InterlockedIncrement
GetLocalTime
MulDiv
GetCurrentThreadId
CreateEventA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
SetEvent
CloseHandle
GetExitCodeThread
WaitForSingleObject
TerminateThread
lstrlenA
InterlockedDecrement
FindResourceA
LoadResource
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
LockResource
IsValidLocale
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
ReadFile
CompareStringW
SetEnvironmentVariableA
RtlUnwind
CreateIoCompletionPort
HeapReAlloc

user32

GetDlgCtrlID
GetWindowTextLengthA
SetRectEmpty
FillRect
IsWindowEnabled
IntersectRect
IsRectEmpty
SetWindowRgn
KillTimer
IsWindowVisible
GetUpdateRect
SetScrollInfo
GetScrollInfo
EnableScrollBar
LoadStringW
wsprintfW
PtInRect
wsprintfA
PostQuitMessage
OffsetRect
EnableMenuItem
TrackPopupMenu
GetSystemMetrics
MonitorFromPoint
InvalidateRgn
RedrawWindow
IsChild
DestroyAcceleratorTable
CreateAcceleratorTableA
RegisterWindowMessageA
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
GetMonitorInfoA
SetActiveWindow
SetTimer
ClientToScreen
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
GetSysColor
DrawFocusRect
GetClassNameA
GetWindowThreadProcessId
CharNextA
LoadImageA
DrawTextA
DrawFrameControl
GetDesktopWindow
DestroyIcon
GetWindowDC
EndPaint
BeginPaint
DrawIconEx
GetCapture
GetCursorPos
WindowFromPoint
ReleaseCapture
SetCapture
InvalidateRect
UpdateWindow
ScreenToClient
GetWindowTextA
SetForegroundWindow
GetClassInfoExA
RegisterClassExA
EqualRect
SetRect
GetActiveWindow
TranslateMessage
GetKeyState
GetComboBoxInfo
SetFocus
CallWindowProcA
GetDlgItem
EndDialog
GetWindow
GetClientRect
SendDlgItemMessageA
SystemParametersInfoA
ReleaseDC
GetDC
DefWindowProcA
LoadCursorA
DialogBoxParamA
CreateWindowExA
DestroyWindow
GetFocus
MapWindowPoints
LoadMenuA
GetSubMenu
SetMenuItemInfoA
TrackPopupMenuEx
DestroyMenu
SetCursor
GetParent
LoadStringA
GetWindowLongA
SetWindowPos
IsWindow
MessageBoxA
ShowWindow
GetWindowRect
MoveWindow
SendMessageA
PostMessageA
SetWindowLongA
UnregisterClassA
SetWindowTextA

gdi32

CreateDIBSection
ExtCreateRegion
CombineRgn
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetRgnBox
PatBlt
GetTextExtentPoint32A
LineTo
MoveToEx
RestoreDC
SaveDC
GetTextMetricsA
SetBkColor
ExtTextOutA
CreatePen
CreateBrushIndirect
BitBlt
RoundRect
SetTextColor
SetBkMode
GetStockObject
CreateFontIndirectA
GetObjectA
DeleteObject
DeleteDC
CreateSolidBrush

advapi32

AdjustTokenPrivileges
IsTextUnicode
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
ExtractIconExA
SHCreateDirectoryExA
ShellExecuteA
ShellExecuteExA

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
RegisterDragDrop
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocString
SystemTimeToVariantTime
SafeArrayCreateVector
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysAllocStringLen
DispCallFunc
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
VarUI4FromStr
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

StrStrA
StrCmpNIA
StrStrIA

msimg32

GradientFill

ws2_32

closesocket
WSAGetLastError
inet_addr
getsockname
bind
connect
shutdown
WSASend
ntohs
htons
WSAStartup
WSACleanup
__WSAFDIsSet
select
WSASocketA
htonl
getpeername
WSAIoctl
setsockopt
inet_ntoa
WSAAccept
listen
WSARecv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProRes.dll
.dll windows:4 windows x86 arch:x86

22b98c5c8c68a5c45b232e3b1c1c06e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProRs.dll
.dll windows:4 windows x86 arch:x86

22b98c5c8c68a5c45b232e3b1c1c06e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MiniDM.exe
.exe windows:4 windows x86 arch:x86

f7b5394d5edd068037b43fe0dd1bded5

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:fd:3b:bd:29:19:a7:7d:3e:d9:bd:c2:9f:30:ca:6d:1d:44:b4:bc
Signer

Actual PE Digest

0d:fd:3b:bd:29:19:a7:7d:3e:d9:bd:c2:9f:30:ca:6d:1d:44:b4:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetSystemDirectoryA
WriteFile
CreateFileA
DeleteFileA
GetTempFileNameA
GetTempPathA
FindNextFileW
FindClose
GetFullPathNameW
FindFirstFileW
GetVersionExW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
lstrcmpW
CreateMutexW
OpenMutexW
GetLocalTime
GetFileSize
GetWindowsDirectoryW
LoadLibraryW
lstrcmpA
DeviceIoControl
SetFileTime
SystemTimeToFileTime
SetFilePointer
SetEndOfFile
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumeInformationW
GetProcessHeap
HeapFree
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
FreeLibrary
ExitThread
GetModuleHandleA
ExitProcess
HeapSize
GetSystemTimeAsFileTime
GetStartupInfoW
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetOEMCP
IsValidCodePage
GetModuleFileNameA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetProcAddress
GlobalFree
lstrcpyW
DeleteCriticalSection
InitializeCriticalSection
GlobalLock
GlobalAlloc
GlobalUnlock
CreateEventW
SetEvent
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
lstrcatW
CreateProcessW
GetTickCount
TerminateProcess
GetLastError
lstrcpynW
Sleep
lstrcpyA
GetCurrentProcessId
GetModuleFileNameW
DeleteFileW
GetLocaleInfoW
CompareStringA
HeapAlloc
SetEnvironmentVariableA
MoveFileW
lstrcmpiW
CompareStringW
OutputDebugStringW
DebugBreak
CreateThread
CreateFileW
GetFileSizeEx
ReadFile
WaitForSingleObject
CloseHandle
CreateDirectoryW
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
RaiseException

