70e3f778f52b04ad8bdb0354532a6a78

Sharing

Copy URL

Twitter E-mail

General

Target

70e3f778f52b04ad8bdb0354532a6a78
Size

5.5MB
MD5

70e3f778f52b04ad8bdb0354532a6a78
SHA1

9b047fc3233d886b804b842a63b17f075359be13
SHA256

209113be716dd92ebbc8da1c9aa8bb22adfda1da32e168055f3a56b1ddc0bbd5
SHA512

d7709b671b4f656d25504f55de04906a95e7d092a817b61a19fd88c90a73b212e7ca7343f79ec8fcefecb4c45fec3ea27d00419985271e1b0b23e8e612e35e79
SSDEEP

98304:rcz+qTqq77LnD7juT++XNwdqqr+4ATkOGG25cyx8j2FBP2KJlykmKkPHbDgI:rcSkqELnnq/XCdqNdkOjyx82BeKqjKA1

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$COMMONFILES/ParetoLogic/UUS3/LiteUnzip.dll
unpack001/$COMMONFILES/ParetoLogic/UUS3/Pareto_Update3.exe
unpack001/$COMMONFILES/ParetoLogic/UUS3/UUS3.dll
unpack001/$PLUGINSDIR/AdvSplash.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/NSIS_HTTPRequest.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/CommonLoggingExtension.pxt
unpack001/CommonSpecialist.pxt
unpack001/RegHookSpecialist.pxt
unpack001/SandBoxer.dll
unpack001/Utility.pxt
unpack002/$PLUGINSDIR/UserInfo.dll

Files

70e3f778f52b04ad8bdb0354532a6a78
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:d6:dc:c1:31:e0:f6:3e:ce:0a:37:8e:99:78:b5:f5:e8:51:c3:79
Signer

Actual PE Digest

63:d6:dc:c1:31:e0:f6:3e:ce:0a:37:8e:99:78:b5:f5:e8:51:c3:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/ParetoLogic/PC Health Advisor/dc_db.db
$APPDATA/ParetoLogic/UUS3/Master.xml
$APPDATA/ParetoLogic/UUS3/PCHA/Database.xml
$APPDATA/ParetoLogic/UUS3/PCHA/Master.xml
$APPDATA/ParetoLogic/UUS3/PCHA/Patch.xml
$APPDATA/ParetoLogic/UUS3/PCHA/Update.xml
$APPDATA/ParetoLogic/UUS3/Patch.xml
$APPDATA/ParetoLogic/UUS3/Update.xml
$COMMONFILES/ParetoLogic/UUS3/Images/Logo.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/ad_generic.jpg
.jpg
$COMMONFILES/ParetoLogic/UUS3/Images/close.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/close_md.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/close_mo.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/close_pu.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/close_pu_md.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/close_pu_mo.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/min.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/min_md.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/min_mo.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/progress_glow.png
.png
$COMMONFILES/ParetoLogic/UUS3/Images/topbar_gradient.png
.png
$COMMONFILES/ParetoLogic/UUS3/LiteUnzip.dll
.dll windows:4 windows x86 arch:x86

f7a84048399bc4a2d1221cc8bdd7c96e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GlobalFree
GlobalAlloc
CreateDirectoryA
GetLastError
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileA
CreateFileW
IsBadReadPtr
SetFilePointer
lstrcmpA
LocalFileTimeToFileTime
SystemTimeToFileTime
MultiByteToWideChar
lstrlenA
lstrcpyA
lstrcmpiA
WideCharToMultiByte
GetCurrentDirectoryA
DuplicateHandle
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
DisableThreadLibraryCalls
FlushFileBuffers
LoadLibraryA
GetCommandLineA
GetProcAddress
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
SetStdHandle

user32

LoadStringA
LoadStringW

Exports

Exports

UnzipClose
UnzipFindItemA
UnzipFindItemW
UnzipFormatMessageA
UnzipFormatMessageW
UnzipGetItemA
UnzipGetItemW
UnzipItemToBuffer
UnzipItemToFileA
UnzipItemToFileW
UnzipItemToHandle
UnzipOpenBuffer
UnzipOpenFileA
UnzipOpenFileW
UnzipOpenHandle
UnzipSetBaseDirA
UnzipSetBaseDirW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/ParetoLogic/UUS3/Pareto_Update3.exe
.exe windows:5 windows x86 arch:x86

f592726dded90c4d7e23cee7f8218bbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryDataAvailable
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

kernel32

SetEnvironmentVariableA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapDestroy
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
ExitThread
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualProtect
SearchPathW
GetProfileIntW
GetTempPathW
GetNumberFormatW
GetWindowsDirectoryW
SetErrorMode
GetCurrentDirectoryW
GetTempFileNameW
GetSystemDirectoryW
GlobalFlags
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
DeleteFileW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
FindFirstFileW
FindClose
GetThreadLocale
GlobalGetAtomNameW
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
ResumeThread
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
FreeResource
lstrlenA
lstrcmpA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ActivateActCtx
DeactivateActCtx
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceExW
GetModuleHandleW
LocalFree
FormatMessageW
RaiseException
WaitForSingleObject
Sleep
CreateThread
lstrcmpiW
SetCurrentDirectoryW
CreateMutexW
GetTickCount
CreateFileW
ReadFile
CloseHandle
GetLocalTime
HeapAlloc
GetLastError
GetCurrentProcess
GetProcessHeap
HeapFree
lstrlenW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
MulDiv
GetVersionExW
FindResourceW
LoadResource
LockResource
SizeofResource
TlsFree
WriteConsoleW

user32

SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
DestroyMenu
GetMenuItemInfoW
RealChildWindowFromPoint
CharUpperW
GetSysColorBrush
LoadCursorW
OffsetRect
IsRectEmpty
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IntersectRect
GetWindowThreadProcessId
MapVirtualKeyW
GetKeyNameTextW
ClientToScreen
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
SubtractRect
CopyRect
GetWindowTextLengthW
GetFocus
SetFocus
SetWindowPos
CopyAcceleratorTableW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
GetWindow
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
ExitWindowsEx
SetDlgItemTextW
GetWindowPlacement
IsDlgButtonChecked
DrawIcon
BringWindowToTop
SetActiveWindow
LoadIconW
SetForegroundWindow
FindWindowW
MessageBoxW
GetWindowTextW
GetDoubleClickTime
CharUpperBuffW
CopyIcon
CallWindowProcW
SetWindowLongW
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
GetDlgItem
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetTimer
KillTimer
ShowWindow
GetWindowLongW
FillRect
EndPaint
BeginPaint
SetRect
ReleaseCapture
SetCapture
PtInRect
ScreenToClient
GetCursorPos
GetSystemMetrics
IsWindowVisible
IsIconic
GetDesktopWindow
SetWindowRgn
GetWindowDC
IsWindow
MoveWindow
InvalidateRect
GetClientRect
GetParent
PostMessageW
SendMessageW
GetWindowRect
InvalidateRgn
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
DestroyIcon
LoadImageW
ReuseDDElParam
UnpackDDElParam
CharNextW
UnregisterClassW
WindowFromPoint
WaitMessage
DeleteMenu
RedrawWindow
EnableWindow
InflateRect
ReleaseDC
GetDC
SystemParametersInfoW
GetNextDlgGroupItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
GetWindowRgn
DestroyCursor
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
UnionRect
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
DrawEdge
DrawStateW
GetSystemMenu
SetClassLongW
DestroyAcceleratorTable
SetParent
IsZoomed
DrawIconEx
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
GetMenuDefaultItem
GetMenu
MessageBeep

gdi32

GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetPixel
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
CreateEllipticRgn
Ellipse
LineTo
GetTextExtentPoint32W
GetTextMetricsW
SetTextAlign
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
GetBkColor
GetTextColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
Polyline
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
EnumFontFamiliesExW
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
CreateDIBitmap
MoveToEx
IntersectClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
ExcludeClipRect
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC
CreateRoundRectRgn
CreateFontIndirectW
GetObjectW
SetBkMode
CreateSolidBrush
DeleteObject
CreateDIBSection
GetDeviceCaps

