71a7182fc4face8c7cd7c3f4078cc902

Sharing

Copy URL Twitter E-mail

General

Target

71a7182fc4face8c7cd7c3f4078cc902
Size

2.3MB
MD5

71a7182fc4face8c7cd7c3f4078cc902
SHA1

a2131db714d023074572c34ebe8b1b05d440d561
SHA256

21b3722d2f032733df6ae8d682c0b5108f17c242705d3fff9730c89a6a6df7f0
SHA512

157a6c89995de88dc2d197b14ad48d3a6dcdb818da2acc975a80cbaa9eac452c8bf0c8fe922a4b5657453a56765ce97befde00389eeabe170f551c0a0f917fa0
SSDEEP

49152:/WZKsGm6GS3PYnMZ/KYsmW+uqQSot/j6XPtZhAcl0OSE0:uZb6GCYost+Xicl0W0

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll

Files

71a7182fc4face8c7cd7c3f4078cc902
.exe windows:4 windows x86 arch:x86

e221f4f7d36469d53810a4b5f9fc8966

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:2e:b9:de:c0:85:d1:84:c7:09:a1:1e:ef:68:4b:51:8a:ff:b0:51
Signer

Actual PE Digest

64:2e:b9:de:c0:85:d1:84:c7:09:a1:1e:ef:68:4b:51:8a:ff:b0:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
SetFileAttributesW
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
GetCommandLineW
GetTempPathW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b233fd95d297fbba0563f3f6eae042e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
GetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
EnableMenuItem
DrawTextW
GetSystemMenu
MapWindowPoints
OpenClipboard

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

58da96f4c774d946620f1d9e7be93b20

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:83:fd:ff:6d:93:ed:d0:70:9f:a8:c5:35:f9:04:ba:64:50:ae:33
Signer

Actual PE Digest

b9:83:fd:ff:6d:93:ed:d0:70:9f:a8:c5:35:f9:04:ba:64:50:ae:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpSendRequestW
HttpQueryInfoW
HttpSendRequestExW
InternetReadFile
InternetQueryOptionW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetSetFilePointer
InternetSetOptionW
InternetWriteFile
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpAddRequestHeadersW
HttpOpenRequestW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW

comctl32

ord17

uxtheme

SetWindowTheme

crypt32

CryptStringToBinaryW

kernel32

lstrcmpW
lstrcmpiW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
ReadFile
WriteFile
GetLastError
LoadLibraryW
GetProcAddress
CreateFileW
GetFileSize
lstrcatW
GetTickCount
SetFilePointer
SleepEx
CloseHandle
DeleteFileW
MulDiv
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
CreateThread
TerminateThread
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
LocalAlloc
LocalFree
HeapReAlloc
Sleep
InterlockedCompareExchange
CreateFileA
GetModuleFileNameW
lstrlenA
lstrlenW
GetModuleHandleW
GetSystemTime
FileTimeToSystemTime
CreateProcessW
GetCurrentProcessId
FreeLibrary
OutputDebugStringW
GetVersionExW
LoadLibraryA
GetCommandLineW
UnmapViewOfFile
DuplicateHandle
CreateFileMappingW
MapViewOfFile
GetExitCodeThread
OpenProcess
CopyFileW
GetExitCodeProcess
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
GetStringTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedPopEntrySList
TlsGetValue
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
TlsFree
HeapCreate
HeapDestroy
SetHandleCount
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
lstrcpynW
GlobalFree
lstrcpyW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlUnwind
GetConsoleCP
GetConsoleMode
LCMapStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetUserDefaultLangID
TlsSetValue

user32

ScreenToClient
ReleaseDC
GetDC
GetPropW
SetCursor
RemovePropW
DrawFocusRect
DrawTextW
SetPropW
MapWindowPoints
MapDialogRect
CharPrevW
CharLowerW
CreateWindowExW
UnregisterClassA
LoadCursorW
GetClassInfoExW
RegisterClassExW
DispatchMessageW
TranslateMessage
wsprintfA
GetClassNameW
EnumWindows
SetForegroundWindow
wvsprintfW
IsDialogMessageW
GetMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
PostQuitMessage
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
LoadIconW
GetWindowThreadProcessId
MsgWaitForMultipleObjects
CallWindowProcW
PeekMessageW
SetDlgItemTextW
FindWindowExW
DestroyWindow
KillTimer
RedrawWindow
SetWindowLongW
GetWindowLongW
SetTimer
SendDlgItemMessageW
SetWindowPos
GetWindowRect
GetClientRect
InvalidateRect
SetWindowTextW
GetWindowTextW
GetDlgItem
IsWindow
GetParent
MessageBoxW
ShowWindow
PostMessageW
CharNextW
SendMessageW
wsprintfW
UpdateWindow
DefWindowProcW

gdi32

GetObjectW
DeleteDC
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
SetTextColor
SetBkMode
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegOpenKeyExW
EqualSid
GetTokenInformation
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountNameW
RegQueryValueExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoTaskMemFree

oleaut32

VariantInit
VariantClear
SysAllocString

shlwapi

StrChrW
PathRemoveFileSpecW
StrRChrW
PathFindFileNameW

Exports

Exports

AddProgress
BringNewWindowsForeground
Create
CreateControl
CreateItem
CreateTimer
DiscardCreation
ExecCodeSegment
GetCoidFromCommandLine
GetConfigurationRequestUrlParameters
GetExeDateStamp
GetGuidFromCommandLine
GetInstallingUser
GetTokenIntegrityLevel
GetToolbarId
GetUserData
HookInstFiles
InitUAC
IsAdmin
IsInnerInstance
IsUACOn
JsonDelete
JsonGet
JsonSerialize
JsonSet
KillTimer
Launch
LoadImage
MarqueeOff
MarqueeOn
OnBack
OnChange
OnClick
OnNotify
PositionAfter
RegWebEvents
RestartIEUser
SelectFileDialog
SelectFolderDialog
SetProgress
SetProgressColors
SetRTL
SetUserData
Show
SizeForText
TakeWindowSnapshot
Trace
UnhookInstFiles
WaitForWindowsShutdown
WriteFileUnicode
arrClear
arrGet
arrIterate
arrJoin
arrLength
arrRemove
arrRemoveList
arrSet
arrSetList
arrSort
arrSplit
inetGet
inetHead
inetPost
inetPut
initQueue
queueInetGet
queueInetGetFree
queueInetGetProgress
queueInetGetShowProgress

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65Plugin.dll
.dll windows:5 windows x86 arch:x86

8d91cde3faa3363d06a9b2810f8c63f6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:4e:62:21:b9:5c:64:50:23:1c:43:7a:85:29:54:f2:fc:25:dc:a3
Signer

Actual PE Digest

87:4e:62:21:b9:5c:64:50:23:1c:43:7a:85:29:54:f2:fc:25:dc:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

NetApiBufferFree
NetUserEnum
NetWkstaUserGetInfo

kernel32

GetModuleFileNameA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
lstrcpynA
lstrcmpiA
SetLastError
CreateFileA
GetLastError
WriteFile
CloseHandle
FindFirstFileA
lstrcmpA
CreateDirectoryA
FindNextFileA
FindClose
WideCharToMultiByte
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
GetFileSize
SetFilePointer
GetShortPathNameA
MultiByteToWideChar
FlushFileBuffers
LoadLibraryExA
GetDriveTypeA
GetCurrentProcess
ReadFile
GetWindowsDirectoryA
MoveFileA
GetConsoleCP
HeapReAlloc
LoadLibraryW
RaiseException
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
FindResourceA
LockResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcatA
lstrcpyA
CopyFileA
GetProcAddress
GetModuleHandleA
CreateFileW
lstrlenA
lstrlenW
GetConsoleMode
SetStdHandle
WriteConsoleW
HeapSize
Sleep
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetCurrentThreadId
DecodePointer
EncodePointer
HeapFree
HeapAlloc

user32

wsprintfA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit

rpcrt4

UuidFromStringW
UuidFromStringA

Exports

Exports

UUEX

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65SrcAs.dll
.dll regsvr32 windows:5 windows x86 arch:x86

f359e61c7b714b5dbaa221eddf7f9633

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:1e:e9:2e:89:50:ef:4b:35:d6:24:ee:e4:6e:da:cc:29:30:06:4b
Signer