user32

PeekMessageW
RegisterWindowMessageW
GetForegroundWindow
GetSystemMetrics
LoadImageW
SetMenuDefaultItem
SetActiveWindow
SetForegroundWindow
WindowFromPoint
GetWindowPlacement
IsIconic
SetMenu
TranslateAcceleratorW
GetTopWindow
GetMenuItemCount
GetMenuItemInfoW
FindWindowW
GetWindowThreadProcessId
DestroyIcon
IsWindowVisible
LoadAcceleratorsW
GetKeyState
EnableMenuItem
TrackPopupMenu
CharLowerW
InflateRect
GetSubMenu
LoadMenuW
GetScrollPos
CreatePopupMenu
AppendMenuW
RemoveMenu
GetMonitorInfoW
MonitorFromPoint
LoadStringA
TrackPopupMenuEx
InsertMenuW
GetDesktopWindow
AttachThreadInput
SetClipboardData
KillTimer
SetTimer
DestroyMenu
GetMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetClassNameW
ReleaseDC
GetDC
EndPaint
CloseClipboard
UnregisterClassW
wsprintfA
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
FlashWindow
BeginPaint
GetSysColor
GetCapture
ReleaseCapture
GetCursorPos
PtInRect
SetCursor
IsWindow
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
DrawFocusRect
FillRect
DrawTextW
EnableWindow
CharNextW
GetWindowTextLengthW
GetWindowTextW
CreateDialogParamW
SetParent
SetRectEmpty
MessageBeep
MessageBoxW
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
DestroyWindow
wsprintfW
ShowWindow
OffsetRect
LoadStringW
SystemParametersInfoW
MapWindowPoints
ScreenToClient
GetWindowRect
EndDialog
SetRect
IsRectEmpty
GetActiveWindow
GetFocus
GetWindow
GetSysColorBrush
IsChild
DialogBoxParamW
GetDlgItem
GetDlgCtrlID
GetParent
GetNextDlgTabItem
SetFocus
RegisterClassExW
CallWindowProcW
GetWindowLongW
DefWindowProcW
LoadCursorW
GetClassInfoExW
GetClientRect
SetWindowPos
SendMessageW
SetWindowTextW
CreateWindowExW
SetWindowLongW
PostMessageW
SetMenuItemInfoW
UnregisterClassA

gdi32

LineTo
MoveToEx
RestoreDC
SaveDC
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
ExtTextOutW
GetTextMetricsW
GetClipBox
SetWindowOrgEx
GetStockObject
CreateFontIndirectW
DeleteDC
SetTextColor
SetBkMode
SelectObject
GetObjectW
CombineRgn
CreateRectRgnIndirect
CreatePen
DeleteObject
FillRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegDeleteKeyW

shell32

SHBrowseForFolderW
ExtractIconExW
ShellExecuteExW
SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconW
ord680
ShellExecuteW
SHGetPathFromIDListW

ole32

DoDragDrop
ReleaseStgMedium
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance

oleaut32

VarUI4FromStr
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString

shlwapi

StrToIntExW

comctl32

_TrackMouseEvent
ImageList_LoadImageW
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_GetIcon
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawEx
InitCommonControlsEx

wininet

HttpSendRequestW
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetQueryOptionA
DetectAutoProxyUrl
InternetQueryOptionW
InternetGetCookieA
InternetCombineUrlA
InternetReadFile

ws2_32

bind
WSAStartup
WSACleanup
WSACreateEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket
socket
WSAEventSelect
connect
recv
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
send
getpeername
getsockname
shutdown
ioctlsocket
WSAAsyncSelect
setsockopt
listen
WSAAsyncGetHostByName
WSACancelAsyncRequest
accept
gethostname

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProEula.txt
ProgSenseSetup.exe
.exe windows:1 windows x86 arch:x86

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d2:f9:65:f1:12:55:3b:a5:aa:0c:42:1a:56:b4:ad:f0:d3:ab:81
Signer

Actual PE Digest

2b:d2:f9:65:f1:12:55:3b:a5:aa:0c:42:1a:56:b4:ad:f0:d3:ab:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filter.ini
language/MiniDM/mdmara.ini
language/MiniDM/mdmbgr.ini
language/MiniDM/mdmchs.ini
language/MiniDM/mdmcht.ini
language/MiniDM/mdmcsy.ini
language/MiniDM/mdmdan.ini
language/MiniDM/mdmdeu.ini
language/MiniDM/mdmell.ini
language/MiniDM/mdmeng.ini
language/MiniDM/mdmesp.ini
language/MiniDM/mdmfar.ini
language/MiniDM/mdmfin.ini
language/MiniDM/mdmfra.ini
language/MiniDM/mdmheb.ini
language/MiniDM/mdmhun.ini
language/MiniDM/mdmita.ini
language/MiniDM/mdmjpn.ini
language/MiniDM/mdmkor.ini
language/MiniDM/mdmnld.ini
language/MiniDM/mdmnor.ini
language/MiniDM/mdmplk.ini
language/MiniDM/mdmptb.ini
language/MiniDM/mdmrom.ini
language/MiniDM/mdmrus.ini
language/MiniDM/mdmsky.ini
language/MiniDM/mdmslv.ini
language/MiniDM/mdmsqi.ini
language/MiniDM/mdmsve.ini
language/MiniDM/mdmtha.ini
language/MiniDM/mdmtrk.ini
language/proara.ini
language/probel.ini
language/probgr.ini
language/prochs.ini
language/procht.ini
language/procsy.ini
language/prodan.ini
language/prodeu.ini
language/proell.ini
language/proeng.ini
language/proesm.ini
language/proesp.ini
language/profar.ini
language/profin.ini
language/profra.ini
language/proheb.ini
language/prohun.ini
language/proita.ini
language/projpn.ini
language/prokor.ini
language/prolth.ini
language/pronld.ini
language/pronor.ini
language/proplk.ini
language/proptb.ini
language/proptg.ini
language/prorom.ini
language/prorus.ini
language/prosky.ini
language/proslv.ini
language/prosqi.ini
language/prosrl.ini
language/prosve.ini
language/protha.ini
language/protrk.ini
language/proukr.ini
language/provit.ini
lgpl.txt
modules/adblock.dll
.dll windows:4 windows x86 arch:x86