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegQueryValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegOpenKeyExW
OpenProcessToken

shell32

ShellExecuteExW
SHGetFileInfoW
DragFinish
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder

comctl32

InitCommonControlsEx
ImageList_GetIconSize

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CreateStreamOnHGlobal
OleDraw
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
VarBstrFromDate
SysAllocStringByteLen
SysAllocString
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SafeArrayGetElemsize
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipDrawImage
GdipDrawImageRectI
GdipDrawImageRect
GdipGraphicsClear
GdipStartPathFigure
GdipGetFontHeight
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipAddPathLineI
GdipAddPathArcI
GdipClonePath
GdipAddPathEllipse
ord1
GdipClosePathFigure
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipDrawPath
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipFillRectangle
GdipFillPath
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientFocusScales
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawString
GdipDeleteGraphics
GdipCreateFontFromLogfontW
GdipSetSmoothingMode
GdipFillRectangleI
GdipLoadImageFromFile
GdipCloneImage
GdipDisposeImage

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/ParetoLogic/UUS3/UUS3.dll
.dll windows:5 windows x86 arch:x86

d85694722aedbc4521bf434d2e9959ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetConnectW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

user32

CreateAcceleratorTableW
GetDesktopWindow
FillRect
GetFocus
LoadImageW
GetMenuItemCount
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
PostMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
SetWindowLongW
ReleaseCapture
GetWindowLongW
GetSystemMetrics
SwitchToThisWindow
CallWindowProcW
TranslateAcceleratorW
LoadMenuW
LoadAcceleratorsW
PostQuitMessage
LoadStringA
MessageBeep
PtInRect
CreatePopupMenu
DestroyMenu
TrackPopupMenuEx
AppendMenuW
RemoveMenu
MonitorFromPoint
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
DestroyWindow
wsprintfW
UnregisterClassA
DestroyAcceleratorTable
GetSysColor
CharNextW
LoadStringW
GetMonitorInfoW
MonitorFromWindow
GetClassNameW
GetDlgItem
GetParent
IsChild
GetWindow
SetFocus
SetCapture
EnableWindow
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
MapWindowPoints
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
MoveWindow
SetMenu
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SendMessageW
CreateWindowExW

kernel32

TerminateProcess
LCMapStringW
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
GetCPInfo
DecodePointer
EncodePointer
InitializeCriticalSection
GetStringTypeW
InterlockedExchange
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
VirtualAlloc
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
ExitProcess
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoW
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
Sleep
OutputDebugStringW
CloseHandle
ReadFile
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetFileAttributesW
CreateDirectoryW
DeleteFileW
MoveFileW
GetModuleFileNameW
CreateThread
lstrcpyW
WaitForSingleObject
GetExitCodeThread
WaitForMultipleObjects
GetTempPathW
RaiseException
lstrcmpiW
WriteFile
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetFileSize
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
lstrcmpW
MulDiv
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
lstrcpynA
lstrcpynW
SetLastError
HeapFree
GetProcessHeap
HeapAlloc
WriteConsoleW
SetEndOfFile
CompareStringW
GetLocalTime

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
SelectObject
DeleteObject

advapi32

RegCreateKeyExW
RegSetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegGetKeySecurity
IsTextUnicode
GetUserNameW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyW
RegDeleteValueW
RegFlushKey
RegQueryValueExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoInitialize
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
StringFromGUID2
OleLockRunning
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoUninitialize

oleaut32

OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
VarUI4FromStr
SysAllocStringLen
VariantInit
VariantClear
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

Exports

Exports

CollectEmail
RegisterUns
RunUnsW
USCopySelfUpdateExe
USCreate
USDelete
USDoAllUpdates
USDoAllUpdatesWithUI
USDoAllUpdatesWithUIEx
USDoNag
USDoNewProduct
USDoSelfUpdate
USInitUns
USShowUpdatesSettingsDialog
UnsSetHtmlParam

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/ParetoLogic/UUS3/settings.xml
$PLUGINSDIR/AdvSplash.dll
.dll windows:5 windows x86 arch:x86

18323a9b4dffb5fab0a7a28a154efdfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
GetVersion
lstrcpyW
lstrcatW
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree

user32

PostMessageW
UnregisterClassW
DispatchMessageW
GetMessageW
IsWindow
CreateWindowExW
LoadImageW
RegisterClassW
LoadCursorW
EnumDisplaySettingsW
SetWindowRgn
DestroyWindow
DefWindowProcW
BeginPaint
GetClientRect
EndPaint
SystemParametersInfoW
SetWindowLongW
SetWindowPos
wsprintfW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
GetObjectW
DeleteDC

winmm

timeSetEvent
PlaySoundW
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSIS_HTTPRequest.dll
.dll windows:5 windows x86 arch:x86

e3b9a1010ee2fc31a4b4cb9839de586c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW

kernel32

SetHandleCount
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
MultiByteToWideChar
CreateThread
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA

user32

wsprintfW

Exports

Exports

NSIS_HTTPRequest
NSIS_HTTPRequestThreaded

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp
7ZipDLL.dll
.dll windows:5 windows x86 arch:x86

f6f2932e56b291871cb8e84d6a351034

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:80:6c:7a:f4:cb:5c:93:51:37:fc:49:7c:1b:8c:50:e6:72:3b:56
Signer

Actual PE Digest

2d:80:6c:7a:f4:cb:5c:93:51:37:fc:49:7c:1b:8c:50:e6:72:3b:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetLastError
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
ReadFile
WriteFile
CreateFileA
CompareFileTime
GetSystemInfo
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
DosDateTimeToFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetStringTypeW
LCMapStringW
HeapReAlloc
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
RaiseException
HeapAlloc
HeapFree
EncodePointer
DecodePointer
ExitThread
CreateThread
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
IsProcessorFeaturePresent
ExitProcess
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
Sleep
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime

user32

CharPrevExA
CharNextA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharPrevA

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethodsDLL
SetLargePageMode

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CommonLoggingExtension.pxt
.dll windows:5 windows x86 arch:x86