Actual PE Digest

71:1e:e9:2e:89:50:ef:4b:35:d6:24:ee:e4:6e:da:cc:29:30:06:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAStartup

kernel32

SetLastError
RaiseException
VirtualQuery
VirtualProtect
VerSetConditionMask
VerifyVersionInfoW
lstrcatA
MultiByteToWideChar
GetCommandLineA
CallNamedPipeA
GetLastError
GetModuleHandleW
SizeofResource
lstrcmpiA
IsDBCSLeadByte
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrcpyW
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
CreateEventA
FreeLibrary
DisableThreadLibraryCalls
GetSystemDirectoryA
LoadLibraryA
GetNativeSystemInfo
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LocalFree
FlushInstructionCache
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
LCMapStringW
GetStringTypeW
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapReAlloc
ExitProcess
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemInfo
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
FlushFileBuffers
GetCurrentProcess
GetCurrentThreadId
lstrcmpA
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
lstrcpyA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
lstrlenA
SetStdHandle
WriteConsoleW
CreateFileW
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

PostMessageA
DefWindowProcW
DestroyWindow
IsWindow
PeekMessageA
GetClassNameA
RegisterClassExA
GetClassInfoExA
LoadCursorA
CallWindowProcA
GetWindowThreadProcessId
EnumWindows
SetWindowLongA
GetKeyboardType
UnregisterClassA
MapWindowPoints
FindWindowExA
IsWindowUnicode
SetWindowsHookExA
UnhookWindowsHookEx
SendMessageA
GetWindowTextW
CallNextHookEx
GetFocus
SetFocus
SetWindowTextA
GetKeyState
SetWindowTextW
RemovePropA
SetPropA
GetPropA
RegisterWindowMessageA
GetParent
GetWindow
CharNextA
wsprintfA
SetWindowLongW
GetWindowLongA
GetWindowLongW
CreateWindowExA
DefWindowProcA
CallWindowProcW

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemFree
CLSIDFromString
CoInitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantChangeTypeEx
VariantInit

shlwapi

SHRegOpenUSKeyA
SHRegDeleteUSValueA
SHRegCreateUSKeyA
SHRegWriteUSValueA
PathAppendA
SHRegQueryUSValueA
SHRegCloseUSKey

rpcrt4

UuidFromStringW
UuidFromStringA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ProcessesToInject
SetupForInjectedProcessOnFocus

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65bar.dll
.dll regsvr32 windows:5 windows x86 arch:x86

f0c6d28cea2b82987be20b4f1709680e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:0b:98:37:6c:3e:eb:64:2f:f8:9d:37:b7:1f:9b:40:dc:9d:66:15
Signer

Actual PE Digest

8a:0b:98:37:6c:3e:eb:64:2f:f8:9d:37:b7:1f:9b:40:dc:9d:66:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17

crypt32

CryptVerifyMessageSignature
CertFreeCertificateContext
CryptMsgClose
CertNameToStrA
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertCloseStore
CertGetNameStringW
CertFindCertificateInStore
CryptQueryObject

wintrust

WinVerifyTrust

oleacc

AccessibleObjectFromEvent
AccessibleChildren
AccessibleObjectFromWindow
WindowFromAccessibleObject

kernel32

GetNativeSystemInfo
WaitForMultipleObjects
GetDriveTypeA
GetWindowsDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetThreadPriority
ResumeThread
lstrcatA
SetCurrentDirectoryA
GetModuleHandleExW
GetPrivateProfileSectionW
InitializeSListHead
GetThreadTimes
FindFirstFileA
FindNextFileA
SetFileAttributesA
FindClose
RemoveDirectoryA
FindResourceW
LoadLibraryExW
CreateDirectoryW
GetFileAttributesW
SwitchToThread
OutputDebugStringW
OutputDebugStringA
WaitForMultipleObjectsEx
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStartupInfoW
GetFileType
SetHandleCount
GetStringTypeW
HeapReAlloc
HeapDestroy
HeapCreate
RtlUnwind
GetStdHandle
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitThread
GetSystemInfo
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
CreateSemaphoreA
ReleaseSemaphore
SetEndOfFile
GetFileSizeEx
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
SizeofResource
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
CallNamedPipeA
GetModuleHandleA
MultiByteToWideChar
lstrlenW
lstrlenA
EnterCriticalSection
GetModuleFileNameA
lstrcpyA
LoadLibraryExA
LeaveCriticalSection
GetProcAddress
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
LockResource
LoadResource
FindResourceA
lstrcmpiA
CreateEventA
CloseHandle
ResetEvent
WaitForSingleObject
lstrcmpA
lstrcpynA
SetEvent
WideCharToMultiByte
GetShortPathNameA
SetLastError
IsDBCSLeadByte
RaiseException
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
VirtualQuery
VirtualProtect
GetModuleFileNameW
TerminateThread
GlobalLock
GlobalUnlock
CreateMutexA
ReleaseMutex
LoadLibraryA
GetCurrentProcessId
GetTickCount
GetExitCodeProcess
CreateFileA
GetFileSize
CompareStringA
CompareFileTime
SystemTimeToFileTime
GetThreadLocale
MulDiv
FindResourceExA
Sleep
GetUserDefaultLangID
GetCommandLineA
GetCurrentDirectoryA
CreateDirectoryA
GetVersionExA
GetSystemTimeAsFileTime
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileIntA
FileTimeToSystemTime
SetFilePointer
FlushFileBuffers
lstrcpynW
MoveFileA
DeleteFileA
GetLocalTime
CopyFileA
CreateThread
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
LocalFree
GetSystemDirectoryA
lstrcatW
lstrcpyW
lstrcmpiW
GetFileAttributesA
GetPrivateProfileStringA
GlobalFree
GlobalAlloc
CreateProcessA
WriteFile
ReadFile
GetLastError

user32

DestroyWindow
PostMessageA
PostThreadMessageA
PeekMessageA
SetWinEventHook
GetMessageA
TranslateMessage
DispatchMessageA
WindowFromPoint
DefWindowProcW
RegisterClassExA
GetClassInfoExA
LoadCursorA
CallWindowProcA
CallWindowProcW
IsWindow
CharNextA
wsprintfA
DefWindowProcA
CreateWindowExA
ScreenToClient
GetWindowLongA
DispatchMessageW
CallMsgFilterW
AdjustWindowRectEx
FindWindowA
SubtractRect
SendMessageTimeoutA
CreateCaret
ShowCaret
DestroyCaret
GetClassLongA
SetCursor
GetCaretPos
GetGUIThreadInfo
SetCaretPos
CreateIcon
GetIconInfo
DrawIconEx
TrackPopupMenuEx
DrawEdge
DrawTextW
CreateWindowExW
AppendMenuW
GetWindowThreadProcessId
WindowFromDC
GetClassNameA
IsWindowVisible
GetCursorPos
GetActiveWindow
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetUpdateRgn
GetMessagePos
GetMessageTime
ClientToScreen
SendMessageW
GetAsyncKeyState
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetWindowLongW
ValidateRect
UnhookWinEvent
GetKeyboardType
MsgWaitForMultipleObjectsEx
SetWindowLongW
KillTimer
PostQuitMessage
SetTimer
CopyImage
OpenClipboard
RegisterClipboardFormatA
CloseClipboard
GetWindowRect
IsRectEmpty
SendMessageA
MapWindowPoints
SetPropA
RemovePropA
ShowWindow
MoveWindow
InvalidateRect
GetParent
UnregisterClassA
CreateIconIndirect
SetWindowLongA
EnumWindows
BeginPaint
EndPaint
UpdateWindow
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetSysColor
DestroyIcon
SetWindowPos
wsprintfW
IsMenu
DestroyMenu
EnumChildWindows
GetPropA
ReplyMessage
CreatePopupMenu
SetMenuItemInfoA
EnableMenuItem
GetMenuItemInfoA
CheckMenuItem
HideCaret
LoadImageA
SetWindowTextA
GetWindowTextLengthA
SetRectEmpty
DrawTextA
FillRect
GetDesktopWindow
GetWindowDC
InflateRect
SetRect
CopyRect
SystemParametersInfoA
AllowSetForegroundWindow
PeekMessageW
SetClipboardData
EmptyClipboard
GetDC
ReleaseDC
IsWindowUnicode
GetWindow
SetFocus
IntersectRect
EqualRect
UnionRect
PtInRect
IsChild
GetFocus
MessageBoxA
LoadStringA
MessageBoxW
GetClientRect
SetWindowRgn
OffsetRect
SetForegroundWindow
GetKeyState

