6fc89df1cc7aa3a5bae3791744eae00e

Sharing

Copy URL Twitter E-mail

General

Target

6fc89df1cc7aa3a5bae3791744eae00e
Size

663KB
MD5

6fc89df1cc7aa3a5bae3791744eae00e
SHA1

1861688aa0bc91ce1fbdee08ff41d020bce9559f
SHA256

426e6ef0d68f31edef21f82edcd5566fa3f5c3afc7a487f085e504d7c2189e93
SHA512

d6cd95398280accdc7ecc64ba20a83a2f57fe55803b2bd259e06563cc13414713deff2e764e7e9b36fb3128d7678a7d18302ea48cda9ccadaeb6bbd5042cf7d6
SSDEEP

12288:h72/id/gAW0EUx9RUtZcWgCWvL3X940E1guDGUqpxNTw7WnwbxQl3u1GjcOHW8:hCad/gAnRUahL3X94pisCw7XbxU3u1E3

Score

3^/10

Malware Config

Signatures

Unsigned PE 27 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/CustomLicense.dll
unpack001/$PLUGINSDIR/GetVersion.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/Math.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/linker.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$PLUGINSDIR/nsisunz.dll
unpack001/$PLUGINSDIR/sqlwrap.dll
unpack001/$PLUGINSDIR/timepro.dll
unpack002/$PLUGINSDIR/sqlwrap.dll
unpack001/$R0/StartNowToolbarUninstall.exe
unpack003/$PLUGINSDIR/KillProcDLL.dll
unpack003/$PLUGINSDIR/Math.dll
unpack003/$PLUGINSDIR/NSISdl.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/inetc.dll
unpack003/$PLUGINSDIR/md5dll.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/nsisunz.dll
unpack003/$PLUGINSDIR/sqlwrap.dll
unpack003/$PLUGINSDIR/timepro.dll
unpack001/$R0/components/tellSvc.dll

NSIS installer 6 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$R0/ReactivateFF.exe	nsis_installer_1
static1/unpack001/$R0/ReactivateFF.exe	nsis_installer_2
static1/unpack001/$R0/StartNowToolbarUninstall.exe	nsis_installer_1
static1/unpack001/$R0/StartNowToolbarUninstall.exe	nsis_installer_2

Files

6fc89df1cc7aa3a5bae3791744eae00e
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:ae:19:94:ad:56:07:18:40:83:cd:51:cb:c6:53:0d:d4:f2:cc:23
Signer

Actual PE Digest

c0:ae:19:94:ad:56:07:18:40:83:cd:51:cb:c6:53:0d:d4:f2:cc:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomLicense.dll
.dll windows:4 windows x86 arch:x86

363f09c4ee70037c4ff39dc2ebdb0b27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GlobalFree
CloseHandle
ReadFile
GlobalAlloc
GetFileSize
CreateFileA
lstrcpyA
lstrcpynA

user32

SendMessageA

Exports

Exports

LoadFile

Sections

.text
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 397B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GetVersion.dll
.dll windows:4 windows x86 arch:x86

5e41893d1528e7648e03f81030aca366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpiA
GetSystemInfo
GlobalAlloc
lstrcpynA
GetModuleHandleA
lstrcatA
GetVersionExA

user32

wsprintfA
GetSystemMetrics

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsServicePack
WindowsServicePackBuild
WindowsServicePackMajor
WindowsServicePackMinor
WindowsType
WindowsVersion

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

3113e12e0486a5a5251713b60422a7d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
TerminateProcess
CloseHandle
OpenProcess
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
strcpy
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
_strupr
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 619B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Math.dll
.dll windows:4 windows x86 arch:x86

c1eddc2d743572429fa0b1a79b7ac0fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpA
lstrlenA
GlobalFree
lstrcatA
GlobalAlloc
lstrcpynA
FlushFileBuffers
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetLastError
SetFilePointer
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
CloseHandle

Exports

Exports

Script

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/linker.dll
.dll windows:4 windows x86 arch:x86

