66a8187e71b3d2d8686ab6032dae34ca

Sharing

Copy URL Twitter E-mail

General

Target

66a8187e71b3d2d8686ab6032dae34ca
Size

8.0MB
MD5

66a8187e71b3d2d8686ab6032dae34ca
SHA1

3fcfc511764fe2793f8d24031ff41c7e458706a2
SHA256

33fc7a9a4637d453a0d09e21e34a4169976f0be1d0ceeacac0f7648ee06f8655
SHA512

ffba385a86a54a84854518a8765a4534f26711dd38840bb6e34879f05efab5be79c17d45a4eea868fd9535f0691c274bb7b4b7f5a9b63123e7ceeaf09d2dd61c
SSDEEP

196608:aXw6n4agflo1C4bS/aYoQefNwD74lnNMhkbTdAPuL:aXJn4vwpCToQeg4lnNtTyPuL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/descargar3.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66a8187e71b3d2d8686ab6032dae34ca

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

66a8187e71b3d2d8686ab6032dae34ca
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
156783.png
.png
PlayerPlug.cfg
.xml
PlayerPlug.exe
.exe windows:5 windows x86 arch:x86

5fed64cbbe7d12648599a62a0e69f0ac

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

85:4f:9c:b3:2f:83:3e:69:ab:e4:ff:11:8d:ae:75:c8:e5:c8:3d:c2
Signer

Actual PE Digest

85:4f:9c:b3:2f:83:3e:69:ab:e4:ff:11:8d:ae:75:c8:e5:c8:3d:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
Sleep
CreateThread
CreateEventW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LocalFree
FormatMessageW
FindResourceExW
WaitForSingleObjectEx
SwitchToThread
DuplicateHandle
GetCurrentProcess
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ResetEvent
GetCurrentThread
CompareStringW
CompareStringA
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
CreateFileW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
CopyFileW
CloseHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetEnvironmentVariableA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
ReadFile
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteFileW
GetSystemTimeAsFileTime
ExitThread
GetStartupInfoW
VirtualFree
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP

user32

DispatchMessageW
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
PeekMessageW
MessageBoxW
wsprintfW
TranslateMessage

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ord165
SHGetFolderPathW

ole32

CoCreateGuid
StringFromGUID2
CLSIDFromProgID
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance

oleaut32

LoadRegTypeLi
SysStringLen
SysFreeString
GetErrorInfo
DispCallFunc
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VarBstrCmp
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString

shlwapi

PathFileExistsW
PathRemoveFileSpecW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PropMgrAsync.cfg
.xml
PropMgrAsync.exe
.exe windows:5 windows x86 arch:x86

e16aff1b3b1250de2a684ec60f59c10d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:70:84:bb:a5:43:84:ce:1e:55:97:a8:70:ba:53:a6:75:fc:0a:dd
Signer

Actual PE Digest

73:70:84:bb:a5:43:84:ce:1e:55:97:a8:70:ba:53:a6:75:fc:0a:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SwitchToThread
CloseHandle
WaitForSingleObject
LockResource
FindResourceExW
Sleep
CreateThread
CreateEventW
GetCurrentThreadId
SetEvent
GetCommandLineW
WideCharToMultiByte
GetProcAddress
FormatMessageW
CopyFileW
DuplicateHandle
GetCurrentProcess
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ResetEvent
GetCurrentThread
QueueUserAPC
CompareStringW
CompareStringA
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InterlockedDecrement
InterlockedIncrement
GetLastError
RaiseException
lstrlenW
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LocalFree
InitializeCriticalSection
CreateFileW
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetTimeZoneInformation
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
ReadFile
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
DeleteFileW
GetSystemTimeAsFileTime
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
VirtualFree
HeapCreate
WriteFile

user32

TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
CharUpperW
MessageBoxW
wsprintfW
CharNextW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ord165
SHGetFolderPathW

ole32

StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID

oleaut32

SysStringLen
VarBstrCmp
SysFreeString
GetErrorInfo
VariantInit
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VarFormat
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
VarCmp

shlwapi

PathFileExistsW
PathRemoveFileSpecW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TbCommonUtils.dll
.dll regsvr32 windows:5 windows x86 arch:x86

38314a162c558a229deb8f5abbd8959f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:db:8f:9a:c8:fb:53:cc:0d:64:33:5c:40:6b:e1:bb:f1:71:74:33
Signer