gdi32

BeginPath
GetPixel
CreateBitmap
GetTextExtentPoint32W
GetTextExtentExPointW
DPtoLP
GetMapMode
SelectClipRgn
SetPixel
GetBkColor
SelectClipPath
EndPath
CloseFigure
GetTextExtentPoint32A
OffsetRgn
RectInRegion
GetBitmapBits
SetMapMode
SetBkMode
LineTo
MoveToEx
UpdateColors
RealizePalette
SelectPalette
CreatePalette
CreateRectRgn
BitBlt
CreateCompatibleBitmap
GetDIBits
GetObjectType
SetTextColor
GetTextColor
CreateDIBSection
GetObjectA
SetDIBColorTable
GetTextMetricsA
CreateCompatibleDC
GetDIBColorTable
StretchBlt
DeleteDC
RoundRect
GetStockObject
SelectObject
CreateRoundRectRgn
CreateFontIndirectA
CreatePen
CreateSolidBrush
GetDeviceCaps
CreateRectRgnIndirect
SetTextAlign
TextOutA
ExtTextOutA
SetBkColor
SetWindowOrgEx
OffsetWindowOrgEx
GetRgnBox
DeleteObject

advapi32

GetSidSubAuthorityCount
OpenSCManagerA
GetSidSubAuthority
GetTokenInformation
RegEnumValueA
RegQueryValueExW
RegFlushKey
RegQueryInfoKeyA
RegQueryValueExA
CreateProcessAsUserA
GetLengthSid
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
RegEnumKeyA

ole32

CoReleaseMarshalData
OleSetClipboard
CoGetCurrentLogicalThreadId
CoWaitForMultipleHandles
CoUnmarshalInterface
CoMarshalInterface
CoCreateGuid
CoGetInterfaceAndReleaseStream
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoSetProxyBlanket
CoInitializeEx
StringFromGUID2
CreateStreamOnHGlobal
CoFreeUnusedLibraries
GetHGlobalFromStream
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
OleFlushClipboard

oleaut32

VarBstrCmp
VariantChangeType
VarBstrCat
UnRegisterTypeLi
RegisterTypeLi
CreateStdDispatch
CreateDispTypeInfo
OleLoadPicture
VariantChangeTypeEx
VariantCopy
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
VariantClear
SysAllocString
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen

shlwapi

SHRegEnumUSValueA
SHRegQueryUSValueA
PathRemoveFileSpecA
SHDeleteValueA
SHRegDeleteUSValueA
SHRegOpenUSKeyA
SHDeleteKeyA
SHRegWriteUSValueA
SHRegCloseUSKey
SHRegCreateUSKeyA
ord176
StrStrIA
PathCombineA
PathFindFileNameA
PathIsRootA
PathAppendA
SHRegEnumUSKeyA
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW

rpcrt4

UuidFromStringW
UuidFromStringA

gdiplus

GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipDisposeImage
GdipFree
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdiplusStartup
GdipAlloc

msimg32

TransparentBlt
AlphaBlend

wininet

InternetCrackUrlW
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW

version

GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW

ws2_32

WSAAsyncGetHostByName
WSAStartup
WSACleanup
WSACancelAsyncRequest

userenv

UnloadUserProfile

Exports

Exports

B
C
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
E
H
L
O
P
R
S
T
U
Update
X

Sections

.text
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t8Shared
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t8_Share
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65barsvc.exe
.exe windows:5 windows x86 arch:x86

8ef1839b1d0a4926df9acea79827a4c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:62:8f:5f:81:d6:3f:22:e7:d0:33:12:65:30:4f:7b:63:80:9c:35
Signer

Actual PE Digest

8c:62:8f:5f:81:d6:3f:22:e7:d0:33:12:65:30:4f:7b:63:80:9c:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
CreateDirectoryA
CopyFileA
DeleteFileA
MoveFileA
GetLocalTime
_lopen
_lcreat
_llseek
_lwrite
_lclose
WaitForMultipleObjects
VerifyVersionInfoW
VerSetConditionMask
CreateEventA
CreateNamedPipeA
GetCurrentThread
GetModuleHandleW
ResetEvent
SetLastError
ConnectNamedPipe
ReadFile
GetOverlappedResult
WriteFile
DisconnectNamedPipe
SetEvent
ExpandEnvironmentStringsA
FreeResource
LoadLibraryA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
LocalFree
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
Sleep
lstrcmpiA
GetModuleFileNameA
LoadLibraryExA
LocalAlloc
GetCommandLineA
lstrcpyA
lstrlenA
lstrcpynA
CloseHandle
WaitForSingleObject
GetLastError
CreateProcessA
GetProcAddress
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
EncodePointer
DecodePointer
ExitThread
CreateThread
HeapAlloc
HeapFree
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
RtlUnwind
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LoadLibraryW
GetStringTypeW
RaiseException
SetFilePointer
GetConsoleCP

user32

wsprintfA

advapi32

RegCreateKeyExA
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegSetValueExA
RevertToSelf
DuplicateTokenEx
OpenThreadToken
ImpersonateNamedPipeClient
DeleteService
ControlService
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
CreateServiceA
OpenSCManagerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

shlwapi

SHDeleteValueA
SHDeleteKeyA

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65bprtct.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c6f95000cca5f890206ec2b918a66235

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:a1:da:81:97:71:fe:4c:1a:d0:65:97:67:d7:49:95:49:17:20:1c
Signer

Actual PE Digest

99:a1:da:81:97:71:fe:4c:1a:d0:65:97:67:d7:49:95:49:17:20:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptQueryObject

kernel32

LoadLibraryExA
lstrcpyA
lstrlenW
GetModuleFileNameW
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
VerSetConditionMask
VerifyVersionInfoW
FreeLibrary
lstrcmpiA
IsDBCSLeadByte
SizeofResource
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetModuleHandleW
CallNamedPipeA
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
FindResourceA
WriteFile
SetLastError
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
RtlUnwind
GetTickCount
WideCharToMultiByte
GetLastError
MultiByteToWideChar
CloseHandle
CreateProcessA
lstrcatA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
lstrcmpiW
lstrlenA
LoadLibraryW
Sleep
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
DecodePointer
EncodePointer
HeapAlloc
HeapFree

user32

wsprintfA
CharNextA
wsprintfW

advapi32

CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegFlushKey
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey

ole32

StringFromGUID2
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysStringLen
RegisterTypeLi
SysFreeString
SysAllocStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
VariantCopy
UnRegisterTypeLi
VarUI4FromStr
SysAllocString
VarBstrCmp

shlwapi

PathUnquoteSpacesA
SHRegCloseUSKey
SHRegQueryUSValueA
SHDeleteValueA
SHRegOpenUSKeyA

rpcrt4

UuidFromStringW
UuidFromStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SetBlockStatus