5b9be84907034b8f0152e51177ceafc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetModuleHandleA
lstrcpynA
lstrcpyA
GlobalFree

user32

UpdateWindow
InvalidateRect
SetCapture
SetFocus
PtInRect
GetWindowRect
GetDC
ReleaseCapture
EndPaint
BeginPaint
SetCursor
LoadCursorA
CallWindowProcA
DestroyCursor
SetWindowLongA
CreateCursor
IsWindow
ReleaseDC
SetWindowPos
GetWindowLongA
SendMessageA
GetClientRect
FillRect
GetFocus
DrawFocusRect
DrawTextA
ClientToScreen

gdi32

SetBkMode
SetTextColor
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteObject
SelectObject

shell32

ShellExecuteA

Exports

Exports

Link
Unload

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

f4dac435c2f6c835f1c459dfffb3ec7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
InterlockedDecrement
MulDiv
lstrlenA
InterlockedIncrement
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapReAlloc
GlobalFree
GlobalAlloc
MultiByteToWideChar
HeapFree
SetCurrentDirectoryA
LocalFree
WideCharToMultiByte
GetLastError
lstrcpynA

user32

IsWindow
SendMessageA
CharNextA
wsprintfA
GetMessageA
GetFocus
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetTimer
CreateWindowExA
MoveWindow
GetPropA
UpdateWindow
SetPropA
GetWindowRect
MapWindowPoints
CreateDialogParamA
SetWindowPos
SetWindowLongA
GetDlgItem
GetWindowTextA
DrawTextA
GetWindowLongA
DrawFocusRect
RemovePropA
LoadCursorA
SetCursor
CallWindowProcA
DestroyWindow
CharPrevA
MapDialogRect
GetClientRect
ShowWindow

gdi32

SetTextColor

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

ole32

OleSetContainedObject
CoTaskMemFree
OleCreate

oleaut32

VariantInit
VariantClear
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SysFreeString
SysAllocString
SysStringLen

msvcrt

_adjust_fdiv
malloc
_initterm
wcslen
_onexit
__dllonexit
memcmp
_ftol
??3@YAXPAX@Z
strlen
toupper
strncpy
strcpy
_EH_prolog
__CxxFrameHandler
??2@YAPAXI@Z
??1type_info@@UAE@XZ
_CxxThrowException
free

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

Exports

Exports

ConvertToDialogUnits
ConvertToPixels
Create
CreateControl
CreateItem
CreateTimer
GetUserData
HtmlQueryState
HtmlSetState
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nshist.dll
.dll windows:4 windows x86 arch:x86

5f100c36811a4c587bc08276d7725e60

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:90:9d:2e:fd:0c:8e:c0:8e:57:6c:72:c4:76:c7:2f:00:37:e6:27
Signer

Actual PE Digest

fc:90:9d:2e:fd:0c:8e:c0:8e:57:6c:72:c4:76:c7:2f:00:37:e6:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
lstrcpyA
DeleteFileA
CloseHandle
WriteFile
lstrcpynA
GetLastError
CreateFileA
lstrlenA
lstrcatA
LoadLibraryA
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTickCount
FileTimeToSystemTime
Process32Next
Process32First
WideCharToMultiByte
lstrlenW
LocalFree

user32

wvsprintfA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

wininet

InternetCrackUrlA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetCookieA
InternetConnectA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetSetOptionA
InternetQueryOptionA
InternetOpenA
InternetGetCookieA
InternetReadFile

msvcrt

_stricmp
_strdup
_CxxThrowException
_adjust_fdiv
malloc
_initterm
strncat
strstr
strncpy
realloc
_ftol
atof
strtok
strrchr
??1type_info@@UAE@XZ
srand
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
__CxxFrameHandler
tolower
free
_splitpath
fclose
fread
fopen
rand
atol

Exports

Exports

GetCookieIE
SetCookieIE
gethist

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:4 windows x86 arch:x86

0f92772da9c737d2bac38919e9863980

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree
lstrcpynA
GlobalAlloc
lstrcatA
lstrlenA
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
CreateFileA
WriteFile
ReadFile
CloseHandle
SetFilePointer

user32

MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
CharPrevA
wsprintfA
SendMessageA
GetDlgItem
FindWindowExA