4136d596a06ce165ed19cfd511f33283

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCombineUrlW
InternetCrackUrlW

urlmon

CoInternetGetSession
CoGetClassObjectFromURL
RevokeBindStatusCallback
RegisterBindStatusCallback

kernel32

LoadLibraryExW
InitializeCriticalSection
RaiseException
lstrlenA
WideCharToMultiByte
CreateFileW
GetFileTime
CloseHandle
DeleteFileW
CopyFileW
LoadLibraryA
GetVersionExW
Sleep
CreateDirectoryW
DebugBreak
OutputDebugStringW
FindFirstFileW
FindClose
lstrcpyW
CreateEventW
GetOEMCP
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
WriteFile
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
HeapDestroy
ExitProcess
FindResourceW
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetSystemInfo
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
VirtualQuery
VirtualProtect
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DeleteCriticalSection
LoadResource
SizeofResource
OutputDebugStringA
InterlockedDecrement
LoadLibraryW
InterlockedExchange
InterlockedIncrement
MulDiv
MultiByteToWideChar
LeaveCriticalSection
GetModuleHandleA
DisableThreadLibraryCalls
IsValidCodePage
EnterCriticalSection
GetModuleHandleW
GetLastError
GetCurrentThreadId
FreeLibrary
GetFileAttributesW
lstrlenW
FlushInstructionCache
GetVersion
GetCurrentProcess
lstrcmpiW
GetProcAddress
lstrcmpW
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
GetModuleFileNameW
SetStdHandle
CreateFileA
SetEndOfFile
GetCPInfo
FreeEnvironmentStringsA

user32

GetSysColorBrush
GetNextDlgTabItem
CheckMenuItem
SetRect
SetDlgItemTextW
IsWindowVisible
MessageBeep
IsWindowEnabled
TrackPopupMenu
PostMessageW
EnableMenuItem
InsertMenuW
RemoveMenu
LoadMenuW
OpenClipboard
DestroyMenu
GetSubMenu
GetDlgCtrlID
SetCursor
EndDialog
MapWindowPoints
GetWindowRect
EnableWindow
SystemParametersInfoW
GetActiveWindow
CreateDialogParamW
SetParent
LoadStringW
CharLowerW
EmptyClipboard
CloseClipboard
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
GetWindowDC
IntersectRect
PeekMessageW
GetMessageW
CopyRect
EqualRect
OffsetRect
SetWindowRgn
GetCursorPos
LoadIconW
UnregisterClassA
DialogBoxParamW
GetClassInfoExW
GetFocus
IsChild
ClientToScreen
RegisterClassExW
RedrawWindow
ScreenToClient
GetDC
SetWindowPos
ReleaseDC
MoveWindow
EndPaint
CallWindowProcW
DefWindowProcW
SendMessageW
GetClientRect
CreateWindowExW
BeginPaint
DestroyWindow
GetWindowLongW
GetWindow
SetWindowLongW
SetCapture
RegisterWindowMessageW
ReleaseCapture
CharNextW
IsWindow
UnionRect
PtInRect
DestroyAcceleratorTable
GetWindowTextLengthW
GetKeyState
GetClassNameW
GetDesktopWindow
GetDlgItem
InvalidateRect
SetFocus
GetParent
InvalidateRgn
LoadCursorW
GetWindowTextW
CreateAcceleratorTableW
SetWindowTextW
GetSysColor
ShowWindow
FillRect
SetClipboardData
DrawIconEx

gdi32

SetWindowExtEx
SetWindowOrgEx
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
DeleteObject
CreateMetaFileW
SelectObject
SaveDC
CreateSolidBrush
FillRgn
CreateRectRgnIndirect
CombineRgn
SelectClipRgn
DPtoLP
SetTextAlign
TextOutW
SetBkMode
SetTextColor
RestoreDC
CreateCompatibleDC
CloseMetaFile
CreateCompatibleBitmap
DeleteMetaFile
CreateDCW
GetObjectW
BitBlt
GetDeviceCaps
GetStockObject

advapi32

RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

ole32

CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
CoCreateInstance
CoTaskMemFree
StringFromCLSID
OleLockRunning
StringFromGUID2
CreateOleAdviseHolder
OleInitialize
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
OleUninitialize
CreateBindCtx
CreateDataAdviseHolder

oleaut32

SysStringLen
VariantCopy
SysAllocStringLen
LoadTypeLi
SysStringByteLen
LoadRegTypeLi
VariantInit
SysAllocString
VariantClear
OleCreatePropertyFrame
VarUI4FromStr
VariantChangeType
OleCreateFontIndirect
SysFreeString

Exports

Exports

createProModule

Sections

.text
Size: 632KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/adblock.ini
modules/autoform.dll
.dll windows:4 windows x86 arch:x86