Actual PE Digest

84:db:8f:9a:c8:fb:53:cc:0d:64:33:5c:40:6b:e1:bb:f1:71:74:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
SetThreadLocale
GetThreadLocale
CloseHandle
GetModuleFileNameW
GetProcessHeap
GetCurrentProcess
HeapFree
CreateFileA
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
HeapAlloc
lstrlenW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
LoadLibraryA
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount

user32

CharNextW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysFreeString
VariantInit
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
VariantCopy
VariantClear

shlwapi

PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TbHelper2.exe
.exe windows:5 windows x86 arch:x86

2c1fdd33325b2ffeb03bf7d1ce3d71a5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:4f:74:17:3f:e3:b1:57:8a:e8:c0:04:c7:21:b2:b4:3b:00:60:a9
Signer

Actual PE Digest

f0:4f:74:17:3f:e3:b1:57:8a:e8:c0:04:c7:21:b2:b4:3b:00:60:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetSetOptionW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenW

kernel32

GetTickCount
CloseHandle
WaitForSingleObject
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
Sleep
CreateThread
CreateEventW
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
WideCharToMultiByte
CreateIoCompletionPort
lstrlenA
InterlockedExchange
GetQueuedCompletionStatus
ResetEvent
GetSystemInfo
TerminateThread
GetExitCodeThread
GetPrivateProfileSectionNamesW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetCurrentProcessId
WriteConsoleW
CreateFileW
CreateFileA
SetEndOfFile
ReadFile
LoadLibraryExW
GetStringTypeW
GetStringTypeA
LCMapStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetModuleHandleA
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
ExitThread
VirtualProtect
VirtualAlloc
VirtualQuery
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
SetHandleCount

user32

CharNextW
GetMessageW
PostThreadMessageW
CharUpperW
LoadStringW
TranslateMessage
DispatchMessageW

advapi32

RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface

oleaut32

VariantCopy
VariantClear
VariantInit
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arrow_refresh.png
.png
basis.xml
.xml
cog.png
.png
computer_delete.png
.png
descargar3.exe
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:f9:82:65:66:5b:29:bc:bf:80:c2:2d:2b:cd:56:6d:e8:2d:af:2f
Signer

Actual PE Digest

06:f9:82:65:66:5b:29:bc:bf:80:c2:2d:2b:cd:56:6d:e8:2d:af:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
favicon.png
.png
games01.png
.png
go_btn.png
.png
icons.bmp
info.txt
logo_small.bmp
logo_small.png
.png
logo_small01-fr.bmp
logo_small01.bmp
logo_small01.png
.png
logo_small01_nuevo_fr.bmp
logo_small02.png
.png
radio.css
radio.html
.html .js polyglot
radio_01.gif
.gif
radio_02.gif
.gif
radio_03.gif
.gif
radio_on_01.gif
.gif
radio_on_02.gif
.gif
split.gif
.gif
spliton.gif
.gif
splitw.gif
.gif
splitwon.gif
.gif
stations.dll
.dll windows:5 windows x86 arch:x86

e67a32f265b00e5acb6b81d96927b6b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2c:71:58:91:73:44:6e:c7:52:d8:ee:f0:c4:0c:6d:6f:0f:dc:a9:7c
Signer

Actual PE Digest

2c:71:58:91:73:44:6e:c7:52:d8:ee:f0:c4:0c:6d:6f:0f:dc:a9:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
GetLastError
InterlockedIncrement
lstrcmpiW
WaitForSingleObject
CreateProcessW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
CloseHandle
TerminateThread
FlushInstructionCache
GetCurrentProcess
InitializeCriticalSection
DebugBreak
OutputDebugStringW
CreateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
RaiseException
lstrlenA
MultiByteToWideChar
InterlockedDecrement
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
lstrlenW
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
SetConsoleCtrlHandler
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapCreate
HeapDestroy
FatalAppExitA
HeapReAlloc
Sleep
ExitProcess
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

GetClientRect
LoadStringW
CharNextW
wvsprintfW
MessageBoxW
GetDlgItem
GetParent
SetDlgItemTextW
GetDlgItemTextW
SendMessageW
SetWindowLongW
UnregisterClassA

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

oleaut32

VarBstrCmp
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantCopy
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SetErrorInfo
VariantChangeType
GetErrorInfo
CreateErrorInfo

Exports

Exports

IsUnicode
PlugCreate
PlugInit
PlugInvoke
PlugTerm

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stations.js
.js
tbcore3.dll
.dll regsvr32 windows:5 windows x86 arch:x86