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/sqlwrap.dll
.dll windows:4 windows x86 arch:x86

fdc6ee00ab15ae25a28615ceaa6f4284

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalFree
GlobalAlloc
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcatA
lstrcpyA
FreeLibrary

user32

wsprintfA

msvcrt

_adjust_fdiv
strncpy
memset
_splitpath
??3@YAXPAX@Z
__CxxFrameHandler
_EH_prolog
??2@YAPAXI@Z
strlen
strcat
strcpy
free
_initterm
malloc

Exports

Exports

close
execsqlite
open

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/timepro.dll
.dll windows:4 windows x86 arch:x86

2187c9e78816febf7a90a23c7c7d6940

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
SystemTimeToFileTime
GetLocalTime
GetSystemTime
lstrcpynA

msvcrt

strcpy
sprintf
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

getlocaltime
getlocaltime64
getsystemtime
getsystemtime64

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/ReactivateFF.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:d2:ed:6f:bf:c3:74:cc:94:b3:f0:9a:18:39:e8:d2:04:42:8c:bd
Signer

Actual PE Digest

71:d2:ed:6f:bf:c3:74:cc:94:b3:f0:9a:18:39:e8:d2:04:42:8c:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/sqlwrap.dll
.dll windows:4 windows x86 arch:x86

fdc6ee00ab15ae25a28615ceaa6f4284

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalFree
GlobalAlloc
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcatA
lstrcpyA
FreeLibrary

user32

wsprintfA

msvcrt

_adjust_fdiv
strncpy
memset
_splitpath
??3@YAXPAX@Z
__CxxFrameHandler
_EH_prolog
??2@YAPAXI@Z
strlen
strcat
strcpy
free
_initterm
malloc

Exports

Exports

close
execsqlite
open

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/ReactivateIE.exe
.exe windows:5 windows x86 arch:x86

e81e611d28c480ba5e36ab2407de33e4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:1b:37:ab:35:09:db:ba:a9:c4:db:13:7a:ff:10:b4:33:29:ba:f9
Signer

Actual PE Digest

59:1b:37:ab:35:09:db:ba:a9:c4:db:13:7a:ff:10:b4:33:29:ba:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
lstrcmpiW
LocalAlloc
LocalFree
lstrcatW
GetCurrentProcess
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
InterlockedDecrement
GetVersionExW
HeapAlloc
GetProcessHeap
HeapFree
SetErrorMode
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetTickCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCurrentProcessId
ExitProcess
WideCharToMultiByte
LockResource
SizeofResource
LoadResource
FindResourceExW
FindResourceW
GetModuleFileNameW
lstrlenW
GetLastError
MultiByteToWideChar
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetModuleHandleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
Sleep
LCMapStringW
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
VirtualAlloc
VirtualFree
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapCreate

advapi32

RegCreateKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
ConvertStringSidToSidW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarBstrCat
VarBstrCmp
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/StartNowToolbarUninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 276KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

3113e12e0486a5a5251713b60422a7d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
TerminateProcess
CloseHandle
OpenProcess
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
strcpy
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
_strupr
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 619B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Math.dll
.dll windows:4 windows x86 arch:x86

c1eddc2d743572429fa0b1a79b7ac0fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpA
lstrlenA
GlobalFree
lstrcatA
GlobalAlloc
lstrcpynA
FlushFileBuffers
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetLastError
SetFilePointer
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
CloseHandle