0e0a375be93826db31b8fd0d6a978194

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCrackUrlW

kernel32

GetLastError
LeaveCriticalSection
OutputDebugStringA
LoadLibraryW
GetCurrentProcess
FlushInstructionCache
DebugBreak
OutputDebugStringW
DeleteFileW
CreateDirectoryW
LoadLibraryA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
FreeLibrary
InterlockedExchange
lstrcmpiW
InitializeCriticalSection
DeleteCriticalSection
GetFullPathNameW
FindFirstFileW
LockResource
FindResourceExW
FindNextFileW
FindClose
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetModuleFileNameA
CloseHandle
FlushFileBuffers
ReadFile
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetConsoleMode
GetConsoleCP
WriteFile
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
HeapSize
HeapReAlloc
GetLocaleInfoW
HeapDestroy
GetModuleHandleA
VirtualAlloc
GetCurrentThreadId
GetModuleHandleW
InterlockedIncrement
GetFileAttributesW
RaiseException
SetLastError
GetVersion
GetProcAddress
GetModuleFileNameW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
InterlockedDecrement
SetEnvironmentVariableA
GetEnvironmentStrings
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
CreateFileA
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetVersionExA
GetACP
GetLocaleInfoA

user32

UnregisterClassA
PtInRect
OffsetRect
IsWindow
GetSysColor
EndPaint
RegisterClassExW
AppendMenuW
BeginPaint
CreatePopupMenu
DestroyWindow
LoadCursorW
GetClassInfoExW
GetDlgCtrlID
BringWindowToTop
SetTimer
KillTimer
GetMonitorInfoW
CreateDialogParamW
GetCursorPos
CreateWindowExW
wsprintfW
EnableWindow
MessageBeep
SetDlgItemTextW
GetWindowTextW
GetWindowTextLengthW
CharNextW
GetDC
ShowWindow
DefWindowProcW
GetDlgItem
MoveWindow
GetActiveWindow
EndDialog
SendMessageW
DialogBoxParamW
SetWindowTextW
CallWindowProcW
GetWindowRect
DestroyMenu
TrackPopupMenu
SetFocus
SetWindowLongW
GetWindowLongW
GetWindow
SystemParametersInfoW
GetSubMenu
GetParent
LoadMenuW
GetClientRect
MapWindowPoints
SetWindowPos
InvalidateRect
SetParent
LoadStringW
MonitorFromPoint

gdi32

GetObjectW
ExtTextOutW
SetBkColor
CreateSolidBrush
DeleteDC
Rectangle
GetStockObject

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr
VarBstrCmp
SysFreeString
SysAllocString
VariantClear
VariantInit

Exports

Exports

clearSavedText
createProModule

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/autoform.ini
modules/basemod.dll
.dll windows:4 windows x86 arch:x86

5a28160a7267559a4973b2767b8eaebe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionStringW
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

wininet

InternetCombineUrlW
InternetCombineUrlA
GetUrlCacheEntryInfoW
FindFirstUrlCacheEntryExW
FindNextUrlCacheEntryExW
InternetGetConnectedStateExW
InternetQueryOptionW
InternetSetOptionW
FindCloseUrlCache

gdiplus

GdipGetDC
GdipFlush
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipCreateSolidFill
GdipCloneBrush
GdipDrawImageI
GdipReleaseDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromFile
GdipAlloc
GdipDisposeImage
GdipFree
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipFillRectangleI
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipDeleteBrush

urlmon

UrlMkSetSessionOption

kernel32

FlushFileBuffers
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapSize
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStdHandle
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
lstrlenW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpW
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetVersion
GetModuleHandleA
GetLastError
SetLastError
GetFileAttributesW
DeleteFileW
GetVersionExW
GetModuleFileNameW
OutputDebugStringA
lstrcmpiW
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentThreadId
RaiseException
GetCurrentProcess
OutputDebugStringW
CloseHandle
CopyFileW
CreateFileW
MulDiv
DebugBreak
WriteFile
InterlockedExchange
UnmapViewOfFile
OpenFileMappingW
FreeEnvironmentStringsA
GetTickCount
GetCurrentProcessId
GlobalLock
GlobalUnlock
GetShortPathNameW
GetTempPathW
GetTempFileNameW
GetFileSize
ReadFile
SetEndOfFile
FindFirstFileW
FindClose
GlobalFree
lstrcpyW
CreateDirectoryW
CreateProcessW
FreeLibrary
lstrcpynW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
GetLocalTime
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
TlsGetValue
ExitProcess
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
TlsSetValue
TlsFree
GetOEMCP
TlsAlloc
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
MapViewOfFile

user32

wsprintfA
IsZoomed
MoveWindow
GetDC
GetNextDlgTabItem
ReleaseDC
GetSysColorBrush
IsChild
CheckMenuItem
SetTimer
GetWindowThreadProcessId
RegisterClipboardFormatW
SetClipboardData
CharLowerW
MapVirtualKeyW
GetKeyNameTextW
OpenClipboard
EmptyClipboard
CloseClipboard
InflateRect
IsWindow
EndPaint
BeginPaint
KillTimer
ShowWindow
SetParent
LoadCursorW
GetCursorPos
GetDlgCtrlID
GetClassInfoExW
TrackPopupMenu
GetKeyState
EndDialog
SetDlgItemInt
GetDlgItemInt
DialogBoxParamW
DefWindowProcW
DestroyWindow
CreateDialogParamW
EnableWindow
RegisterWindowMessageW
CallWindowProcW
SendDlgItemMessageW
wsprintfW
SendInput
GetFocus
GetClassNameW
FindWindowExW
ScreenToClient
DestroyMenu
GetActiveWindow
RemoveMenu
GetSubMenu
SetKeyboardState
GetKeyboardState
ReleaseCapture
GetCapture
PtInRect
GetSystemMetrics
SetCursor
SetCapture
CreateWindowExW
RedrawWindow
IsWindowVisible
PostMessageW
DrawTextW
SetRect
RegisterClassExW
GetSysColor
AppendMenuW
LoadMenuW
IsMenu
EnableMenuItem
InsertMenuW
LoadStringW
CharNextW
GetWindowLongW
GetClientRect
SetDlgItemTextW
GetWindowTextW
GetParent
GetWindow
GetWindowTextLengthW
SystemParametersInfoW
SendMessageW
GetWindowRect
MapWindowPoints
SetWindowPos
SetWindowLongW
SetFocus
MessageBeep
GetDlgItem
SetWindowTextW
InvalidateRect
UnregisterClassA

gdi32

ExtTextOutW
DeleteDC
SelectObject
SetBkColor
CreateCompatibleBitmap
BitBlt
DeleteObject
FillRgn
CreateRectRgnIndirect
CombineRgn
ExtCreatePen
LineTo
MoveToEx
CreateCompatibleDC
CreateSolidBrush