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65datact.dll
.dll regsvr32 windows:5 windows x86 arch:x86

9a97396e6a71fa43b528d317c2438d48

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:72:d9:e9:e4:04:ef:30:f3:e4:08:01:c0:e7:a5:9f:7b:0f:59:ca
Signer

Actual PE Digest

54:72:d9:e9:e4:04:ef:30:f3:e4:08:01:c0:e7:a5:9f:7b:0f:59:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
IsDBCSLeadByte
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
GetModuleFileNameW
GetTickCount
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
MulDiv
lstrcpynA
LoadLibraryA
GetNativeSystemInfo
GetDriveTypeA
GetFileAttributesA
CreateFileA
GetFileSize
ReadFile
SetFileAttributesA
WriteFile
DeleteFileA
LocalFree
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SizeofResource
GetConsoleMode
GetConsoleCP
LoadLibraryW
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
RtlUnwind
HeapDestroy
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapReAlloc
ExitProcess
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemInfo
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
WideCharToMultiByte
GetCommandLineA
MultiByteToWideChar
FlushFileBuffers
lstrcatA
GetLastError
CreateDirectoryA
GetShortPathNameA
VerifyVersionInfoW
VerSetConditionMask
VirtualProtect
VirtualQuery
RaiseException
SetLastError
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrcmpA
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
lstrcpyA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
lstrlenA
SetStdHandle
WriteConsoleW
CreateFileW
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

SetWindowLongA
RegisterClassExA
DestroyWindow
DefWindowProcW
PostMessageA
IsWindow
PeekMessageA
GetClassNameA
GetWindowThreadProcessId
EnumWindows
GetClassInfoExA
GetKeyboardType
UnregisterClassA
ShowWindow
SetFocus
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
InvalidateRect
IsChild
GetFocus
BeginPaint
GetClientRect
GetDC
ReleaseDC
EndPaint
wsprintfA
CharNextA
SetWindowLongW
GetWindowLongA
GetWindowLongW
CreateWindowExA
DefWindowProcA
CallWindowProcW
CallWindowProcA
LoadCursorA

gdi32

CreateRectRgnIndirect
CreateDCA
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
GetDeviceCaps
SetTextAlign
TextOutA
DeleteDC
RestoreDC
SetViewportOrgEx

advapi32

CryptDecrypt
CryptEncrypt
CryptDeriveKey
RegQueryInfoKeyA
GetUserNameA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

OleRegEnumVerbs
StringFromGUID2
CoCreateInstance
OleRegGetUserType
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateStreamOnHGlobal

oleaut32

RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
VariantChangeType
OleCreatePropertyFrame
SysFreeString
VarUI4FromStr
SysStringLen
UnRegisterTypeLi

shlwapi

SHRegOpenUSKeyA
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegCreateUSKeyA
SHRegWriteUSValueA
PathAppendA
SHRegQueryUSValueA

rpcrt4

UuidFromStringA
UuidFromStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65dlghk.dll
.dll regsvr32 windows:5 windows x86 arch:x86

4dbeced04a1b2beb960beed4f7881b3e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:97:4d:ad:5c:0b:a9:39:fb:78:f3:a8:56:00:fc:a5:e6:5a:36:45
Signer

Actual PE Digest

80:97:4d:ad:5c:0b:a9:39:fb:78:f3:a8:56:00:fc:a5:e6:5a:36:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

kernel32

LeaveCriticalSection
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
LoadLibraryA
FreeLibrary
WideCharToMultiByte
GetVersionExA
GetUserDefaultLangID
DeleteCriticalSection
GetLastError
SizeofResource
lstrcmpiA
IsDBCSLeadByte
RaiseException
CreateEventA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetCurrentProcessId
CreateProcessA
GetTickCount
SetEvent
GetModuleHandleW
SetLastError
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
lstrcpynA
GetNativeSystemInfo
GetCurrentProcess
EnterCriticalSection
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LocalFree
IsBadReadPtr
VirtualQuery
VirtualProtect
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
RtlUnwind
HeapReAlloc
TlsFree
TlsSetValue
InitializeCriticalSection
MultiByteToWideChar
lstrcatA
lstrcpyA
GetProcAddress
GetModuleHandleA
lstrlenW
lstrlenA
VerifyVersionInfoW
VerSetConditionMask
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileW
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapDestroy
HeapCreate
GetStdHandle
ExitProcess
HeapSize
Sleep
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetCurrentThreadId
GetSystemInfo
VirtualAlloc
HeapFree
HeapAlloc
DecodePointer
EncodePointer

user32

PeekMessageW
PostMessageA
SetForegroundWindow
GetWindow
wsprintfA
wvsprintfA
CharNextA
EnumChildWindows
EnumWindows
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
RegisterWindowMessageA
GetKeyboardType
DialogBoxParamW
DispatchMessageA
TranslateMessage
ShowWindow
GetDlgItem
MsgWaitForMultipleObjects
FindWindowExA
IsWindow

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize

oleaut32

LoadTypeLi
RegisterTypeLi
VariantInit
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString
SysStringLen
LoadRegTypeLi
UnRegisterTypeLi

shlwapi

SHRegOpenUSKeyA
SHRegQueryUSValueA
PathAppendA
StrStrIA
SHRegCloseUSKey

rpcrt4

UuidFromStringA
UuidFromStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ProcessesToInject
SetupForInjectedProcess

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65dlghk64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

1d378d8bcdc538f044203f7084ea8e77

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:c2:d8:8a:e2:0b:78:21:db:08:76:03:ab:8c:07:14:8c:b0:d3:5e
Signer

Actual PE Digest

84:c2:d8:8a:e2:0b:78:21:db:08:76:03:ab:8c:07:14:8c:b0:d3:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

kernel32

LeaveCriticalSection
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
LoadLibraryA
FreeLibrary
WideCharToMultiByte
GetVersionExA
GetUserDefaultLangID
DeleteCriticalSection
GetLastError
SizeofResource
lstrcmpiA
IsDBCSLeadByte
RaiseException
CreateEventA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetCurrentProcessId
CreateProcessA
GetTickCount
SetEvent
GetModuleHandleW
SetLastError
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
lstrcpynA
GetNativeSystemInfo
GetCurrentProcess
EnterCriticalSection
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LocalFree
IsBadReadPtr
VirtualQuery
VirtualProtect
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
RtlPcToFileHeader
HeapReAlloc
FlsAlloc
FlsFree
FlsGetValue
InitializeCriticalSection
MultiByteToWideChar
lstrcatA
lstrcpyA
GetProcAddress
GetModuleHandleA
lstrlenW
lstrlenA
VerifyVersionInfoW
VerSetConditionMask
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetStdHandle
RtlUnwindEx
ExitProcess
HeapSize
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
HeapFree
HeapAlloc
DecodePointer
EncodePointer

user32

PeekMessageW
PostMessageA
SetForegroundWindow
GetWindow
wsprintfA
wvsprintfA
CharNextA
EnumChildWindows
EnumWindows
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
RegisterWindowMessageA
GetKeyboardType
DialogBoxParamW
DispatchMessageA
TranslateMessage
ShowWindow
GetDlgItem
MsgWaitForMultipleObjects
FindWindowExA
IsWindow

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize

oleaut32

LoadRegTypeLi
RegisterTypeLi
VariantInit
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString
SysStringLen
LoadTypeLi
UnRegisterTypeLi

shlwapi

SHRegCloseUSKey
SHRegOpenUSKeyA
SHRegQueryUSValueA
PathAppendA
StrStrIA

rpcrt4

UuidFromStringW
UuidFromStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ProcessesToInject
SetupForInjectedProcess

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65feedmg.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c8920b880faf8fc856359fecb2e6b303