41870fc2fa2b3d3122d8a68c7e3ad59b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:99:30:bb:f9:bf:e4:51:90:21:95:4e:c2:b9:75:f3:d3:ec:c9:85
Signer

Actual PE Digest

2a:99:30:bb:f9:bf:e4:51:90:21:95:4e:c2:b9:75:f3:d3:ec:c9:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

DeleteUrlCacheEntryW
FindCloseUrlCache
InternetWriteFile
FtpOpenFileW
InternetCloseHandle
FindNextUrlCacheEntryW
InternetOpenW
InternetConnectW
FtpCreateDirectoryW
FtpSetCurrentDirectoryW
FindFirstUrlCacheEntryW

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathStripPathW

dbghelp

SymGetSymFromAddr
StackWalk
SymFunctionTableAccess
SymGetModuleBase
SymInitialize
MiniDumpWriteDump
SymGetLineFromAddr
SymSetOptions
SymGetOptions
SymCleanup
SymLoadModule

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

winmm

PlaySoundW

gdiplus

GdipCreatePen1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathLineI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipSetImagePalette
GdipGetImagePalette
GdipGetImagePaletteSize
GdipAddPathArcI
GdipDrawImageRectRect
GdipGetImageGraphicsContext
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateHBITMAPFromBitmap
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdipSetSmoothingMode
GdipDrawPath
GdipGraphicsClear
GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0

urlmon

URLDownloadToFileW

kernel32

IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
DecodePointer
EncodePointer
ExitThread
ResumeThread
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
GetCommandLineA
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
SetLastError
LoadLibraryExW
OutputDebugStringA
LoadLibraryW
GetModuleHandleA
GetProcAddress
GetFileAttributesW
GetVersion
lstrcmpiW
GetCurrentThreadId
RaiseException
FlushInstructionCache
GetCurrentProcess
LoadLibraryA
InterlockedIncrement
TlsAlloc
LockResource
FindResourceExW
IsBadCodePtr
HeapFree
GetProcessHeap
SetUnhandledExceptionFilter
HeapAlloc
IsBadWritePtr
GetCurrentProcessId
lstrcpynW
lstrlenA
FormatMessageW
IsBadReadPtr
ReadProcessMemory
GetCurrentThread
GetVersionExW
CreateFileW
CloseHandle
InterlockedPushEntrySList
WideCharToMultiByte
OpenMutexW
GlobalUnlock
GlobalLock
TerminateThread
WaitForSingleObject
CreateThread
CopyFileW
VerLanguageNameW
ReadFile
GetFileSize
RemoveDirectoryW
DeleteFileW
MoveFileExW
WriteFile
GetTempPathW
GetLongPathNameW
MoveFileW
CreateDirectoryW
TerminateProcess
Process32NextW
Module32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
GetStringTypeExW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
GlobalFree
GlobalReAlloc
GlobalAlloc
lstrcmpW
MulDiv
WriteProcessMemory
DisableThreadLibraryCalls
GetShortPathNameW
CreateProcessW
CreateMutexW
Sleep
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
LocalFree
LocalAlloc
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
GetTickCount
SetCurrentDirectoryW
ExpandEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetLocaleInfoW
HeapCreate
ExitProcess
GetStringTypeW
GetCPInfo
OpenProcess
InterlockedCompareExchange
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
InterlockedDecrement