Exports

Exports

Script

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

f4dac435c2f6c835f1c459dfffb3ec7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
InterlockedDecrement
MulDiv
lstrlenA
InterlockedIncrement
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapReAlloc
GlobalFree
GlobalAlloc
MultiByteToWideChar
HeapFree
SetCurrentDirectoryA
LocalFree
WideCharToMultiByte
GetLastError
lstrcpynA

user32

IsWindow
SendMessageA
CharNextA
wsprintfA
GetMessageA
GetFocus
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetTimer
CreateWindowExA
MoveWindow
GetPropA
UpdateWindow
SetPropA
GetWindowRect
MapWindowPoints
CreateDialogParamA
SetWindowPos
SetWindowLongA
GetDlgItem
GetWindowTextA
DrawTextA
GetWindowLongA
DrawFocusRect
RemovePropA
LoadCursorA
SetCursor
CallWindowProcA
DestroyWindow
CharPrevA
MapDialogRect
GetClientRect
ShowWindow

gdi32

SetTextColor

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

ole32

OleSetContainedObject
CoTaskMemFree
OleCreate

oleaut32

VariantInit
VariantClear
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SysFreeString
SysAllocString
SysStringLen

msvcrt

_adjust_fdiv
malloc
_initterm
wcslen
_onexit
__dllonexit
memcmp
_ftol
??3@YAXPAX@Z
strlen
toupper
strncpy
strcpy
_EH_prolog
__CxxFrameHandler
??2@YAPAXI@Z
??1type_info@@UAE@XZ
_CxxThrowException
free

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

Exports

Exports

ConvertToDialogUnits
ConvertToPixels
Create
CreateControl
CreateItem
CreateTimer
GetUserData
HtmlQueryState
HtmlSetState
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nshist.dll
.dll windows:4 windows x86 arch:x86

5f100c36811a4c587bc08276d7725e60

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:90:9d:2e:fd:0c:8e:c0:8e:57:6c:72:c4:76:c7:2f:00:37:e6:27
Signer

Actual PE Digest

fc:90:9d:2e:fd:0c:8e:c0:8e:57:6c:72:c4:76:c7:2f:00:37:e6:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
lstrcpyA
DeleteFileA
CloseHandle
WriteFile
lstrcpynA
GetLastError
CreateFileA
lstrlenA
lstrcatA
LoadLibraryA
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTickCount
FileTimeToSystemTime
Process32Next
Process32First
WideCharToMultiByte
lstrlenW
LocalFree

user32

wvsprintfA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

wininet

InternetCrackUrlA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetCookieA
InternetConnectA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetSetOptionA
InternetQueryOptionA
InternetOpenA
InternetGetCookieA
InternetReadFile

msvcrt

_stricmp
_strdup
_CxxThrowException
_adjust_fdiv
malloc
_initterm
strncat
strstr
strncpy
realloc
_ftol
atof
strtok
strrchr
??1type_info@@UAE@XZ
srand
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
__CxxFrameHandler
tolower
free
_splitpath
fclose
fread
fopen
rand
atol

Exports

Exports

GetCookieIE
SetCookieIE
gethist

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:4 windows x86 arch:x86

0f92772da9c737d2bac38919e9863980

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree
lstrcpynA
GlobalAlloc
lstrcatA
lstrlenA
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
CreateFileA
WriteFile
ReadFile
CloseHandle
SetFilePointer

user32

MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
CharPrevA
wsprintfA
SendMessageA
GetDlgItem
FindWindowExA

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/sqlwrap.dll
.dll windows:4 windows x86 arch:x86

fdc6ee00ab15ae25a28615ceaa6f4284

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalFree
GlobalAlloc
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcatA
lstrcpyA
FreeLibrary

user32

wsprintfA

msvcrt

_adjust_fdiv
strncpy
memset
_splitpath
??3@YAXPAX@Z
__CxxFrameHandler
_EH_prolog
??2@YAPAXI@Z
strlen
strcat
strcpy
free
_initterm
malloc

Exports

Exports

close
execsqlite
open

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/timepro.dll
.dll windows:4 windows x86 arch:x86

2187c9e78816febf7a90a23c7c7d6940

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
SystemTimeToFileTime
GetLocalTime
GetSystemTime
lstrcpynA

msvcrt

strcpy
sprintf
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

getlocaltime
getlocaltime64
getsystemtime
getsystemtime64

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/Toolbar32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

571beaa1b9b388fcb5ef770a866714e0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:da:6b:ef:4f:f4:24:e3:f7:fb:38:89:31:b5:2c:5e:11:87:04:21
Signer