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW

shell32

ord680
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

ReleaseStgMedium
CoTaskMemFree
CoCreateInstance

oleaut32

CreateDispTypeInfo
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VarBstrCmp
DispCallFunc
VariantChangeType
VariantCopyInd
VariantInit
SysAllocString
VariantClear
SysStringLen
SysFreeString

shlwapi

SHRegSetUSValueW

Exports

Exports

clearTabHistory
createProModule

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/basemod.ini
modules/downmod.dll
.dll windows:4 windows x86 arch:x86

52a006f882502a57962e1e838db809d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

RegisterBindStatusCallback

kernel32

DeleteCriticalSection
InterlockedDecrement
GetModuleHandleW
GetModuleHandleA
GetLastError
FindResourceW
OutputDebugStringA
LoadLibraryW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
GetTempPathW
GetCurrentProcess
GetCurrentThreadId
GetTempFileNameW
FlushInstructionCache
EnterCriticalSection
lstrlenW
GetProcAddress
GetVersion
LeaveCriticalSection
SetLastError
GetFileAttributesW
lstrlenA
WideCharToMultiByte
lstrcpynW
CreateFileW
GetFileTime
CloseHandle
GetPrivateProfileStringA
FreeLibrary
GetWindowsDirectoryW
lstrcatW
FindFirstFileW
FindClose
CreateProcessW
WriteFile
SetEndOfFile
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
RaiseException
IsValidCodePage
GetOEMCP
GetCPInfo
FlushFileBuffers
ExitProcess
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
GetStdHandle
GetModuleFileNameA
CreateFileA

user32

wsprintfW
CheckMenuItem
CharNextW
SendMessageW
UnregisterClassA
SetDlgItemTextW
GetWindow
SystemParametersInfoW
GetWindowRect
GetActiveWindow
GetKeyState
EndDialog
MapWindowPoints
SetWindowPos
DestroyIcon
GetWindowLongW
LoadIconW
GetDlgItem
SetWindowLongW
DialogBoxParamW
GetSystemMetrics
SetFocus
LoadImageW
MessageBeep
GetParent
EnableMenuItem
InsertMenuW
GetSubMenu
LoadMenuW
GetClientRect

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ExtractIconExW

ole32

CoGetMalloc
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysStringLen

Exports

Exports

createProModule

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/downmod.ini
modules/fasterie.dll
.dll windows:4 windows x86 arch:x86

536681f2a21b8a2215a613b99fd74ead

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCombineUrlW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
HttpSendRequestW

urlmon

UrlMkGetSessionOption

ws2_32

gethostbyname

kernel32

GetStringTypeW
GetStringTypeA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetCurrentProcess
FlushInstructionCache
GetProcAddress
GetVersion
SetLastError
RaiseException
GetFileAttributesW
GetModuleHandleW
GetModuleHandleA
GetLastError
GetCurrentThreadId
OutputDebugStringA
LoadLibraryW
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
lstrlenW
WideCharToMultiByte
Sleep
CreateThread
CloseHandle
DeleteFileW
WriteFile
lstrcpyW
WaitForSingleObject
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateFileW
lstrlenA
MultiByteToWideChar
lstrcmpW
SetEndOfFile
lstrcpynW
GetTempPathW
GetTempFileNameW
GetFileSize
ReadFile
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetCurrentProcessId
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA

user32

GetDlgItemInt
SetWindowLongW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
CreateDialogParamW
SetFocus
MessageBeep
SetWindowTextW
SendMessageW
SetDlgItemInt
SetDlgItemTextW
GetDlgItem
UnregisterClassA

ole32

CoCreateInstance

oleaut32

VariantClear
VariantInit
SysStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
VarBstrCmp
SysFreeString

Exports

Exports

createProModule

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/fasterie.ini
modules/findbar.dll
.dll windows:4 windows x86 arch:x86

3e34e2b41cfc437126b2993cc8254f6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetContext
ImmGetCompositionStringW
ImmGetOpenStatus
ImmReleaseContext

kernel32

FindResourceW
GetFileAttributesW
LoadResource
SetLastError
LoadLibraryA
LockResource
lstrlenW
lstrcpynW
GetModuleHandleW
GetModuleHandleA
GetLastError
SizeofResource
FindResourceExW
OutputDebugStringA
LoadLibraryW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
lstrcmpW
lstrcmpiW
WideCharToMultiByte
ReadFile
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
ExitProcess
Sleep
GetVersion
GetProcAddress
MultiByteToWideChar
lstrlenA
GetModuleFileNameW
FlushInstructionCache
InitializeCriticalSection
RaiseException
InterlockedExchange
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter

user32

GetClassNameW
InvalidateRect
GetSystemMetrics
SetWindowTextW
LoadImageW
SetTimer
GetFocus
CallWindowProcW
DestroyWindow
DrawIconEx
DefWindowProcW
GetKeyState
DialogBoxParamW
GetSysColor
DestroyIcon
KillTimer
EndPaint
CreateWindowExW
UnregisterClassA
GetActiveWindow
SetWindowLongW
ReleaseDC
DrawTextW
GetDC
IsWindow
ShowWindow
GetParent
SetDlgItemTextW
GetWindowTextW
GetWindowTextLengthW
EndDialog
SendMessageW
EnableWindow
MapVirtualKeyW
VkKeyScanW
GetWindowLongW
GetWindow
SystemParametersInfoW
GetWindowRect
SetFocus
GetClientRect
MessageBeep
MapWindowPoints
SetWindowPos
GetDlgItem
BeginPaint

gdi32

SetBkMode
GetStockObject
SelectObject
ExtTextOutW
CreateSolidBrush
GetTextExtentPoint32W
DeleteDC
SetTextColor
SetBkColor
DeleteObject
GetObjectW

ole32

CoCreateInstance

oleaut32

VariantInit
VariantClear
SysStringLen
SysAllocString
VarBstrCmp
SysFreeString

Exports

Exports

createProModule

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/findbar.ini
modules/ie6mod.dll
.dll windows:4 windows x86 arch:x86