263d753140f1375d460a908651254161

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetFileSize
SizeofResource
UnmapViewOfFile
CreateFileW
CreateFileMappingW
CloseHandle
LoadResource
FindResourceW
FindResourceExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MapViewOfFile
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
GetCurrentProcess
GetModuleFileNameW
SetFilePointer
WriteFile
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
GetLastError
Sleep
GetACP
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
GetStringTypeW
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

shell32

ord51

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

PathFileExistsW
PathUnquoteSpacesW
PathRemoveArgsW

Exports

Exports

GetExtensionFactory

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CommonSpecialist.pxt
.dll windows:5 windows x86 arch:x86

ae3a7a1aa0cda94ebffa117da634f962

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindResourceExW
CreateFileW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetTickCount
FindResourceW
OutputDebugStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
RtlUnwind
GetCurrentProcess
GetModuleFileNameW
GetFileSize
SetFilePointerEx
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
Sleep
MultiByteToWideChar
GetACP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
IsProcessorFeaturePresent
GetStdHandle
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
GetConsoleCP
GetConsoleMode

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW

Exports

Exports

DeleteExtensionFactory
GetExtensionFactory

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtensionManager.dll
.dll windows:5 windows x86 arch:x86

ee0172a568cfe677fc4991892e2d5358

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:27:ea:89:58:b9:ef:47:af:c9:a0:62:bc:d1:9d:0e:4f:a2:5f:40
Signer

Actual PE Digest

61:27:ea:89:58:b9:ef:47:af:c9:a0:62:bc:d1:9d:0e:4f:a2:5f:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceW
LoadResource
LockResource
SizeofResource
FindClose
FindNextFileW
FindFirstFileExW
GetProcAddress
FindResourceExW
LoadLibraryW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCurrentProcess
CloseHandle
GetModuleFileNameW
CreateFileW
SetFilePointer
WriteFile
GetModuleHandleW
GetLastError
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
GetStdHandle
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
LCMapStringW
RtlUnwind

shlwapi

PathFileExistsW

rpcrt4

UuidToStringW
RpcStringFreeW

Exports

Exports

DeleteExtensionManager
GetExtensionManager

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTML/0_days.htm
.html
HTML/15_days.htm
.html
HTML/1_days.htm
.html
HTML/2_days.htm
.html
HTML/30_days.htm
.html
HTML/5_days.htm
.html
HTML/container_content_bkimg.gif
.gif
HTML/container_content_leftimg.gif
.gif
HTML/container_content_rightimg.gif
.gif
HTML/error_connect.html
.html
HTML/images/10x10.gif
.gif
HTML/images/10x10tile.gif
.gif
HTML/images/contentwrapper.gif
.gif
HTML/images/error_internet.jpg
.jpg
HTML/images/footerbarfill.gif
.gif
HTML/images/info_bubble.jpg
.jpg
HTML/images/pcha_background.jpg
.jpg
HTML/images/tile_footerbarbase.jpg
.jpg
HTML/images/tile_subheadbarbase.jpg
.jpg
HTML/images/tile_titlebarbase.jpg
.jpg
HTML/main.css
HTML/main_error.css
HTML/package_titlebar_bkimg.jpg
.jpg
HandleUpdate.dll
.dll windows:5 windows x86 arch:x86

c425e7723483778b51f90ed06470e9f7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:ed:63:79:f4:5c:6c:23:f2:40:80:98:e2:c6:28:41:cc:3a:8f:f2
Signer

Actual PE Digest

31:ed:63:79:f4:5c:6c:23:f2:40:80:98:e2:c6:28:41:cc:3a:8f:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathAppendW
PathFindFileNameW

kernel32

WriteConsoleW
GetConsoleMode
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleCP
GetTimeZoneInformation
SetEnvironmentVariableA
LCMapStringW
SizeofResource
LockResource
LoadResource
FindResourceW
CopyFileW
VirtualQueryEx
GetCurrentProcess
GetModuleFileNameW
InterlockedExchange
LoadLibraryExW
GetLocaleInfoW
FreeLibrary
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
GlobalAlloc
lstrcmpW
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
SetLastError
DeactivateActCtx
GetLastError
LoadLibraryW
ActivateActCtx
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
MulDiv
lstrlenW
LocalFree
FormatMessageW
GlobalUnlock
GlobalSize
GlobalFree
CloseHandle
SetThreadPriority
ResumeThread
WaitForSingleObject
GetStringTypeW
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapQueryInformation
HeapSize
CreateThread
ExitThread
HeapReAlloc
RaiseException
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
DecodePointer
EncodePointer
FindResourceExW
GetPrivateProfileIntW
WritePrivateProfileStringW
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
Sleep
GetProfileIntW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
FreeResource
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
lstrlenA
GlobalGetAtomNameW
DeleteFileW
InterlockedIncrement
CompareStringW
GlobalFlags
GetVersionExW
lstrcpyW
GetSystemDirectoryW
GetCurrentDirectoryW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GlobalAddAtomW
GetPrivateProfileStringW

user32

GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
GetNextDlgGroupItem
HideCaret
InvertRect
SubtractRect
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
GetIconInfo
GetDoubleClickTime
CharUpperBuffW
CopyIcon
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CopyImage
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
IntersectRect
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
DestroyIcon
IsIconic
ShowWindow
MoveWindow
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
PostQuitMessage
PostMessageW
RemoveMenu
GetSubMenu
GetMenuItemCount
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindowTextLengthW
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetSysColorBrush
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
CheckMenuItem
EnableMenuItem
ModifyMenuW
SendMessageW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
ShowOwnedPopups
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetWindowThreadProcessId
UnhookWindowsHookEx
UnregisterClassW
DeleteMenu
CopyRect
SetRectEmpty
GetMonitorInfoW
SystemParametersInfoW
EnumDisplayMonitors
GetSystemMetrics
GetSysColor
SetLayeredWindowAttributes
LoadCursorW
GetClientRect
MapWindowPoints
DefWindowProcW
GetClassInfoW

gdi32

CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SelectPalette
GetObjectType
CreateHatchBrush
GetTextExtentPoint32W
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
GetBkColor
GetTextColor
SelectClipRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetRectRgn
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
PatBlt
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
SetBkColor
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
SetTextColor
SetROP2
SetPolyFillMode
CreateBitmap
CreateDIBitmap
DPtoLP
GetStockObject
SetBkMode
CreatePen
GetDeviceCaps
CopyMetaFileW
CreateDCW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegCloseKey
RegEnumValueW
RegQueryValueW

shell32

SHGetFileInfoW
ShellExecuteW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW

comctl32

ImageList_GetIconSize

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoTaskMemFree
CoCreateGuid

oleaut32

SysStringLen
VariantClear
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarBstrFromDate
VariantInit
SysAllocString
SysFreeString