Actual PE Digest

2a:da:6b:ef:4f:f4:24:e3:f7:fb:38:89:31:b5:2c:5e:11:87:04:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipFree
GdipAlloc
GdipCreateSolidFill
GdipReleaseDC
GdipFillRectangleI
GdipDeleteBrush
GdipCloneBrush
GdiplusStartup
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipCreateFromHDC
GdipDrawImageRect
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipDeleteGraphics

uxtheme

DrawThemeParentBackground

kernel32

FindResourceExW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetLastError
lstrlenW
GetModuleFileNameW
DisableThreadLibraryCalls
MultiByteToWideChar
CloseHandle
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
GetLastError
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
MulDiv
GetTickCount
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
LoadLibraryExW
SetThreadLocale
GetThreadLocale
GetVersionExW
ExpandEnvironmentStringsW
GetFileAttributesW
LocalFree
LocalAlloc
LoadLibraryW
HeapAlloc
GetProcessHeap
HeapFree
FindResourceW
SystemTimeToFileTime
FileTimeToSystemTime
InterlockedExchange
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetCPInfo
GetACP
SetStdHandle
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetConsoleMode
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetSystemTime
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
IsValidCodePage
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringW
SetFilePointer
GetConsoleCP
CreateFileA
Sleep
ExitProcess

user32

GetForegroundWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetCursorPos
ChildWindowFromPoint
TrackPopupMenu
DrawTextW
MonitorFromPoint
DestroyMenu
SetMenuItemBitmaps
InsertMenuW
SetMenuInfo
CreatePopupMenu
IsWindowVisible
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetUpdateRect
GetSystemMetrics
DispatchMessageW
PostMessageW
GetAsyncKeyState
DestroyCaret
SetCaretPos
CopyRect
ShowCaret
CreateCaret
GetAncestor
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
ScreenToClient
TranslateMessage
ClientToScreen
CharNextW
GetSysColor
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SendMessageW
GetParent
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
KillTimer
SetTimer
MoveWindow
SetWindowTextW
CharLowerBuffW
wsprintfW
DefWindowProcW
GetWindowLongW
CallWindowProcW
GetDC
SetWindowPos
TrackMouseEvent
SetCursor
ShowWindow
GetClientRect
CreateWindowExW
RegisterClassExW
GetFocus
GetWindow
LoadCursorW
GetClassInfoExW
SetFocus
InvalidateRect
SetWindowLongW
IsWindow
DestroyWindow
UnregisterClassA
CreateAcceleratorTableW

gdi32

BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
CreateCompatibleDC
SetBkMode
CreateDIBSection
CreateFontW
GetTextExtentPoint32W
SetTextColor
CreateCompatibleBitmap
DeleteDC
GetStockObject
DeleteObject
SelectObject

advapi32

RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
IsValidSid

shell32

ShellExecuteW

ole32

CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromIID
OleRun

oleaut32

SysStringLen
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarBstrCat
VarBstrCmp
SysAllocStringLen
SysAllocString
SysStringByteLen
OleCreateFontIndirect
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
GetErrorInfo
SysFreeString

comctl32

ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/ToolbarBroker.exe
.exe windows:5 windows x86 arch:x86

91bdd5e44ce103f17a28f9dc965b6c44

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:26:79:ca:cf:78:e2:24:44:b0:6b:b5:4f:d3:b1:f9:c7:af:81:08
Signer