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:ba:0a:a3:39:4a:9c:37:41:e3:0f:cf:4b:37:f2:c1:af:ed:0d:da
Signer

Actual PE Digest

29:ba:0a:a3:39:4a:9c:37:41:e3:0f:cf:4b:37:f2:c1:af:ed:0d:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
DeleteFileA
SetLastError
GetLastError
lstrcpynA
lstrcmpiA
WritePrivateProfileSectionA
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
lstrlenW
GetModuleHandleA
GetCurrentProcessId
lstrcmpA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
RaiseException
VirtualQuery
VirtualProtect
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetSystemDirectoryA
MultiByteToWideChar
GetCommandLineA
WideCharToMultiByte
SizeofResource
IsDBCSLeadByte
GetModuleFileNameW
FreeLibrary
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
lstrcmpiW
GetLocalTime
SystemTimeToFileTime
CompareFileTime
CreateFileA
WriteFile
FlushFileBuffers
CreateMutexA
ResetEvent
SetThreadPriority
ResumeThread
WaitForMultipleObjects
ReleaseMutex
CreateFileMappingA
WaitForSingleObject
MapViewOfFile
WritePrivateProfileStringA
LoadLibraryA
GetNativeSystemInfo
GetDriveTypeA
GetFileAttributesA
GetFileSize
ReadFile
LocalFree
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
HeapReAlloc
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
ExitProcess
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetSystemInfo
DecodePointer
EncodePointer
GetPrivateProfileStringA
SetEvent
GetPrivateProfileIntA
lstrcatA
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
CreateEventA
lstrlenA
VerifyVersionInfoW
VerSetConditionMask
GetConsoleMode
SetStdHandle
WriteConsoleW
UnmapViewOfFile
CreateFileW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
GetConsoleCP
SetFilePointer
LoadLibraryW
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

UnregisterClassA
GetKeyboardType
SetTimer
KillTimer
CharNextA
SetWindowLongW
GetWindowLongA
GetWindowLongW
CreateWindowExA
DefWindowProcA
CallWindowProcW
CallWindowProcA
LoadCursorA
GetClassInfoExA
RegisterClassExA
SetWindowLongA
DestroyWindow
DefWindowProcW
PostMessageA
IsWindow
PeekMessageA
GetClassNameA
GetWindowThreadProcessId
EnumWindows
wsprintfA
MessageBoxA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoCreateInstance
CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SysStringByteLen
SysAllocStringLen
VariantInit
VariantClear
VariantChangeTypeEx
SysStringLen
LoadRegTypeLi
SysFreeString

shlwapi

SHRegQueryUSValueA
SHRegWriteUSValueA
SHRegCreateUSKeyA
SHRegDeleteUSValueA
SHRegCloseUSKey
SHRegOpenUSKeyA
PathAppendA

rpcrt4

UuidFromStringA
UuidFromStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65highin.exe
.exe windows:5 windows x86 arch:x86

8a1c698713a9053d783b64df09fb1411

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:7c:81:2b:95:1b:e6:7c:cb:e8:55:57:a0:92:89:0b:ff:d1:68:c4
Signer

Actual PE Digest

ad:7c:81:2b:95:1b:e6:7c:cb:e8:55:57:a0:92:89:0b:ff:d1:68:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA
PathFindFileNameA

kernel32

GetLastError
ExitProcess
FreeLibrary
GetCommandLineA
GetModuleFileNameA
LoadLibraryExA
GetProcAddress
GetStartupInfoW
GetModuleHandleA

Sections

.text
Size: 1024B - Virtual size: 731B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65htmlmu.dll
.dll regsvr32 windows:5 windows x86 arch:x86

40e407453d9a810d922017091bd5aeae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:5f:11:26:46:45:20:87:8b:1d:9f:42:d8:f4:9a:e7:43:88:bc:60
Signer

Actual PE Digest

37:5f:11:26:46:45:20:87:8b:1d:9f:42:d8:f4:9a:e7:43:88:bc:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

SetLastError
GetLastError
GetProcAddress
GetModuleHandleW
ReleaseMutex
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
lstrcmpA
GetModuleHandleA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetSystemDirectoryA
WideCharToMultiByte
CallNamedPipeA
FreeLibrary
MultiByteToWideChar
CompareStringA
GetFileSize
GetCurrentThreadId
GetSystemTimeAsFileTime
SizeofResource
CreateFileMappingA
GetCurrentProcess
MapViewOfFile
UnmapViewOfFile
LocalFree
LoadLibraryA
GetNativeSystemInfo
GetFileAttributesA
CreateFileA
ReadFile
WriteFile
MoveFileA
GetFileTime
SetFileTime
CreateMutexA
GetTempPathA
GetTempFileNameA
SetThreadPriority
GetCurrentThread
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LCMapStringW
RtlUnwind
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapSize
Sleep
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
HeapFree
HeapAlloc
GetCommandLineA
DecodePointer
EncodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeW
HeapReAlloc
DeleteCriticalSection
lstrlenW
LoadLibraryExA
GetStartupInfoW
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcessId
lstrcpynA
CloseHandle
CreateProcessA
GetModuleFileNameA
CopyFileA
OpenFile
GetTickCount
lstrlenA
DeleteFileA
SetFileAttributesA
lstrcatA
lstrcpyA
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
RaiseException

user32

EnableMenuItem
KillTimer
GetParent
GetForegroundWindow
InflateRect
GetSystemMetrics
GetWindowRect
GetClientRect
SetTimer
GetCursorPos
PtInRect
GetWindow
SetRect
GetFocus
IntersectRect
MapWindowPoints
EqualRect
GetWindowThreadProcessId
GetDC
ReleaseDC
IsRectEmpty
CopyRect
GetClassNameA
GetKeyboardType
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
AppendMenuW
ModifyMenuW
GetMessageA
GetSystemMenu
BringWindowToTop
ShowWindow
SetFocus
SetActiveWindow
EnableWindow
IsWindowVisible
TrackPopupMenuEx
ReleaseCapture
RemoveMenu
CreatePopupMenu
DestroyMenu
GetMenuItemCount
AppendMenuA
ModifyMenuA
EnumChildWindows
EndPaint
BeginPaint
GetUpdateRect
SendMessageA
PostMessageA
DestroyWindow
UnregisterClassA
CreateWindowExA
RegisterClassA
LoadCursorA
GetClassInfoA
DefWindowProcA
SetWindowLongA
GetWindowLongA
SetWindowPos
IsWindow
SystemParametersInfoA
wsprintfA
SetRectEmpty

gdi32

DeleteObject
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel

advapi32

RegCreateKeyExA
RegDeleteKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
OpenSCManagerA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoDisconnectObject
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoInitialize
CoUninitialize
CreateOleAdviseHolder

oleaut32

VariantCopy
DispInvoke
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
LoadRegTypeLi
DispGetIDsOfNames

rpcrt4

UuidFromStringA
UuidFromStringW

shlwapi

SHRegQueryUSValueA
SHRegWriteUSValueA
SHRegCreateUSKeyA
SHRegDeleteUSValueA
SHRegOpenUSKeyA
SHRegCloseUSKey
PathAppendA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SCI

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65httpct.dll
.dll regsvr32 windows:5 windows x86 arch:x86

e241e4c3796bec347c7f4115784777e6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:14:24:9d:80:b9:24:46:33:8a:4f:db:ad:52:09:c8:d9:3f:97:0f
Signer