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Exports

Exports

HU_ReloadDatabase

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Images/health rating/pchealth_high.png
.png
Images/health rating/pchealth_high_short.png
.png
Images/health rating/pchealth_low.png
.png
Images/health rating/pchealth_low_short.png
.png
Images/health rating/pchealth_medium.png
.png
Images/health rating/pchealth_medium_short.png
.png
Images/health rating/pchealth_unrated.png
.png
Images/health rating/pchealth_unrated_short.png
.png
Images/register.png
.png
Images/register_over.png
.png
LiteUnzip.dll
.dll windows:4 windows x86 arch:x86

f7a84048399bc4a2d1221cc8bdd7c96e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:ab:53:1e:35:8e:71:6b:5e:dd:45:4d:df:1e:33:b6:41:56:5c:c3
Signer

Actual PE Digest

b9:ab:53:1e:35:8e:71:6b:5e:dd:45:4d:df:1e:33:b6:41:56:5c:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GlobalFree
GlobalAlloc
CreateDirectoryA
GetLastError
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileA
CreateFileW
IsBadReadPtr
SetFilePointer
lstrcmpA
LocalFileTimeToFileTime
SystemTimeToFileTime
MultiByteToWideChar
lstrlenA
lstrcpyA
lstrcmpiA
WideCharToMultiByte
GetCurrentDirectoryA
DuplicateHandle
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
DisableThreadLibraryCalls
FlushFileBuffers
LoadLibraryA
GetCommandLineA
GetProcAddress
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
SetStdHandle

user32

LoadStringA
LoadStringW

Exports

Exports

UnzipClose
UnzipFindItemA
UnzipFindItemW
UnzipFormatMessageA
UnzipFormatMessageW
UnzipGetItemA
UnzipGetItemW
UnzipItemToBuffer
UnzipItemToFileA
UnzipItemToFileW
UnzipItemToHandle
UnzipOpenBuffer
UnzipOpenFileA
UnzipOpenFileW
UnzipOpenHandle
UnzipSetBaseDirA
UnzipSetBaseDirW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiteZip.dll
.dll windows:4 windows x86 arch:x86

a4f9b29cfb961f52cf212be6c0353a3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:d9:72:9d:75:f6:90:1a:9c:7b:e9:83:8c:fd:ef:7a:40:b7:3f:11
Signer

Actual PE Digest

7e:d9:72:9d:75:f6:90:1a:9c:7b:e9:83:8c:fd:ef:7a:40:b7:3f:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
SetFilePointer
ReadFile
GlobalFree
CloseHandle
GlobalAlloc
lstrlenA
lstrcmpiA
lstrcpyA
WideCharToMultiByte
SystemTimeToFileTime
GetLocalTime
CreateFileA
CreateFileW
IsBadReadPtr
GetFileSize
GetFileInformationByHandle
WriteFile
FindClose
FindNextFileA
FindFirstFileA
lstrlenW
lstrcpyW
FindNextFileW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DuplicateHandle
GetCurrentProcess
DisableThreadLibraryCalls
GetTickCount
FlushFileBuffers
LoadLibraryA
HeapFree
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetStdHandle

user32

LoadStringW
LoadStringA
GetDesktopWindow

Exports

Exports

ZipAddBufferA
ZipAddBufferW
ZipAddDirA
ZipAddDirW
ZipAddFileA
ZipAddFileW
ZipAddFolderA
ZipAddFolderW
ZipAddHandleA
ZipAddHandleW
ZipAddPipeA
ZipAddPipeW
ZipClose
ZipCreateBuffer
ZipCreateFileA
ZipCreateFileW
ZipCreateHandle
ZipFormatMessageA
ZipFormatMessageW
ZipGetMemory
ZipOptions
ZipResetMemory

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LogSettings.xml
MyResources.dll
.dll windows:5 windows x86 arch:x86

2e168f9fee36c65804acc85d4752ed9f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e1:d2:e0:00:9f:67:97:04:6c:a3:40:38:25:6e:ba:b4:41:16:49:b1
Signer

Actual PE Digest

e1:d2:e0:00:9f:67:97:04:6c:a3:40:38:25:6e:ba:b4:41:16:49:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PCHA.exe
.exe windows:5 windows x86 arch:x86

52813f4910be421637f974b546b240a8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:ea:b2:c5:13:eb:77:4e:77:fc:9f:46:43:6f:73:f1:8c:7c:3d:6b
Signer

Actual PE Digest

ea:ea:b2:c5:13:eb:77:4e:77:fc:9f:46:43:6f:73:f1:8c:7c:3d:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreateSequential

winmm

timeGetTime
PlaySoundW

wininet

InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetGetLastResponseInfoW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetQueryDataAvailable

shfolder

SHGetFolderPathW

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHFileOperationW
ord165
SHGetDiskFreeSpaceExW
SHQueryRecycleBinW
SHAppBarMessage
SHGetMalloc
DragQueryFileW
DragFinish
SHEmptyRecycleBinW
SHCreateDirectoryExW

ole32

CoInitialize
StringFromGUID2
OleUninitialize
OleInitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
CoCreateGuid
CreateStreamOnHGlobal
OleDraw
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

shlwapi

PathGetCharTypeW
PathAddExtensionW
PathIsNetworkPathW
ord215
SHDeleteKeyW
PathFindFileNameW
PathStripToRootW
PathFindOnPathW
PathAddBackslashW
PathIsDirectoryW
StrFormatByteSizeW
PathStripPathW
PathFileExistsW
PathFindExtensionW
PathUnquoteSpacesW
PathAppendW
ord217
PathRemoveFileSpecW
PathIsUNCW

gdi32

CreatePen
GetObjectW
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
GetCurrentObject
SetTextColor
SetBkColor
DeleteObject
DeleteDC
GetTextExtentPoint32W
CreateDCW
CreateSolidBrush
CreateFontIndirectW
SelectObject
GetDeviceCaps
BitBlt
PtVisible
RectVisible
CreateDIBSection
CreatePatternBrush
GetStockObject
SaveDC
RestoreDC
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
SetBkMode
SetPolyFillMode
SetROP2
SetPixelV
GetTextFaceW
GetViewportOrgEx
GetTextColor
FrameRgn
FillRgn
PtInRegion
GetWindowOrgEx
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExW
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
OffsetRgn
GetRgnBox
CreateRoundRectRgn
Rectangle
SetPixel
StretchBlt
RealizePalette
GetDIBits
SetDIBColorTable
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateDIBitmap
Polygon
Polyline
GetBkColor
CreatePolygonRgn
Ellipse
CreateEllipticRgn
CopyMetaFileW
PatBlt
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateHatchBrush
DPtoLP
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
GetBoundsRect
OffsetWindowOrgEx
SetWindowExtEx
GetBitmapBits
GetObjectA
CreateDCA
ScaleWindowExtEx
ExtSelectClipRgn
SelectPalette
GetObjectType
CreateBitmap