Actual PE Digest

51:26:79:ca:cf:78:e2:24:44:b0:6b:b5:4f:d3:b1:f9:c7:af:81:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateEventW
SetEvent
GetCommandLineW
LocalAlloc
CreateNamedPipeW
LocalFree
CreateFileW
WaitNamedPipeW
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
WriteFile
GetVersionExW
HeapAlloc
GetProcessHeap
HeapFree
FindResourceExW
TerminateThread
GetTickCount
SetLastError
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
WideCharToMultiByte
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
FindResourceW
LoadResource
LockResource
SizeofResource
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetModuleHandleA
lstrlenW
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy

user32

CharNextW
SetWindowLongW
GetWindowLongW
MoveWindow
GetWindowRect
GetDlgItem
DefWindowProcW
GetParent
UnhookWindowsHookEx
CallNextHookEx
wsprintfW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
CharUpperW
SetWindowsHookExW
CallWindowProcW
SendMessageW
EndDialog

advapi32

RegDeleteValueW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

ole32

StringFromGUID2
CoUninitialize
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VarBstrCat
VariantClear
SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocString
SysAllocStringLen

shlwapi

UrlEscapeW

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/ToolbarUpdaterService.exe
.exe windows:5 windows x86 arch:x86

279bb8b7b5d0eaf659d4c75f32b58f0d

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:14:f3:a5:97:f0:78:d0:65:c8:fe:13:4b:8e:28:0c:e1:15:7d:15
Signer

Actual PE Digest

84:14:f3:a5:97:f0:78:d0:65:c8:fe:13:4b:8e:28:0c:e1:15:7d:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses
GetModuleBaseNameW

kernel32

ProcessIdToSessionId
Process32NextW
HeapFree
GetProcessHeap
GetCurrentProcess
HeapAlloc
LocalFree
LocalAlloc
GetVersionExW
GetTempPathW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose
CreateFileW
RemoveDirectoryW
CreateNamedPipeW
Process32FirstW
GetCurrentDirectoryW
ReadFile
DisconnectNamedPipe
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetTickCount
CreateThread
TerminateThread
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
CreateToolhelp32Snapshot
WaitForSingleObject
WTSGetActiveConsoleSessionId
OpenProcess
CloseHandle
Sleep
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
GetModuleHandleA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
ConnectNamedPipe
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
VirtualAlloc
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
CreateDirectoryW
GetStartupInfoW
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy

user32

CharNextW
wsprintfW

advapi32

DeleteService
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetTokenInformation
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
RegQueryValueExW
ControlService
StartServiceW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysStringLen
VarBstrCat
VarBstrCmp
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen

urlmon

URLDownloadToFileW

netapi32

NetApiBufferFree
NetUserEnum

userenv

GetProfilesDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/chrome.manifest
$R0/chrome/content/bar.js
.js
$R0/chrome/content/bar.xul
.xml
$R0/chrome/content/constants.js
.js
$R0/chrome/content/events.js
.js
$R0/chrome/content/globals.js
.js
$R0/chrome/content/hosts.js
.js
$R0/chrome/content/init.js
.js
$R0/chrome/content/resources/images/engine_images.png
.png
$R0/chrome/content/resources/images/engine_maps.png
.png
$R0/chrome/content/resources/images/engine_news.png
.png
$R0/chrome/content/resources/images/engine_videos.png
.png
$R0/chrome/content/resources/images/engine_web.png
.png
$R0/chrome/content/resources/images/icon_amazon.png
.png
$R0/chrome/content/resources/images/icon_ebay.png
.png
$R0/chrome/content/resources/images/icon_facebook.png
.png
$R0/chrome/content/resources/images/icon_games.png
.png
$R0/chrome/content/resources/images/icon_msn.png
.png
$R0/chrome/content/resources/images/icon_shopping.png
.png
$R0/chrome/content/resources/images/icon_travel.png
.png
$R0/chrome/content/resources/images/icon_twitter.png
.png
$R0/chrome/content/resources/images/startnow_logo.png
.png
$R0/chrome/content/resources/skin/chevron_button.png
.png
$R0/chrome/content/resources/skin/searchbox_button_hover.png
.png
$R0/chrome/content/resources/skin/searchbox_button_normal.png
.png
$R0/chrome/content/resources/skin/searchbox_dropdown_button_normal.png
.png
$R0/chrome/content/resources/skin/searchbox_input_background.png
.png
$R0/chrome/content/resources/skin/searchbox_input_left.png
.png
$R0/chrome/content/resources/skin/searchbox_input_middle.png
.png
$R0/chrome/content/resources/skin/separator.png
.png
$R0/chrome/content/resources/skin/splitter.png
.png
$R0/chrome/content/resources/skin/toolbarbutton_ff_hover_c.png
.png
$R0/chrome/content/resources/skin/toolbarbutton_ie_hover_c.png
.png
$R0/chrome/content/resources/skin/toolbarbutton_ie_hover_l.png
.png
$R0/chrome/content/resources/skin/toolbarbutton_ie_hover_r.png
.png
$R0/chrome/content/resources/skin/toolbarbutton_ie_normal_c.png
.png
$R0/chrome/content/resources/skin/toolbarbutton_ie_normal_l.png
.png
$R0/chrome/content/resources/skin/toolbarbutton_ie_normal_r.png
.png
$R0/chrome/content/resources/toolbar.xml
.xml
$R0/chrome/locale/en-US/{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
$R0/chrome/skin/overlay.css
$R0/components/tellSvc.dll
.dll windows:5 windows x86 arch:x86