Actual PE Digest

9d:14:24:9d:80:b9:24:46:33:8a:4f:db:ad:52:09:c8:d9:3f:97:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetCurrentProcessId
lstrcmpA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
VirtualQuery
VirtualProtect
VerSetConditionMask
VerifyVersionInfoW
lstrcatA
MultiByteToWideChar
GetCommandLineA
GetLastError
SizeofResource
lstrcmpiA
IsDBCSLeadByte
WideCharToMultiByte
DeleteCriticalSection
GetModuleFileNameW
FreeLibrary
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
LoadLibraryA
GetModuleHandleW
lstrcpynA
GetNativeSystemInfo
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
GetModuleHandleA
CreateEventA
CreateMutexA
ResetEvent
SetThreadPriority
ResumeThread
SetEvent
ReleaseMutex
LocalFree
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
LCMapStringW
RtlUnwind
HeapDestroy
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
lstrcpyA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
FlushFileBuffers
EnterCriticalSection
InitializeCriticalSection
lstrlenW
lstrlenA
SetStdHandle
WriteConsoleW
CreateFileW
WriteFile
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapReAlloc
ExitProcess
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetSystemInfo
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

GetWindowLongW
PeekMessageA
IsWindow
PostMessageA
EnumWindows
GetWindowThreadProcessId
GetKeyboardType
UnregisterClassA
wsprintfA
CharNextA
SetWindowLongW
GetWindowLongA
DefWindowProcW
CreateWindowExA
DefWindowProcA
CallWindowProcW
CallWindowProcA
LoadCursorA
GetClassInfoExA
RegisterClassExA
SetWindowLongA
DestroyWindow
GetClassNameA

advapi32

RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarDateFromStr
VariantInit
VariantClear
SysAllocStringLen
SysFreeString
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathAppendA

rpcrt4

UuidFromStringA
UuidFromStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65idle.dll
.dll windows:5 windows x86 arch:x86

875b2475c4b5eebcf5b6189632d62ac6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:eb:0b:3b:49:88:d3:c3:a6:54:e5:7a:ee:aa:2c:c7:6e:c0:bb:5b
Signer

Actual PE Digest

cd:eb:0b:3b:49:88:d3:c3:a6:54:e5:7a:ee:aa:2c:c7:6e:c0:bb:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathAppendA

kernel32

HeapFree
lstrlenA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
lstrcpyA
VerSetConditionMask
VerifyVersionInfoW
CreateMutexA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
CloseHandle
GetTickCount
WaitForSingleObject
ReleaseMutex
GetProcAddress
GetModuleHandleW
GetLastError
SetLastError
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RaiseException
IsValidCodePage
GetOEMCP
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
Sleep
HeapSize
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
GetCPInfo
GetACP

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t8Shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65medint.exe
.exe windows:5 windows x86 arch:x86

8a1c698713a9053d783b64df09fb1411

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:4f:78:2a:a4:a9:03:1f:b6:64:60:2b:47:78:73:3a:8f:d1:38:75
Signer

Actual PE Digest

ed:4f:78:2a:a4:a9:03:1f:b6:64:60:2b:47:78:73:3a:8f:d1:38:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA
PathFindFileNameA

kernel32

GetLastError
ExitProcess
FreeLibrary
GetCommandLineA
GetModuleFileNameA
LoadLibraryExA
GetProcAddress
GetStartupInfoW
GetModuleHandleA

Sections

.text
Size: 1024B - Virtual size: 731B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65mlbtn.dll
.dll regsvr32 windows:5 windows x86 arch:x86

5debace71507f67f2f51c346c7c60730

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:e2:a1:3a:ce:3b:71:f7:48:bc:99:6c:1e:ea:9d:56:5d:5e:29:e9
Signer

Actual PE Digest

d9:e2:a1:3a:ce:3b:71:f7:48:bc:99:6c:1e:ea:9d:56:5d:5e:29:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
lstrlenW
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryW
GetProcAddress
SizeofResource
LoadResource
GetLastError
FindResourceA
lstrcpyA
GetModuleFileNameA
lstrlenA
LockResource
LoadLibraryExA
RtlUnwind
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
Sleep
HeapSize
HeapReAlloc
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError

user32

wsprintfA
CharNextA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA
RegQueryInfoKeyA

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysAllocString
VariantChangeTypeEx
VariantInit
VariantClear
SysFreeString

rpcrt4

UuidFromStringW
UuidFromStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65regiet.dll
.dll regsvr32 windows:5 windows x86 arch:x86

21d7a109aeab4662649e8d3b76030148

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:da:85:9c:68:e8:2f:e2:fd:f2:26:5c:ca:c8:99:60:12:d3:75:c2
Signer

Actual PE Digest

ff:da:85:9c:68:e8:2f:e2:fd:f2:26:5c:ca:c8:99:60:12:d3:75:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
lstrcmpiA
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
lstrlenW
RaiseException
GetSystemDirectoryA
GetShortPathNameA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetModuleHandleW
GetLastError
WriteFile
SetLastError
LoadLibraryW
RtlUnwind
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcatA
lstrcpyA
GetProcAddress
GetModuleHandleA
GetCurrentProcess
lstrlenA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
HeapReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapSize
Sleep
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
EncodePointer
DecodePointer

user32

CharNextA
wsprintfA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65script.dll
.dll regsvr32 windows:5 windows x86 arch:x86

3f4d4905d16dd516ec1cf01fc3dbcaae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:43:ff:1f:bf:80:48:23:f7:e8:20:e2:c2:f3:23:5f:81:86:d3:a9
Signer

Actual PE Digest

68:43:ff:1f:bf:80:48:23:f7:e8:20:e2:c2:f3:23:5f:81:86:d3:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
SizeofResource
lstrcmpiA
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
RaiseException
CreateEventA
CloseHandle
GetModuleHandleW
SetLastError
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
OpenEventA
GetTickCount
CreateProcessA
LoadLibraryA
GetNativeSystemInfo
lstrcatA
WriteFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
LocalFree
LoadLibraryW
RtlUnwind
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcAddress
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
lstrcpyA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
GetCurrentProcess
lstrlenA
GetStartupInfoW
GetFileType
SetHandleCount
HeapReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapSize
Sleep
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
DecodePointer
EncodePointer

user32

wsprintfA
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageA
GetKeyboardType
CharNextA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID

oleaut32

SysFreeString
VariantChangeTypeEx
VariantClear
VariantInit
SysAllocString

shlwapi

SHRegOpenUSKeyA
SHRegCloseUSKey
PathAppendA
SHRegQueryUSValueA

rpcrt4

UuidFromStringW
UuidFromStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65skin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

4c6d0f615e172a7ebacaaba9226322ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:4b:ff:cb:9b:18:8b:79:1d:2c:ad:52:15:73:46:f0:56:ca:20:29
Signer

Actual PE Digest

15:4b:ff:cb:9b:18:8b:79:1d:2c:ad:52:15:73:46:f0:56:ca:20:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
lstrcmpA
GetModuleHandleW
GetCommandLineA
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetCurrentProcess
FlushInstructionCache
GetTickCount
CreateEventA
SetEvent
WaitForMultipleObjects
ResetEvent
LocalFree
CreateProcessA
GetNativeSystemInfo
GetDriveTypeA
GetFileAttributesA
GetFileSize
ReadFile
SetFileAttributesA
WriteFile
MoveFileA
SetFilePointer
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryW
FindNextFileA
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
ExitProcess
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualProtect
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FindFirstFileA
MapViewOfFile
ReleaseMutex
lstrcpynA
FindNextChangeNotification
WaitForSingleObject
UnmapViewOfFile
FindCloseChangeNotification
FindFirstChangeNotificationA
CreateFileMappingA
CreateMutexA
GetModuleFileNameW
RaiseException
IsDBCSLeadByte
SizeofResource
WideCharToMultiByte
GetSystemDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
FlushFileBuffers
GetLastError
SetLastError
LoadLibraryA
DeleteFileA
CloseHandle
CopyFileA
lstrcmpiA
CreateFileA
lstrcatA
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LeaveCriticalSection
LoadLibraryExA
lstrcpyA
lstrlenA
GetModuleFileNameA
EnterCriticalSection
lstrlenW