comctl32

ImageList_GetIconSize
ImageList_Draw
InitCommonControlsEx

user32

FrameRect
HideCaret
InvertRect
GetDoubleClickTime
CopyIcon
SetCursorPos
LockWindowUpdate
SetClassLongW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
PostThreadMessageW
SetParent
UnregisterClassW
CharNextW
InvalidateRgn
CopyAcceleratorTableW
NotifyWinEvent
DeleteMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetLayeredWindowAttributes
EnumDisplayMonitors
RealChildWindowFromPoint
CharUpperBuffW
DrawFrameControl
DrawEdge
CharUpperW
MapVirtualKeyW
GetKeyNameTextW
GetMenuItemInfoW
ShowOwnedPopups
GetMessageW
SetWindowContextHelpId
MapDialogRect
IsZoomed
IsCharLowerW
MapVirtualKeyExW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
TranslateAcceleratorW
WindowFromPoint
SetWindowRgn
GetDesktopWindow
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetNextDlgTabItem
EndDialog
DrawStateW
LoadImageW
GetIconInfo
CopyImage
GetNextDlgGroupItem
SetRectEmpty
IsDlgButtonChecked
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
GetMenuState
GetMenuStringW
AppendMenuW
GetWindowRgn
GetWindowRect
SetRect
PostMessageW
ReleaseCapture
LoadCursorW
SetCursor
SetCapture
GetDC
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SendMessageW
GetParent
IsWindow
PtInRect
ScreenToClient
GetMessagePos
InvalidateRect
EnableWindow
SetTimer
KillTimer
IsWindowVisible
ReleaseDC
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
GetClientRect
GetSysColorBrush
InsertMenuW
RemoveMenu
GetWindowThreadProcessId
IsWindowEnabled
IntersectRect
ClientToScreen
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ValidateRect
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
wsprintfW
IsRectEmpty
SystemParametersInfoW
GetSystemMetrics
RegisterClipboardFormatW
GetMenuDefaultItem
CreatePopupMenu
TrackMouseEvent
DrawIconEx
ExitWindowsEx
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuW
RegisterWindowMessageW
CallWindowProcW
UpdateWindow
ShowWindow
DefWindowProcW
FindWindowExW
EnumChildWindows
IsIconic
DestroyMenu
GetFocus
InflateRect
DrawFocusRect
CopyRect
ShowScrollBar
OffsetRect
DestroyWindow
PostQuitMessage
WaitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
CreateDialogIndirectParamW
GetWindow
GetAsyncKeyState
SetClipboardData
EmptyClipboard
GetWindowTextW
WinHelpW
SetWindowTextW
MoveWindow
SetForegroundWindow
SetWindowPos
SetFocus
CheckDlgButton
GetSystemMenu
EnableMenuItem
GetClassNameW
SetWindowLongW
FillRect
GetDlgItem
DestroyIcon
LoadIconW
GetDialogBaseUnits
GetSysColor
EndPaint
GetWindowLongW
DrawIcon
BeginPaint
MessageBeep
LoadStringW
MessageBoxW
GetLastActivePopup
GetActiveWindow
GetScrollInfo
RedrawWindow

kernel32

GlobalMemoryStatusEx
SetLastError
DeactivateActCtx
ActivateActCtx
TryEnterCriticalSection
GetCurrentProcessId
OpenProcess
TerminateProcess
GetFileAttributesW
GetWindowsDirectoryW
GlobalFree
CreateMutexW
GetLocaleInfoW
lstrcmpW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
FindResourceExW
DeviceIoControl
SetEvent
CreateFileW
WaitForMultipleObjects
CreateEventW
DeleteFileW
CreateTimerQueue
DeleteTimerQueueTimer
DeleteTimerQueue
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetFileSize
SetFilePointer
ReadFile
WriteFile
VirtualAlloc
VirtualFree
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
GetTimeZoneInformation
GetFileSizeEx
GetTempPathW
GetTempFileNameW
MoveFileExW
GetSystemTimes
ResetEvent
InitializeCriticalSectionAndSpinCount
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
FreeResource
FormatMessageW
GlobalSize
CopyFileW
lstrcmpA
lstrlenA
CreateActCtxW
ReleaseActCtx
InterlockedDecrement
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalGetAtomNameW
InterlockedExchange
LoadLibraryExW
CompareStringA
GetSystemDefaultUILanguage
ConvertDefaultLocale
SetThreadPriority
ResumeThread
SuspendThread
RaiseException
lstrcpyW
GetProfileIntW
GetThreadLocale
MoveFileW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetFullPathNameW
GetShortPathNameW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
GetSystemDirectoryW
SystemTimeToFileTime
GetCurrentDirectoryW
GetUserDefaultLCID
SetFileTime
GetFileTime
GetFileAttributesExW
SetFileAttributesW
SetErrorMode
Sleep
VirtualProtect
GetCommandLineW
HeapSetInformation
lstrlenW
DecodePointer
EncodePointer
HeapReAlloc
GetTimeFormatW
GetDateFormatW
ExitProcess
ExitThread
CreateThread
RtlUnwind
FindFirstFileExW
GetCPInfo
SetStdHandle
GetFileType
GetSystemInfo
VirtualQuery
HeapQueryInformation
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
SetConsoleCtrlHandler
IsProcessorFeaturePresent
GetFileInformationByHandle
PeekNamedPipe
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetFullPathNameA
SetEnvironmentVariableA
SetCurrentDirectoryW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThread
CloseHandle
GetLastError
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
CreateDirectoryW
LocalUnlock
LocalFree
LocalLock
LocalAlloc
GlobalAlloc
GetModuleFileNameW
GetModuleHandleW
MulDiv
GetVersionExW
OutputDebugStringW
GlobalUnlock
MultiByteToWideChar
GlobalLock
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
InitializeCriticalSection
InterlockedCompareExchange
CompareFileTime
CreateFileA
QueryPerformanceFrequency
LoadLibraryA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessId
GetEnvironmentVariableW
RemoveDirectoryW
SetFilePointerEx
ReleaseMutex
SetEnvironmentVariableW
TerminateThread
SearchPathW
lstrcmpiW
GetLocalTime
GetExitCodeThread
SleepEx
GetFileAttributesA
LockFileEx
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
GetDriveTypeA
FindFirstFileExA
GetStartupInfoW
GetUserDefaultUILanguage
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
GetNumberFormatW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

OpenThreadToken
GetTokenInformation
LookupAccountSidW
RegDeleteValueW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
OpenProcessToken
SetFileSecurityW
GetUserNameW
RegEnumValueW
RegNotifyChangeKeyValue
LookupPrivilegeValueW
AdjustTokenPrivileges
FreeSid
RegQueryValueW
ConvertSidToStringSidW
SetEntriesInAclW
CreateWellKnownSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
GetSecurityDescriptorControl
AllocateAndInitializeSid

oleaut32

SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantCopy
VariantChangeType
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
OleCreateFontIndirect
SafeArrayUnlock