user32

DialogBoxParamW
OffsetRect
GetSysColorBrush
GetKeyState
GetWindowTextLengthW
GetUpdateRect
RegisterWindowMessageW
DestroyAcceleratorTable
GetDesktopWindow
CreateAcceleratorTableW
InvalidateRgn
DrawTextW
EndMenu
LoadBitmapW
DrawFrameControl
SetWindowRgn
LoadImageW
UnregisterClassW
LoadCursorFromFileW
MessageBeep
SetDlgItemTextW
FindWindowExW
UnhookWindowsHookEx
WindowFromDC
SetWindowsHookExW
GetAsyncKeyState
MonitorFromPoint
TrackPopupMenu
CreateDialogParamW
CloseClipboard
EmptyClipboard
OpenClipboard
CharLowerBuffW
DialogBoxIndirectParamW
BeginPaint
SetWindowPos
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
IsWindowEnabled
KillTimer
SetTimer
UnregisterClassA
PtInRect
ReleaseCapture
GetCapture
SystemParametersInfoW
GetSystemMetrics
GetDC
SetFocus
SetActiveWindow
InvalidateRect
GetWindowTextW
TranslateMessage
DispatchMessageW
CharUpperBuffW
SetLastErrorEx
wsprintfW
IsChild
GetDlgItem
MapWindowPoints
UpdateLayeredWindow
GetSysColor
GetMessagePos
GetCursorPos
ScreenToClient
GetWindowLongW
DefWindowProcW
RedrawWindow
ReleaseDC
GetWindowDC
GetClientRect
CallWindowProcW
GetWindowRect
GetClassNameW
PostMessageW
CopyRect
SetWindowLongW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetParent
ShowWindow
CreateWindowExW
MoveWindow
SetWindowTextW
MessageBoxW
GetFocus
IsWindow
DestroyWindow
DestroyMenu
CreatePopupMenu
AppendMenuW
SetMenuInfo
GetMenuItemInfoW
SetMenuItemInfoW
WindowFromPoint
ClientToScreen
SendMessageW
CharNextW
GetWindowThreadProcessId
IsWindowVisible
CallNextHookEx
SetCursor
DestroyCursor
EnumChildWindows
GetWindow
MonitorFromWindow
GetMonitorInfoW
EndDialog
GetActiveWindow
EnableWindow
DrawEdge
DrawFocusRect
FillRect
InflateRect
EndPaint
GetMenuInfo
UpdateWindow

gdi32

CreateSolidBrush
CreateRectRgnIndirect
DeleteDC
FrameRgn
SelectClipRgn
CreateFontW
ExtTextOutW
SelectObject
GetTextExtentPoint32W
CreateRectRgn
DeleteObject
CombineRgn
GetClipBox
RestoreDC
SaveDC
SetBkColor
SetBkMode
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
GetTextMetricsW
GetTextExtentPointW
CreateBrushIndirect
SetTextColor
CreatePen
CreatePatternBrush
CreateDIBSection
Rectangle
BitBlt
GetStockObject
CreateCompatibleDC

advapi32

GetLengthSid
RegEnumKeyW
RegGetKeySecurity
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
OpenThreadToken
RegQueryValueExW
RegEnumValueW
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
CopySid
IsValidSid
AddAce
InitializeAcl
GetTokenInformation
OpenProcessToken
GetSidSubAuthorityCount
GetSidIdentifierAuthority
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
EqualSid

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHEmptyRecycleBinW
ShellExecuteW
SHAddToRecentDocs
DragQueryFileW
SHLoadInProc
DoEnvironmentSubstW

ole32

CreateStreamOnHGlobal
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
RegisterDragDrop
ReleaseStgMedium
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateGuid
OleLockRunning
StringFromGUID2
CLSIDFromString
CLSIDFromProgID

oleaut32

SysAllocString
SysStringByteLen
VariantCopy
VarBstrCmp
SysAllocStringLen
OleCreateFontIndirect
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
RegisterTypeLi
UnRegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantChangeType
VarBstrCat
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantClear
VariantInit
DispCallFunc
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr

uxtheme

GetThemeSysColor
OpenThemeData
DrawThemeParentBackground
CloseThemeData

Exports

Exports

CanReload
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetUpdaterAPI
MyUnregisterServer
TBStudioReg

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tbhelper.dll
.dll regsvr32 windows:5 windows x86 arch:x86

ffdd8426c653b47a5b3f1bbbf3b8c377

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:3d:f8:25:13:5f:4c:63:e3:19:6b:bc:1e:56:53:7f:2a:a8:58:93
Signer

Actual PE Digest

1a:3d:f8:25:13:5f:4c:63:e3:19:6b:bc:1e:56:53:7f:2a:a8:58:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetSetOptionW
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
FtpOpenFileW
InternetReadFile
FtpGetFileSize
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetOpenW
InternetConnectW
HttpOpenRequestW

rpcrt4

UuidFromStringA

kernel32

IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
GetProcAddress
SetStdHandle
InterlockedIncrement
InterlockedDecrement
TerminateThread
CloseHandle
WaitForSingleObject
OpenThread
GlobalUnlock
GlobalLock
WideCharToMultiByte
WriteFile
CreateFileW
GetCurrentThreadId
lstrlenA
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
LoadLibraryA
SetConsoleCtrlHandler
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEnvironmentVariableA
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
RaiseException
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
Sleep
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetFileType

user32

CharNextW
SendMessageW
IsWindow
CharLowerBuffW
CloseClipboard
GetClipboardData
OpenClipboard
PeekMessageW
PostThreadMessageW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitialize
CoGetInterfaceAndReleaseStream

oleaut32

VariantClear
VariantInit
VarBstrCmp
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysFreeString

Exports

Exports

CreateHelperObject
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IsUnicode

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
toolbar1.dll
.dll regsvr32 windows:5 windows x86 arch:x86

32af71368cbdf173ab04d242843ebffe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:85:52:66:f4:3f:35:b0:64:5c:33:9a:c0:17:07:d4:52:ef:fd:19
Signer

Actual PE Digest

2f:85:52:66:f4:3f:35:b0:64:5c:33:9a:c0:17:07:d4:52:ef:fd:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteW

kernel32

GetTickCount
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:5 windows x86 arch:x86

9e0fe6f614a50f094b2db57caf915b2f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:fb:76:39:38:51:eb:88:ce:9b:d0:72:bb:3e:83:01:6e:c6:f8:b3
Signer

Actual PE Digest

cd:fb:76:39:38:51:eb:88:ce:9b:d0:72:bb:3e:83:01:6e:c6:f8:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

InterlockedDecrement
CreateMutexW
GetLastError
GetCommandLineW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
LocalFree
LCMapStringW
LCMapStringA
GetStringTypeW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar

shell32

CommandLineToArgvW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
update.exe
.exe windows:5 windows x86 arch:x86

ec780198c29826820c6f49f3117d72ad

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/12/2010, 00:00

Not After

01/12/2011, 23:59

Subject

CN=Zorba Networks SL,O=Zorba Networks SL,POSTALCODE=28007,STREET=Jativa 11,L=Madrid,ST=Madrid,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:b8:1b:ad:3d:df:7e:93:9a:ed:74:97:fc:59:0c:f1:8f:3b:f5:b3
Signer

Actual PE Digest

c5:b8:1b:ad:3d:df:7e:93:9a:ed:74:97:fc:59:0c:f1:8f:3b:f5:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupIterateCabinetW

shell32

ShellExecuteW
CommandLineToArgvW

kernel32

LocalFree
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
GetProcAddress
FreeLibrary
LoadLibraryW
lstrcpyW
CreateToolhelp32Snapshot
Process32FirstW
CreateMutexW
GetCommandLineW
Sleep
CopyFileW
MoveFileW
CreateDirectoryW
SetCurrentDirectoryW
DeleteFileW
HeapSize
InitializeCriticalSectionAndSpinCount
Process32NextW
TlsFree
LoadLibraryA
GetStartupInfoW
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
InitializeCriticalSection
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

LoadStringW
MessageBoxW

advapi32

RegCloseKey
RegDeleteValueW
RegCreateKeyExW

ole32

CoInitialize

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
version.txt
vol.gif
.gif
volbg.gif
.gif
your_logo.png
.png

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 30KB - Virtual size: 29KB

5fed64cbbe7d12648599a62a0e69f0ac

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05Certificate

Extended Key Usages

Key Usages

85:4f:9c:b3:2f:83:3e:69:ab:e4:ff:11:8d:ae:75:c8:e5:c8:3d:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 14KB - Virtual size: 13KB

e16aff1b3b1250de2a684ec60f59c10d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05Certificate

Extended Key Usages

Key Usages

73:70:84:bb:a5:43:84:ce:1e:55:97:a8:70:ba:53:a6:75:fc:0a:ddSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 9KB - Virtual size: 16KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 30KB - Virtual size: 29KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

85:4f:9c:b3:2f:83:3e:69:ab:e4:ff:11:8d:ae:75:c8:e5:c8:3d:c2
Signer

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 14KB - Virtual size: 13KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

73:70:84:bb:a5:43:84:ce:1e:55:97:a8:70:ba:53:a6:75:fc:0a:dd
Signer

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 13KB - Virtual size: 13KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

84:db:8f:9a:c8:fb:53:cc:0d:64:33:5c:40:6b:e1:bb:f1:71:74:33
Signer

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate

f0:4f:74:17:3f:e3:b1:57:8a:e8:c0:04:c7:21:b2:b4:3b:00:60:a9
Signer

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 12KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f7:67:18:d8:d4:28:37:25:cf:88:01:d7:de:d5:6f:05
Certificate