user32

SetCapture
GetTopWindow
FindWindowExA
GetWindow
SendMessageA
wsprintfA
CharNextA
GetWindowThreadProcessId
ModifyMenuA
AppendMenuA
GetMenuItemCount
CreatePopupMenu
RemoveMenu
ReleaseCapture
TrackPopupMenuEx
PostMessageA
DestroyWindow
GetParent
IsWindowVisible
GetWindowRect
IntersectRect
SetWinEventHook
UnhookWinEvent
AdjustWindowRectEx
SetRect
UpdateWindow
EnableWindow
GetActiveWindow
IsZoomed
IsIconic
LoadImageA
GetSystemMetrics
MapDialogRect
GetKeyboardType
UnregisterClassA
SetTimer
GetCaretBlinkTime
KillTimer
FlashWindow
ScreenToClient
DestroyMenu
RedrawWindow
GetWindowRgn
SetWindowRgn
OffsetRect
GetCapture
GetForegroundWindow
DestroyIcon
RegisterWindowMessageA
ShowWindow
SetFocus
CreateWindowExA
LoadCursorA
GetClassInfoExA
RegisterClassExA
EqualRect
UnionRect
PtInRect
GetKeyState
InvalidateRect
CallWindowProcA
IsChild
GetFocus
BeginPaint
GetClientRect
EndPaint
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
IsWindow
SetParent
MoveWindow
GetDesktopWindow
GetWindowLongA
SetWindowLongA
SetWindowTextA
SetForegroundWindow
CreateDialogParamA
DefWindowProcA
ReleaseDC
GetDC
EnumWindows
SetWindowPos
CopyRect

gdi32

BitBlt
DeleteObject
CreateRectRgn
GetRgnBox
TextOutA
SetTextAlign
CreateRectRgnIndirect
CreateBitmapIndirect
CreatePatternBrush
SelectObject
PatBlt
CreateCompatibleBitmap
GetObjectA
DeleteDC
CreateCompatibleDC

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHGetMalloc
Shell_NotifyIconA
SHGetSpecialFolderLocation

ole32

IIDFromString
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
StringFromGUID2
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
CLSIDFromString
OleRegEnumVerbs

oleaut32

RegisterTypeLi
VariantChangeTypeEx
VariantChangeType
SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
SysAllocString
UnRegisterTypeLi

shlwapi

SHRegQueryUSValueA
PathAppendA
SHRegWriteUSValueA
SHRegCreateUSKeyA
SHRegDeleteUSValueA
SHRegCloseUSKey
SHRegOpenUSKeyA

rpcrt4

UuidFromStringA
UuidFromStringW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ROS

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t8SkinA
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65skplay.exe
.exe windows:5 windows x86 arch:x86

02a5a11fb51b1b87267caf10fe743878

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:bf:f5:6f:a9:6e:fe:d6:0d:c1:51:23:63:b3:74:19:4c:f3:8d:4c
Signer

Actual PE Digest

bf:bf:f5:6f:a9:6e:fe:d6:0d:c1:51:23:63:b3:74:19:4c:f3:8d:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
lstrlenA
GetModuleFileNameA
lstrcpyA
GetModuleHandleA
ExitProcess
GetShortPathNameA
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
LockResource
LoadResource
FindResourceA
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
IsProcessorFeaturePresent
Sleep
HeapSize
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
HeapReAlloc
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/65tpinst.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c5eeb166ddd1ce6c83f20c385bb1e45d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:8a:70:49:15:0b:48:27:8d:0c:58:42:53:ba:af:f9:b5:7e:71:b9
Signer

Actual PE Digest

9d:8a:70:49:15:0b:48:27:8d:0c:58:42:53:ba:af:f9:b5:7e:71:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCrackUrlA

urlmon

RegisterBindStatusCallback

kernel32

lstrcatA
GetWindowsDirectoryA
SetLastError
SetFileAttributesA
FreeLibrary
LoadLibraryA
GetCommandLineA
LockResource
ReleaseMutex
WaitForMultipleObjects
SetEvent
OpenProcess
CreateMutexA
CreateEventA
CreateProcessA
DisableThreadLibraryCalls
ResetEvent
OpenMutexA
CreateDirectoryA
GetCurrentProcessId
DeleteCriticalSection
EnterCriticalSection
GetModuleHandleW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
MulDiv
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
ResumeThread
FlushFileBuffers
LocalFree
lstrcmpA
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetConsoleCP
GetShortPathNameA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryW
InterlockedExchange
SetConsoleCtrlHandler
FatalAppExitA
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
GetLocaleInfoW
Sleep
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
ExitProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateThread
ExitThread
WriteFile
CreateFileW
DeleteFileA
MoveFileA
CreateFileA
GetFileSize
ReadFile
CloseHandle
lstrcpynA
GetDriveTypeA
GetFileAttributesA
WaitForSingleObject
DecodePointer
EncodePointer
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
GetVersionExA
VerSetConditionMask
VerifyVersionInfoW
FindResourceA
GetLastError
LoadResource
SizeofResource
IsDBCSLeadByte
GetModuleFileNameA
lstrcpyA
LoadLibraryExA
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleMode
SetStdHandle
WriteConsoleW
SetFilePointer

user32

CharNextA
wsprintfA
GetKeyboardType
PostMessageA
ShowWindow
SetFocus
IsChild
GetFocus
GetParent
DestroyWindow
IsWindow
InvalidateRect
DefWindowProcA
PostThreadMessageA
DispatchMessageA
TranslateMessage
UnregisterClassA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
CallWindowProcA
GetWindowLongA
SetWindowLongA
BeginPaint
GetClientRect
EndPaint
GetDC
ReleaseDC
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
GetKeyState
CharNextW
PostQuitMessage
PeekMessageA
RegisterClassExA
CreateWindowExA
GetMessageA

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegQueryValueExA
RegFlushKey
RegQueryInfoKeyA
RegOpenKeyExA

ole32

OleRegEnumVerbs
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
OleRegGetMiscStatus
CreateOleAdviseHolder
CoUninitialize
CoCreateGuid
CoInitialize
CreateBindCtx
OleRegGetUserType
CoTaskMemAlloc

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

oleaut32

VariantChangeType
VarUI4FromStr
SysFreeString
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocString
OleCreatePropertyFrame
SysStringLen
VariantInit
VariantClear

shlwapi

PathFileExistsA

gdi32

CreateDCA
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CreateRectRgnIndirect
SetTextAlign
TextOutA

rpcrt4

UuidFromStringW
UuidFromStringA

crypt32

CertGetNameStringW
CryptDecodeObject
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

wintrust

WinVerifyTrust

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EntryPoint

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TRDPRT_I
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/AppIntegrator.exe
.exe windows:5 windows x86 arch:x86

f44299f1fc0b062dae2067f54c8362b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:eb:e7:b2:3c:f8:36:39:3a:8c:88:79:c0:16:85:f2:75:6c:e0:fa
Signer

Actual PE Digest

df:eb:e7:b2:3c:f8:36:39:3a:8c:88:79:c0:16:85:f2:75:6c:e0:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
InitializeSListHead
GetCurrentThreadId
LoadLibraryExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpW
GetThreadTimes
LocalAlloc
CreateEventW
SetEvent
CompareStringW
OpenFileMappingW
CreateFileMappingW
MapViewOfFileEx
lstrcmpiW
FreeLibrary
HeapSetInformation
UnmapViewOfFile
CloseHandle
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
OutputDebugStringA
QueryPerformanceCounter
GetLastError
MultiByteToWideChar
OutputDebugStringW
SwitchToThread
GetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
LocalFree
GetModuleFileNameW
GetModuleHandleExW
GetPrivateProfileSectionW
CreateFileW
WriteFile
LoadLibraryW
LoadLibraryA
WideCharToMultiByte
EncodePointer
DecodePointer
GetCommandLineW
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
RtlUnwind
InterlockedExchange
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
DeleteCriticalSection
GetSystemTimeAsFileTime
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcatW
lstrcpyW
GetProcAddress
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
lstrlenA
lstrlenW

user32

GetWindowLongW
UnhookWindowsHookEx
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
UnregisterClassA
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DefWindowProcW
DestroyWindow
SetWindowsHookExW
CallWindowProcW
SetWindowLongW