gdiplus

GdipDrawImageRect
GdipSetPixelOffsetMode
GdipSetStringFormatFlags
GdipGetLogFontW
GdipCreateFromHWND
GdipCreateLineBrushFromRectI
GdipDeletePen
GdipCreatePen1
GdipDrawRectangleI
GdipFillRectangleI
GdipSetTextRenderingHint
GdipDrawString
GdipGetFontHeight
GdipDrawImageRectI
GdipCreatePath
GdipDeletePath
GdipAddPathLine2I
GdipCreateMatrix2
GdipDeleteMatrix
GdipCreateMatrix
GdipScaleMatrix
GdipTransformPath
GdipGetPathWorldBounds
GdipTranslateMatrix
GdipAddPathPolygonI
GdipAddPathLineI
GdipAddPathPath
GdipGetFontSize
GdipGetFontStyle
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipCombineRegionRect
GdipGetFontUnit
GdipCreateFont
GdipGetFamily
GdipDeleteFontFamily
GdipMeasureString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipClonePath
GdipGetImageGraphicsContext
GdipAddPathArcI
GdipCreateBitmapFromScan0
GdiplusStartup
GdipDrawImage
GdipGraphicsClear
GdipDeleteFont
GdipSetSmoothingMode
GdipDrawPath
GdipSetInterpolationMode
GdipAddPathEllipseI
GdipSetLineBlend
GdipCreateFontFromLogfontW
GdipCreateRegionPath
GdipResetClip
GdipSetClipRegion
GdipSetClipPath
GdipSetClipRect
GdipFillEllipse
GdipDrawEllipse
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipAddPathRectangle
ord1
GdipAddPathLine
GdipClosePathFigure
GdipSetStringFormatHotkeyPrefix
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRect
GdipDeleteRegion
GdipSetPathGradientFocusScales
GdipSetPathGradientBlend
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipCreatePen2
GdipSetLineWrapMode
GdipDrawImageRectRectI
GdipReleaseDC
GdipGetDC
GdipDrawLineI
GdipCreateHICONFromBitmap
GdipCreateBitmapFromFile
GdipDrawRectangle
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdipFillRectangle
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipFillPath
GdiplusShutdown

oledlg

OleUIBusyW

psapi

GetProcessMemoryInfo

crypt32

CertGetNameStringW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

msimg32

AlphaBlend
TransparentBlt

wintrust

CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
WTHelperProvDataFromStateData
WinVerifyTrust

litezip

ZipCreateFileW
ZipAddBufferW
ZipClose
ZipAddFileW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

7zipdll

GetMethodProperty
GetNumberOfMethodsDLL
GetHandlerProperty2
GetNumberOfFormats
SetLargePageMode
CreateObject

msi

ord217
ord173

ws2_32

select
ntohs
send
ioctlsocket
getsockname
bind
getsockopt
setsockopt
getprotobyname
connect
gethostname
__WSAFDIsSet
listen
inet_addr
recvfrom
WSASend
socket
WSAEventSelect
WSASetEvent
WSACreateEvent
WSARecv
WSAGetOverlappedResult
WSASetLastError
shutdown
FreeAddrInfoW
GetAddrInfoW
WSAStartup
WSACleanup
closesocket
WSACloseEvent
WSASocketW
WSAGetLastError
WSAConnect
WSAEnumNetworkEvents
WSAResetEvent
gethostbyname
htons
inet_ntoa
recv
sendto
accept

setupapi

SetupDiGetClassDescriptionW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupFindNextMatchLineW
SetupGetLineTextW
SetupEnumInfSectionsW
SetupFindNextLine
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 799KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RegHookSpecialist.pxt
.dll windows:5 windows x86 arch:x86

f2d92fe4f2fc225a8bf606900006de32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLongPathNameW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCurrentProcess
CloseHandle
GetModuleFileNameW
CreateFileW
SetFilePointer
WriteFile
ExpandEnvironmentStringsW
GetModuleHandleW
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
GetStdHandle
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCloseKey
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW

shlwapi

PathFileExistsW
PathUnquoteSpacesW
PathStripPathW
PathRemoveArgsW

Exports

Exports

DeleteExtensionFactory
GetExtensionFactory

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandBoxer.dll
.dll windows:4 windows x86 arch:x86

9c2c447b2262ee25679c6721ea47bb1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpiA
lstrcatW
WriteProcessMemory
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
UnmapViewOfFile
TerminateThread
TerminateProcess
Sleep
SetThreadPriority
SetLastError
SetEvent
ResumeThread
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
OpenProcess
OpenMutexW
OpenMutexA
OpenFileMappingW
OpenFileMappingA
OpenEventW
VirtualAlloc
MapViewOfFile
LoadLibraryExA
LoadLibraryA
IsBadWritePtr
IsBadReadPtr
GetVersionExW
GetVersionExA
GetTickCount
GetThreadContext
GetSystemDirectoryW
GetSystemDirectoryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedExchange
FormatMessageA
DuplicateHandle
DeleteFileW
CreateThread
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GlobalAlloc
GlobalFree
GetFileSize
ReadFile
OutputDebugStringW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
SetEndOfFile
OutputDebugStringA
GetModuleFileNameW
lstrlenW
GetProcessHeap
HeapAlloc
GetLastError
HeapReAlloc
OpenEventA
HeapFree
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
InterlockedIncrement
InterlockedDecrement
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
FatalAppExitA
DebugBreak
MultiByteToWideChar
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
WriteConsoleW
GetFileType
SetConsoleCtrlHandler
LoadLibraryW
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
FlushFileBuffers
SetEnvironmentVariableA

user32

CloseDesktop
DispatchMessageA
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
TranslateMessage
MessageBoxA
GetKeyboardType
GetThreadDesktop

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
GetLengthSid
InitializeSecurityDescriptor
IsValidSid
LookupPrivilegeValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegSetValueExW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
LsaOpenPolicy
LsaAddAccountRights
LsaRemoveAccountRights
LookupAccountNameW
GetKernelObjectSecurity

oleaut32

SysReAllocStringLen
SysFreeString

shlwapi

PathAppendW
PathRemoveFileSpecW

Exports

Exports

SandBox

Sections

.text
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UNS.xml
Utility.pxt
.dll windows:5 windows x86 arch:x86

207c8836e25bd5df1d207e6572b1fd89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

litezip

ZipCreateFileW
ZipAddHandleW
ZipClose
ZipAddFileW

liteunzip

UnzipSetBaseDirW
UnzipClose
UnzipItemToFileW
UnzipGetItemW
UnzipOpenFileW

fltlib

FilterSendMessage
FilterUnload
FilterConnectCommunicationPort
FilterGetMessage
FilterReplyMessage
FilterLoad