972b6a478e93423121ff1b4659afa7d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetOpenStatus
ImmGetContext

kernel32

InterlockedExchange
RaiseException
GetVersion
GetCurrentProcess
FlushInstructionCache
FindResourceW
GetFileAttributesW
LoadResource
LockResource
SetLastError
GetModuleHandleW
GetModuleHandleA
GetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
LoadLibraryA
GetProcAddress
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
InterlockedDecrement
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
ExitProcess
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetCommandLineA
GetCurrentThreadId
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
GetCurrentProcessId

user32

SetPropW
GetPropW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
DestroyWindow
PostMessageW
DefWindowProcW
IsWindow
GetClientRect
ShowWindow
SetWindowPos
SendMessageW
GetWindowRect
SetFocus
SetWindowLongW
CreateWindowExW
GetFocus
FindWindowExW
CallWindowProcW
GetParent
UnregisterClassA

gdi32

GetObjectW
GetStockObject

ole32

CoCreateInstance

Exports

Exports

createProModule

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/ie6mod.ini
modules/iecleaner.dll
.dll windows:4 windows x86 arch:x86

c7d1351c9cdacdd68c7bd6f7364a5fff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

kernel32

InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
SetLastError
GetVersion
lstrlenW
FindFirstFileW
GetModuleHandleA
GetProcAddress
GetFileAttributesW
FreeLibrary
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
GetLastError
FindNextFileW
GetModuleHandleW
FindClose
CreateFileW
OutputDebugStringA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
LoadLibraryW
InterlockedIncrement
RaiseException
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetCurrentThreadId
GetEnvironmentStrings
Sleep
FreeEnvironmentStringsA
ExitProcess
GetModuleFileNameA
GetStartupInfoA
GetFileType
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetCommandLineA
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
SetHandleCount

user32

CreateDialogParamW
GetActiveWindow
GetSubMenu
LoadMenuW
LoadCursorW
wsprintfW
LoadStringW
UnregisterClassA
GetWindow
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowTextW
GetWindowLongW
SendMessageW
GetDlgItem
SetWindowLongW
SetCursor

advapi32

RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance

oleaut32

SysFreeString
VariantClear

shlwapi

SHDeleteKeyW

Exports

Exports

createProModule

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/iecleaner.ini
modules/iescript.dll
.dll windows:4 windows x86 arch:x86

d3bd2e62cb428ddc3b7a2bf2d14c9ab0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipCloneImage
GdipGetImageGraphicsContext
GdipAlloc
GdipBitmapLockBits
GdipDisposeImage
GdipFree
GdipDrawImageRectI
GdipFillRectangleI
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipCreateSolidFill
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipCloneBrush
GdipDeleteBrush
GdipReleaseDC
GdipGetDC
GdipFlush
GdipCloneBitmapAreaI

urlmon

CoInternetParseUrl
CoInternetGetSession
CoInternetGetSecurityUrl

wininet

CommitUrlCacheEntryW
CreateUrlCacheEntryW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
GetUrlCacheEntryInfoW
DeleteUrlCacheEntryW

ws2_32

gethostbyname
inet_ntoa

kernel32

FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
CreateFileW
GetLocalTime
GetFileSize
SystemTimeToFileTime
RaiseException
lstrlenA
MultiByteToWideChar
FindResourceW
InitializeCriticalSection
GetCurrentThreadId
EnterCriticalSection
WaitForSingleObject
WriteFile
LeaveCriticalSection
SizeofResource
LockResource
ReadFile
LoadResource
Sleep
FindResourceExW
CloseHandle
DeleteCriticalSection
GetCurrentProcess
lstrlenW
FlushInstructionCache
CompareStringW
OutputDebugStringA
LoadLibraryA
GetModuleHandleW
LoadLibraryW
DeleteFileW
GetProcAddress
GetVersion
GetModuleHandleA
GetEnvironmentStringsW
SetLastError
GetLastError
lstrcmpiW
GetModuleFileNameW
MoveFileExW
CreateDirectoryW
WideCharToMultiByte
CopyFileW
MulDiv
InterlockedDecrement
GlobalAlloc
InterlockedExchange
lstrcmpW
GlobalUnlock
InterlockedIncrement
GlobalLock
OutputDebugStringW
lstrcpyW
CreateThread
GetVersionExW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetTickCount
GetFullPathNameW
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalSize
GlobalFree
SetEndOfFile
CreateProcessW
GetTempPathW
GetTempFileNameW
SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
SetFilePointer
GetFileType
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA
GetFileAttributesW
HeapFree

user32

FindWindowExW
KillTimer
SetTimer
GetActiveWindow
AdjustWindowRect
DialogBoxParamW
DrawTextExW
wsprintfA
IsWindowVisible
ShowWindow
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
DestroyMenu
CreatePopupMenu
AppendMenuW
GetMenu
TrackPopupMenu
CharLowerBuffW
wvsprintfW
AdjustWindowRectEx
IsMenu
LoadMenuW
GetSubMenu
SetRect
GetDlgItem
ReleaseDC
GetWindowRect
DrawTextW
RegisterWindowMessageW
SetWindowTextW
CreateWindowExW
ReleaseCapture
SetWindowPos
IsWindow
IsWindowEnabled
SystemParametersInfoW
GetCapture
GetDlgCtrlID
SetCapture
MessageBeep
UpdateWindow
EndPaint
GetWindowLongW
BeginPaint
SetWindowLongW
GetClassNameW
SetCursor
wsprintfW
MoveWindow
IsChild
RemoveMenu
InvalidateRgn
LoadCursorW
SetFocus
ScreenToClient
GetCursorPos
GetFocus
EnableWindow
SetDlgItemTextW
SendMessageW
GetSysColor
InvalidateRect
GetWindowTextW
CharNextW
RedrawWindow
CreateAcceleratorTableW
GetClassInfoExW
DestroyAcceleratorTable
GetDesktopWindow
RegisterClassExW
ClientToScreen
EndDialog
PostMessageW
SetDlgItemInt
DefWindowProcW
DestroyWindow
UnregisterClassA
MapWindowPoints
GetParent
GetDlgItemInt
OffsetRect
CreateDialogParamW
GetDC
PtInRect
GetWindow
GetWindowTextLengthW
DrawFocusRect
CallWindowProcW
GetClientRect
SetRectEmpty
FillRect