a544672dee35f20b756937fd5b84841d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

OleRun
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

kernel32

GetSystemTimeAsFileTime
RaiseException
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

tellSvc

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/images/engine_images.png
.png
$R0/images/engine_maps.png
.png
$R0/images/engine_news.png
.png
$R0/images/engine_videos.png
.png
$R0/images/engine_web.png
.png
$R0/images/icon_amazon.png
.png
$R0/images/icon_ebay.png
.png
$R0/images/icon_facebook.png
.png
$R0/images/icon_games.png
.png
$R0/images/icon_msn.png
.png
$R0/images/icon_shopping.png
.png
$R0/images/icon_travel.png
.png
$R0/images/icon_twitter.png
.png
$R0/images/startnow_logo.png
.png
$R0/skin/chevron_button.png
.png
$R0/skin/searchbox_button_hover.png
.png
$R0/skin/searchbox_button_normal.png
.png
$R0/skin/searchbox_dropdown_button_normal.png
.png
$R0/skin/searchbox_input_background.png
.png
$R0/skin/searchbox_input_left.png
.png
$R0/skin/searchbox_input_middle.png
.png
$R0/skin/separator.png
.png
$R0/skin/splitter.png
.png
$R0/skin/toolbarbutton_ff_hover_c.png
.png
$R0/skin/toolbarbutton_ie_hover_c.png
.png
$R0/skin/toolbarbutton_ie_hover_l.png
.png
$R0/skin/toolbarbutton_ie_hover_r.png
.png
$R0/skin/toolbarbutton_ie_normal_c.png
.png
$R0/skin/toolbarbutton_ie_normal_l.png
.png
$R0/skin/toolbarbutton_ie_normal_r.png
.png
$R0/toolbar.xml
.xml

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9Certificate

Extended Key Usages

Key Usages

c0:ae:19:94:ad:56:07:18:40:83:cd:51:cb:c6:53:0d:d4:f2:cc:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 272KB

.rsrc Size: 28KB - Virtual size: 27KB

363f09c4ee70037c4ff39dc2ebdb0b27

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 418B

.rdata Size: 512B - Virtual size: 397B

.data Size: 512B - Virtual size: 20B

.reloc Size: 512B - Virtual size: 98B

5e41893d1528e7648e03f81030aca366

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 16B

.reloc Size: 512B - Virtual size: 374B

3113e12e0486a5a5251713b60422a7d6

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 619B

.data Size: 4KB - Virtual size: 248B

.reloc Size: 4KB - Virtual size: 206B

c1eddc2d743572429fa0b1a79b7ac0fe

Headers

File Characteristics

Imports

kernel32

Exports

Exports

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

c0:ae:19:94:ad:56:07:18:40:83:cd:51:cb:c6:53:0d:d4:f2:cc:23
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 272KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 512B - Virtual size: 418B

.rdata
Size: 512B - Virtual size: 397B

.data
Size: 512B - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 98B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 374B

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 619B

.data
Size: 4KB - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 206B

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 40KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 276B

.reloc
Size: 512B - Virtual size: 256B