rpcrt4

UuidFromStringW
UuidCreateSequential

kernel32

FindResourceExW
CreateFileW
CloseHandle
MultiByteToWideChar
GetFileSize
SetFilePointerEx
ReadFile
OutputDebugStringW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
SetFilePointer
WriteFile
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
GetLogicalDriveStringsW
GetDriveTypeW
RemoveDirectoryW
WideCharToMultiByte
CreateEventW
SetEvent
WaitForSingleObject
GetSystemTime
FindFirstVolumeW
FindVolumeClose
WaitForMultipleObjects
GetVolumeInformationW
FindNextVolumeW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
ResetEvent
ExpandEnvironmentStringsW
GetLongPathNameW
FindResourceW
CopyFileW
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
lstrcmpiW
GetEnvironmentVariableW
FileTimeToSystemTime
GetModuleHandleW
GetVersionExW
MoveFileW
OpenProcess
GlobalAlloc
GlobalFree
GetLocalTime
HeapAlloc
GetProcessHeap
HeapFree
lstrlenW
RaiseException
GetCurrentProcessId
GetTickCount
CreateDirectoryW
MoveFileExW
Sleep
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLCID
GetLocaleInfoA
LoadResource
LockResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetTempPathW
SystemTimeToFileTime
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
VirtualQuery
CompareStringW
SetEnvironmentVariableA
ResumeThread
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
SetHandleCount
GetTimeZoneInformation
ExitProcess
HeapCreate
TlsFree
IsValidCodePage
GetOEMCP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
GetStdHandle
LCMapStringW
RtlUnwind
GetCommandLineA
GetCPInfo
CreateThread
GetCurrentThreadId
ExitThread
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
GetCurrentProcess
ReadProcessMemory
SetLastError
GetCurrentThread
TerminateProcess
GetACP
VirtualAlloc
VirtualFree
GetFullPathNameW
GetFullPathNameA
CreateFileA
TlsGetValue
UnlockFile
LockFile
GetSystemTimeAsFileTime
TlsSetValue
GetFileAttributesA
FlushFileBuffers
LockFileEx
LoadLibraryA
GetVersionExA
TlsAlloc
GetTempPathA
AreFileApisANSI
DeleteFileA
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange

user32

wsprintfW

advapi32

SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
SetFileSecurityW
GetSecurityDescriptorControl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetFolderPathW
SHFileOperationW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoInitialize
CoInitializeEx

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathQuoteSpacesW
PathRemoveFileSpecW
StrToIntW
PathFindFileNameW
PathAddBackslashW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathFileExistsW
PathAppendW

Exports

Exports

GetExtensionFactory

Sections

.text
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
colors.xml
images/Main/bg.png
.png
images/Main/bg_logo.png
.png
images/Main/left_stretch.png
.png
images/Main/lower_left.png
.png
images/Main/lower_right.png
.png
images/Main/lower_stretch.png
.png
images/Main/nav_back.png
.png
images/Main/nav_bg.png
.png
images/Main/nav_forward.png
.png
images/Main/right_stretch.png
.png
images/Main/tabs/active_tab_left.png
.png
images/Main/tabs/active_tab_right.png
.png
images/Main/tabs/active_tab_stretch.png
.png
images/Main/tabs/tab_left.png
.png
images/Main/tabs/tab_right.png
.png
images/Main/tabs/tab_stretch.png
.png
images/Main/upper_left.png
.png
images/Main/upper_right.png
.png
images/Main/upper_stretch.png
.png
images/Start Anim/1.png
.png
images/Start Anim/10.png
.png
images/Start Anim/11.png
.png
images/Start Anim/12.png
.png
images/Start Anim/13.png
.png
images/Start Anim/14.png
.png
images/Start Anim/15.png
.png
images/Start Anim/16.png
.png
images/Start Anim/17.png
.png
images/Start Anim/18.png
.png
images/Start Anim/19.png
.png
images/Start Anim/2.png
.png
images/Start Anim/20.png
.png
images/Start Anim/21.png
.png
images/Start Anim/22.png
.png
images/Start Anim/23.png
.png
images/Start Anim/24.png
.png
images/Start Anim/25.png
.png
images/Start Anim/3.png
.png
images/Start Anim/4.png
.png
images/Start Anim/5.png
.png
images/Start Anim/6.png
.png
images/Start Anim/7.png
.png
images/Start Anim/8.png
.png
images/Start Anim/9.png
.png
images/buttons and headers/button.png
.png
images/buttons and headers/button_bho_mgr.png
.png
images/buttons and headers/button_defrag.png
.png
images/buttons and headers/button_defrag_schedule.png
.png
images/buttons and headers/button_driver.png
.png
images/buttons and headers/button_duplicate.png
.png
images/buttons and headers/button_extmgr.png
.png
images/buttons and headers/button_generalsettings.png
.png
images/buttons and headers/button_icons.png
.png
images/buttons and headers/button_ignore.png
.png
images/buttons and headers/button_optimize.png
.png
images/buttons and headers/button_over.png
.png
images/buttons and headers/button_privacy.png
.png
images/buttons and headers/button_process_mgr.png
.png
images/buttons and headers/button_registry.png
.png
images/buttons and headers/button_restore.png
.png
images/buttons and headers/button_scansettings.png
.png
images/buttons and headers/button_schedule.png
.png
images/buttons and headers/button_startup_mgr.png
.png
images/buttons and headers/header_about.png
.png
images/buttons and headers/header_bho.png
.png
images/buttons and headers/header_clean.png
.png
images/buttons and headers/header_defrag.png
.png
images/buttons and headers/header_disk.png
.png
images/buttons and headers/header_driver.png
.png
images/buttons and headers/header_duplicate.png
.png
images/buttons and headers/header_extmgr.png
.png
images/buttons and headers/header_optimize.png
.png
images/buttons and headers/header_privacy.png
.png
images/buttons and headers/header_process.png
.png
images/buttons and headers/header_processes.png
.png
images/buttons and headers/header_registry.png
.png
images/buttons and headers/header_restore.png
.png
images/buttons and headers/header_settings.png
.png
images/buttons and headers/header_startup.png
.png
images/buttons and headers/header_summary.png
.png
images/buttons and headers/settings_defrag_schedule.png
.png
images/buttons and headers/settings_general.png
.png
images/buttons and headers/settings_icons.png
.png
images/buttons and headers/settings_ignore.png
.png
images/buttons and headers/settings_privacy.png
.png
images/buttons and headers/settings_registry.png
.png
images/buttons and headers/settings_scan.png
.png
images/buttons and headers/settings_schedule.png
.png
images/buttons and headers/startbg.png
.png
images/buttons and headers/startbg_over.png
.png
images/buttons and headers/vdb.png
.png
images/defrag/c_frag.png
.png
images/defrag/c_unfrag.png
.png
images/defrag/c_unknown.png
.png
images/defrag/c_unmove.png
.png
images/detected_items.png
.png
images/email_logo.png
.png
images/general/close.png
.png
images/general/close_over.png
.png
images/general/collapse.png
.png
images/general/delete.png
.png
images/general/expand.png
.png
images/general/open.png
.png
images/general/progress_glow.png
.png
images/general/recycle.png
.png
images/general/x.png
.png
images/group/bho.png
.png
images/group/dup_audio.png
.png
images/group/dup_doc.png
.png
images/group/dup_image.png
.png
images/group/dup_other.png
.png
images/group/dup_video.png
.png
images/group/ig_drivers.png
.png
images/group/ig_proc.png
.png
images/group/ig_reg.png
.png
images/group/priv_3rd.png
.png
images/group/priv_browser.png
.png
images/group/priv_email.png
.png
images/group/priv_fs.png
.png
images/group/priv_im.png
.png
images/group/priv_multi.png
.png
images/group/priv_office.png
.png
images/group/priv_other.png
.png
images/group/priv_windows.png
.png
images/group/reg_apppath.png
.png
images/group/reg_com.png
.png
images/group/reg_dll.png
.png
images/group/reg_empty.png
.png
images/group/reg_extensions.png
.png
images/group/reg_filepath.png
.png
images/group/reg_font.png
.png
images/group/reg_help.png
.png
images/group/reg_shortcut.png
.png
images/group/reg_startup.png
.png
images/group/reg_uninstall.png
.png
images/group/startup.png
.png
images/home settings/button_outline.png
.png
images/home settings/no_1.png
.png
images/home settings/no_2.png
.png
images/home settings/no_3.png
.png
images/home settings/no_4.png
.png
images/home settings/no_5.png
.png
images/home settings/no_6.png
.png
images/info.jpg
.jpg
images/list/drivers/cd.png
.png
images/list/drivers/cpu.png
.png
images/list/drivers/disk.png
.png
images/list/drivers/display.png
.png
images/list/drivers/driver_outdated.png
.png
images/list/drivers/driver_uptodate.png
.png
images/list/drivers/floppy.png
.png
images/list/drivers/mouse_key.png
.png
images/list/drivers/other.png
.png
images/list/drivers/outdated.png
.png
images/list/drivers/power.png
.png
images/list/drivers/printer.png
.png
images/list/drivers/software.png
.png
images/list/drivers/system.png
.png
images/list/drivers/uptodate.png
.png
images/list/drivers/usb.png
.png
images/list/other.png
.png
images/list/process/bho.png
.png
images/list/process/process.png
.png
images/list/process/startup.png
.png
images/list/recommendations/rec_malware16.png
.png
images/list/recommendations/rec_malware24.png
.png
images/list/recommendations/rec_malware32.png
.png
images/list/recommendations/rec_system16.png
.png
images/list/recommendations/rec_system24.png
.png
images/list/recommendations/rec_system32.png
.png
images/list/recommendations/rec_unknown16.png
.png
images/list/recommendations/rec_unknown24.png
.png
images/list/recommendations/rec_unknown32.png
.png
images/list/recommendations/rec_unwanted16.png
.png
images/list/recommendations/rec_unwanted24.png
.png
images/list/recommendations/rec_unwanted32.png
.png
images/list/recommendations/rec_userapp16.png
.png
images/list/recommendations/rec_userapp24.png
.png
images/list/recommendations/rec_userapp32.png
.png
images/progress/add_check.png
.png
images/progress/add_error.png
.png
images/progress/add_unknown.png
.png
images/progress/scan.png
.png
images/progress/small_driver.png
.png
images/progress/small_md5.png
.png
images/progress/small_privacy.png
.png
images/progress/small_registry.png
.png
images/registration.png
.png
images/results page/drivers_green.png
.png
images/results page/drivers_red.png
.png
images/results page/drivers_yellow.png
.png
images/results page/malware_green.png
.png
images/results page/malware_red.png
.png
images/results page/privacy_green.png
.png
images/results page/privacy_red.png
.png
images/results page/processes_green.png
.png
images/results page/processes_red.png
.png
images/results page/registry_green.png
.png
images/results page/registry_red.png
.png
images/results page/startup_green.png
.png
images/results page/startup_red.png
.png
images/scanning/driver.png
.png
images/scanning/privacy.png
.png
images/scanning/process.png
.png
images/scanning/registry.png
.png
images/tab icons/nav-disk.png
.png
images/tab icons/nav-optimize.png
.png
images/tab icons/nav-scan.png
.png
images/tab icons/nav-settings.png
.png
images/tfn_email.png
.png
images/tfn_frame.png
.png
images/top nav icons/help_down.png
.png
images/top nav icons/help_normal.png
.png
images/top nav icons/help_over.png
.png
images/top nav icons/info_down.png
.png
images/top nav icons/info_normal.png
.png
images/top nav icons/info_over.png
.png
images/warning.jpg
.jpg
noapp.exe
.exe windows:5 windows x86 arch:x86