gdi32

SetBkMode
SetTextColor
GetDeviceCaps
BitBlt
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
GetViewportExtEx
GetWindowExtEx
SetBkColor
ExtTextOutW
DeleteDC
CreateFontIndirectW
GetStockObject
CreateCompatibleDC
GetObjectW
DeleteObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

shell32

SHGetMalloc
ShellExecuteW
ord680
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
OleUninitialize
CoCreateInstance
StringFromGUID2
CoGetClassObject
OleInitialize
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream

oleaut32

VariantCopy
VariantCopyInd
CreateDispTypeInfo
VarBstrCmp
DispCallFunc
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
SysStringLen
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysFreeString
VariantChangeType

Exports

Exports

createProModule

Sections

.text
Size: 456KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/iescript.ini
modules/liveserv.dll
.dll windows:4 windows x86 arch:x86

83d17b1ba50c9ac8df338a535833e105

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpSendRequestW
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpOpenRequestW

kernel32

LockResource
LoadResource
lstrlenA
MultiByteToWideChar
FindResourceExW
FindResourceW
GetModuleHandleW
GetProcAddress
GetVersion
GetModuleHandleA
GetLastError
SetLastError
GetFileAttributesW
GetModuleFileNameW
GetCurrentThreadId
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
OutputDebugStringA
LeaveCriticalSection
LoadLibraryW
RaiseException
LoadLibraryA
CompareStringW
lstrcmpiW
InterlockedExchange
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
CreateFileW
WriteFile
lstrcpyW
CreateThread
WaitForSingleObject
CloseHandle
FindNextFileW
FindClose
lstrcatW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
FindFirstFileW
lstrcmpW
GetFullPathNameW
GetTickCount
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
GetTempPathW
GetTempFileNameW
GetFileSize
ReadFile
SetEndOfFile
DosDateTimeToFileTime
GetCurrentDirectoryW
SetFilePointer
SystemTimeToFileTime
GetFileType
DuplicateHandle
SetFileTime
FileTimeToSystemTime
GetLocalTime
CreateFileMappingW
SizeofResource
GetFileInformationByHandle
MapViewOfFile
UnmapViewOfFile
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
LCMapStringW
LCMapStringA
SetStdHandle
PeekNamedPipe
GetSystemTimeAsFileTime
GetCPInfo
MoveFileA
RtlUnwind
GetCommandLineA
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentDirectoryA
UnhandledExceptionFilter
TerminateProcess
Sleep
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetACP
SetVolumeLabelA
LocalFileTimeToFileTime
SetFileAttributesA
WideCharToMultiByte
lstrlenW
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
IsValidLocale
GetStringTypeW
GetStringTypeA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
FileTimeToDosDateTime
SetEnvironmentVariableW
GetLocaleInfoW
GetDriveTypeA
GetLocaleInfoA
GetFullPathNameA
WriteConsoleA
SetCurrentDirectoryA
GetVolumeInformationW
FileTimeToLocalFileTime
GetFileTime
GetVolumeInformationA
GlobalUnlock
GlobalFree
GetFileAttributesA
FindFirstFileA
FindNextFileA
GlobalLock
GlobalAlloc
CreateFileA

user32

KillTimer
GetSubMenu
EnableMenuItem
LoadMenuW
SetTimer
ReleaseCapture
DialogBoxParamW
GetDlgCtrlID
IsWindowEnabled
DrawFocusRect
GetCapture
FillRect
DrawTextW
SetCapture
UpdateWindow
SetRectEmpty
MessageBeep
EndPaint
BeginPaint
SetFocus
GetClassNameW
SetCursor
GetFocus
EnableWindow
LoadCursorW
ScreenToClient
GetSysColor
CreateWindowExW
GetCursorPos
CharNextW
InvalidateRect
CallWindowProcW
OffsetRect
DefWindowProcW
SetDlgItemTextW
ReleaseDC
PtInRect
GetWindowTextW
PostMessageW
GetDC
GetWindowTextLengthW
IsWindow
EndDialog
SendMessageW
GetWindow
SystemParametersInfoW
GetWindowRect
GetClientRect
GetWindowLongW
MapWindowPoints
SetWindowPos
GetDlgItem
DestroyWindow
SetWindowTextW
CreateDialogParamW
SetWindowLongW
GetParent
OemToCharA
CharToOemA
UnregisterClassA
GetActiveWindow

gdi32

SelectObject
SetBkMode
GetObjectW
DeleteObject
CreateFontIndirectW
GetStockObject
DeleteDC
SetTextColor

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString

Exports

Exports

createProModule

Sections

.text
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/liveserv.ini
modules/singleie.dll
.dll windows:4 windows x86 arch:x86

860a7148a785ca9d7143a0006c7a6a92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
RaiseException
MultiByteToWideChar
Sleep
lstrlenA
lstrcmpiW
GetCurrentProcessId
lstrcmpiA
InterlockedDecrement
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
IsValidCodePage
DeleteCriticalSection
InterlockedIncrement
LCMapStringW
InitializeCriticalSection
GetOEMCP
GetCPInfo
RtlUnwind
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetLastError
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount

user32

DdeCreateStringHandleA
DdeConnect
DdeUninitialize
DdeInitializeA
PostMessageW
DdeQueryStringA
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow
DdeCreateDataHandle
DdeDisconnect
DdeUnaccessData
DdeAccessData
DdeFreeDataHandle
DdeGetLastError
DdeClientTransaction
DdeFreeStringHandle
UnregisterClassA

ole32

CoCreateInstance

Exports

Exports

createProModule

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/singleie.ini
modules/spellchk.dll
.dll windows:4 windows x86 arch:x86