b06fde4fdcb21d6fc3859009b4d022d2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:2d:2f:c4:cd:22:9d:c9:ec:7b:f4:c2:cf:6e:97:b1:af:89:b6:96
Signer

Actual PE Digest

cd:2d:2f:c4:cd:22:9d:c9:ec:7b:f4:c2:cf:6e:97:b1:af:89:b6:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathAppendW
PathFindExtensionW
PathUnquoteSpacesW
PathStripPathW

kernel32

GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
RaiseException
Sleep
ExitProcess
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetFileAttributesW
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
lstrlenA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleA
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
CloseHandle
FreeResource
WritePrivateProfileStringW
InterlockedDecrement
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
WideCharToMultiByte
InterlockedExchange
lstrcmpW
FreeLibrary
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
GetModuleHandleW
GetProcAddress
lstrlenW
GetLongPathNameW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetModuleFileNameW
QueryPerformanceCounter

user32

DestroyMenu
UnregisterClassW
CharUpperW
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EnableWindow
LoadIconW
SendMessageW
IsIconic
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetSystemMetrics
GetClientRect
DrawIcon
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostMessageW
PostQuitMessage
UnhookWindowsHookEx
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongW
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow

gdi32

GetStockObject
DeleteDC
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteExW

comctl32

InitCommonControlsEx

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
privacy.db
settings.xml
sqlite3.dll
.dll windows:4 windows x86 arch:x86

cd4a5c39f36662a6a2f5167f71af9796

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:96:b8:70:a9:d8:9c:22:68:8f:a5:1f:78:8c:24:50:30:a5:cd:a5
Signer

Actual PE Digest

f7:96:b8:70:a9:d8:9c:22:68:8f:a5:1f:78:8c:24:50:30:a5:cd:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LockFile
LockFileEx
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

_iob
atof
atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memset
realloc
sprintf
strcat
strcmp
strcpy
strncmp
strncpy
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_data_count
sqlite3_db_handle
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_prepare
sqlite3_prepare16
sqlite3_progress_handler
sqlite3_reset
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_snprintf
sqlite3_step
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vmprintf

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 448B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2013 21:53

Not After

26-02-2015 21:53

Subject

CN=Paretologic Inc.,OU=Paretologic Inc.,O=Paretologic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:89:3c:b7:05:8a:4f:44:f0:b1:69:27:ba:b0:d6:36:ed:8b:4f:46
Signer

Actual PE Digest

34:89:3c:b7:05:8a:4f:44:f0:b1:69:27:ba:b0:d6:36:ed:8b:4f:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
whitelist.dat

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1Certificate

Extended Key Usages

Key Usages

63:d6:dc:c1:31:e0:f6:3e:ce:0a:37:8e:99:78:b5:f5:e8:51:c3:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.6MB

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 4KB - Virtual size: 3KB

f7a84048399bc4a2d1221cc8bdd7c96e

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 1024B - Virtual size: 595B

.data Size: 4KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 1KB

shared Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

f592726dded90c4d7e23cee7f8218bbc

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shlwapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:f9:94:5d:68:b6:df:dd:55:72:92:b6:3c:5a:30:15:e1
Certificate

63:d6:dc:c1:31:e0:f6:3e:ce:0a:37:8e:99:78:b5:f5:e8:51:c3:79
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.6MB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 1024B - Virtual size: 595B

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 1KB

shared
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 309KB - Virtual size: 309KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 181KB - Virtual size: 181KB

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 14KB - Virtual size: 27KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 144B

.reloc
Size: 512B - Virtual size: 480B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 5KB