f05795c9d6b9b32ed60c03578e6b327e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetProcAddress
GetCurrentThreadId
GetVersion
EnterCriticalSection
GetFileAttributesW
LeaveCriticalSection
GetLastError
GetModuleHandleA
GetCurrentProcess
FlushInstructionCache
LoadLibraryW
OutputDebugStringA
RaiseException
GetModuleHandleW
SetLastError
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
FindResourceW
lstrlenW
SizeofResource
LockResource
lstrcmpW
LoadResource
FindResourceExW
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
lstrcpynW
lstrlenA
GlobalAlloc
GlobalLock
lstrcpyW
GlobalUnlock
SetEndOfFile
CreateFileW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
ReadFile
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
CloseHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
LCMapStringA

user32

SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowTextW
GetWindowTextLengthW
GetParent
CallWindowProcW
TrackPopupMenu
GetKeyState
GetWindowLongW
GetWindow
SystemParametersInfoW
GetClientRect
SendMessageW
UnregisterClassA
SetWindowPos
GetDlgItem
EndDialog
GetWindowRect
PtInRect
SetRect
SetWindowLongW
GetSubMenu
AppendMenuW
LoadMenuW
IsMenu
GetActiveWindow
CheckMenuItem
EnableMenuItem
DefWindowProcW
SetCursor
LoadCursorW
InsertMenuItemW
InsertMenuW
RemoveMenu
GetMenuItemInfoW
DialogBoxParamW
DestroyMenu
MapWindowPoints

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
VarBstrCmp
SysStringLen
VariantInit
SysAllocString
VariantClear
SysFreeString

Exports

Exports

createProModule

Sections

.text
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/spellchk.ini
plugins/accuweather/css/findLocation.chs.css
plugins/accuweather/css/findLocation.css
plugins/accuweather/findLocation.chs.html
plugins/accuweather/findLocation.eng.html
plugins/accuweather/images/01.png
.png
plugins/accuweather/images/02.png
.png
plugins/accuweather/images/03.png
.png
plugins/accuweather/images/04.png
.png
plugins/accuweather/images/05.png
.png
plugins/accuweather/images/06.png
.png
plugins/accuweather/images/07.png
.png
plugins/accuweather/images/08.png
.png
plugins/accuweather/images/11.png
.png
plugins/accuweather/images/12.png
.png
plugins/accuweather/images/13.png
.png
plugins/accuweather/images/14.png
.png
plugins/accuweather/images/15.png
.png
plugins/accuweather/images/16.png
.png
plugins/accuweather/images/17.png
.png
plugins/accuweather/images/18.png
.png
plugins/accuweather/images/19.png
.png
plugins/accuweather/images/20.png
.png
plugins/accuweather/images/21.png
.png
plugins/accuweather/images/22.png
.png
plugins/accuweather/images/23.png
.png
plugins/accuweather/images/24.png
.png
plugins/accuweather/images/25.png
.png
plugins/accuweather/images/26.png
.png
plugins/accuweather/images/29.png
.png
plugins/accuweather/images/30.png
.png
plugins/accuweather/images/31.png
.png
plugins/accuweather/images/32.png
.png
plugins/accuweather/images/33.png
.png
plugins/accuweather/images/34.png
.png
plugins/accuweather/images/35.png
.png
plugins/accuweather/images/36.png
.png
plugins/accuweather/images/37.png
.png
plugins/accuweather/images/38.png
.png
plugins/accuweather/images/39.png
.png
plugins/accuweather/images/40.png
.png
plugins/accuweather/images/41.png
.png
plugins/accuweather/images/42.png
.png
plugins/accuweather/images/43.png
.png
plugins/accuweather/images/44.png
.png
plugins/accuweather/images/flag.png
.png
plugins/accuweather/images/magnify.gif
.gif
plugins/accuweather/js/findLocation.js
.js
plugins/accuweather/plugin.js
.js
plugins/searchstatus/plugin.js
.js
plugins/serverinfo/plugin.js
.js
readme.txt
spelldic/WordNet_license.txt
spelldic/en_US/README_en_US.txt
spelldic/en_US/en_US.aff
spelldic/en_US/en_US.dic
uninst.exe.nsis
userscripts/BookBurro.ieuser.js
.js
userscripts/DownloadVideo.ieuser.js
.js
userscripts/FlickrRichEdit.ieuser.js
.js
userscripts/GMailCssSkin.ieuser.js
.js
userscripts/GoogleBlogSearch.ieuser.js
.js
userscripts/GoogleImagesNF.ieuser.js
.js
userscripts/GoogleLinkPreview.ieuser.js
.js
userscripts/GoogleX.ieuser.js
.js
userscripts/MyspaceCustomStyleRemover.ieuser.js
.js
userscripts/MyspaceNotifier.ieuser.js
.js
userscripts/RSS+AtomFeedSubscribeButtonGenerator.ieuser.js
.js
userscripts/ShowPasswordOnMouseOver.ieuser.js
.js
userscripts/YoutubeDarkGrayRedesign.ieuser.js
.js
userscripts/YoutubeResizer.ieuser.js
.js
userscripts/YoutubeVideoDownload.ieuser.js
.js
winfile.dll
.dll windows:4 windows x86 arch:x86

55b6d27b6f191edf5a404998573abdb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GlobalAlloc
lstrcpyW
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
CloseHandle
ReadFile
InitializeCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

get_buff_type
get_buff_typeW
get_file_type

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

ec:9a:14:f6:dc:91:d2:06:d7:e0:2a:b5:b7:73:f8:cf:c3:90:53:4dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 38KB - Virtual size: 37KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 264B

94ec55716a858ec8506ae712ae2c0ff8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

msvcp80

msvcr80

Exports

Exports

Sections

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

ec:9a:14:f6:dc:91:d2:06:d7:e0:2a:b5:b7:73:f8:cf:c3:90:53:4d
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 38KB - Virtual size: 37KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 264B

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 220B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 512B - Virtual size: 442B

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 8KB