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
GetSecurityDescriptorSacl
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoGetCurrentLogicalThreadId

shlwapi

PathAppendW
PathRemoveFileSpecW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegCloseUSKey
SHRegDeleteUSValueW
PathFindFileNameW
SHRegWriteUSValueW
SHRegCreateUSKeyW

userenv

UnloadUserProfile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

GetAlertManager

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/AppIntegrator64.exe
.exe windows:5 windows x64 arch:x64

b3c4b300c13dcbf2628d7b08421f382c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:43:34:c2:90:ff:cb:00:28:5a:4d:18:eb:84:ff:6f:dd:bb:0a:e6
Signer

Actual PE Digest

fd:43:34:c2:90:ff:cb:00:28:5a:4d:18:eb:84:ff:6f:dd:bb:0a:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
InitializeSListHead
GetCurrentThreadId
LoadLibraryExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpW
TlsFree
GetThreadTimes
LocalAlloc
CreateEventW
SetEvent
CompareStringW
OpenFileMappingW
CreateFileMappingW
MapViewOfFileEx
lstrcmpiW
FreeLibrary
HeapSetInformation
UnmapViewOfFile
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
OutputDebugStringA
QueryPerformanceCounter
lstrlenA
MultiByteToWideChar
OutputDebugStringW
SwitchToThread
GetFileAttributesW
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
LocalFree
GetModuleFileNameW
GetModuleHandleExW
GetPrivateProfileSectionW
CreateFileW
WriteFile
LoadLibraryW
LoadLibraryA
WideCharToMultiByte
EncodePointer
DecodePointer
GetCommandLineW
GetStartupInfoW
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
ExitProcess
RtlUnwindEx
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThread
FlsAlloc
GetVersion
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
GetSystemTimeAsFileTime
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcatW
lstrcpyW
GetProcAddress
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
lstrlenW

user32

GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
GetClassInfoExW
UnregisterClassA
LoadCursorW
DefWindowProcW
DestroyWindow
UnhookWindowsHookEx
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowsHookExW
CallWindowProcW
CreateWindowExW

advapi32

GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
GetTokenInformation
GetSecurityDescriptorGroup
GetSidSubAuthority
GetSidSubAuthorityCount
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoGetCurrentLogicalThreadId

shlwapi

SHRegDeleteUSValueW
SHRegCloseUSKey
SHRegQueryUSValueW
PathAppendW
PathRemoveFileSpecW
SHRegOpenUSKeyW
PathFindFileNameW
SHRegWriteUSValueW
SHRegCreateUSKeyW

userenv

UnloadUserProfile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

GetAlertManager

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/AppIntegratorStub.dll
.dll regsvr32 windows:5 windows x86 arch:x86

7d7854ebec0f052501e4b31f3fb962f8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:09:43:b9:18:d7:71:11:eb:1e:21:a8:3a:7f:27:ae:85:b5:67:0c
Signer

Actual PE Digest

73:09:43:b9:18:d7:71:11:eb:1e:21:a8:3a:7f:27:ae:85:b5:67:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
FindResourceW
LoadResource
LockResource
LoadLibraryW
LocalFree
GetCurrentProcess
GetModuleHandleExW
GetPrivateProfileSectionW
CreateFileW
WriteFile
HeapFree
GetCommandLineA
RtlUnwind
HeapAlloc
RaiseException
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
ExitProcess
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
GetLocaleInfoW
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetProcessHeap
SetEvent
WaitForSingleObject
OpenEventA
CreateEventA
ResetEvent
GetProcAddress
MultiByteToWideChar
lstrlenA
FreeLibrary
GetShortPathNameW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
LoadLibraryExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
MapViewOfFileEx
GetLastError
SetUnhandledExceptionFilter
CloseHandle
LocalAlloc
LoadLibraryA
GetThreadTimes
InitializeSListHead

user32

CallNextHookEx

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

GetSidSubAuthority
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
GetSidSubAuthorityCount

ole32

CoTaskMemFree
CoGetCurrentLogicalThreadId

userenv

UnloadUserProfile

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/AppIntegratorStub64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

e4d0dda2051093de3c64607d04a6e8eb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:2c:a0:81:12:3e:77:cc:d5:9a:5b:d0:e2:1e:3b:30:ed:0a:35:4a
Signer

Actual PE Digest

74:2c:a0:81:12:3e:77:cc:d5:9a:5b:d0:e2:1e:3b:30:ed:0a:35:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
OutputDebugStringA
QueryPerformanceCounter
SetLastError
lstrlenA
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
FindResourceW
LoadResource
LockResource
LocalFree
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
GetPrivateProfileSectionW
CreateFileW
WriteFile
HeapFree
FlsSetValue
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
RaiseException
RtlPcToFileHeader
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapSize
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetStdHandle
GetLocaleInfoW
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetProcessHeap
SetEvent
TlsFree
WaitForSingleObject
OpenEventA
CreateEventA
ResetEvent
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
LoadLibraryExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
MapViewOfFileEx
GetLastError
IsDebuggerPresent
CloseHandle
LocalAlloc
LoadLibraryA
GetThreadTimes
InitializeSListHead

user32

CallNextHookEx

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

GetSidSubAuthority
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthorityCount

ole32

CoTaskMemFree
CoGetCurrentLogicalThreadId

userenv

UnloadUserProfile

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/AssistMonitor.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0d16377f5582866af6cf7496d325208f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:db:70:9a:0d:89:05:64:cf:e1:5a:a8:88:7f:5c:d9:c8:e2:03:f3
Signer

Actual PE Digest

62:db:70:9a:0d:89:05:64:cf:e1:5a:a8:88:7f:5c:d9:c8:e2:03:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleacc

WindowFromAccessibleObject
AccessibleObjectFromWindow
AccessibleChildren

kernel32

GetTickCount
SwitchToThread
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
SetEvent
LoadLibraryExW
lstrcmpiW
IsWow64Process
GetCurrentProcess
RaiseException
MultiByteToWideChar
lstrcpyW
InitializeCriticalSection
FindClose
WideCharToMultiByte
FindResourceExW
LockResource
GetThreadTimes
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
FindNextFileW
FindFirstFileW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
GetLastError
GetModuleHandleW
GetProcAddress
LoadLibraryA
LocalAlloc
VerifyVersionInfoW
VerSetConditionMask
CloseHandle
lstrlenA
ResetEvent
CreateEventA
OpenEventA
ReadFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
lstrcmpiA
lstrlenW
InitializeSListHead
LocalFree
GetModuleFileNameA
GetStartupInfoW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InterlockedExchange
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
GetCurrentThreadId
GetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
CreateProcessW
GetModuleHandleExW
WaitForMultipleObjectsEx
GetPrivateProfileSectionW
CreateFileW
WriteFile
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsFree
GetCurrentThread
ExitProcess
GetStdHandle
HeapCreate
GetLocaleInfoW
SetHandleCount
GetFileType

user32

GetClassNameW
GetWindowTextW
IsWindow
MsgWaitForMultipleObjectsEx
GetParent
CallMsgFilterW
TranslateMessage
DispatchMessageW
SetTimer
PeekMessageW
ScreenToClient
IsWindowVisible
GetWindowThreadProcessId
KillTimer
SetWinEventHook
PostQuitMessage
GetClassNameA
UnhookWinEvent
CharNextW
GetForegroundWindow

advapi32

RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW

ole32

CoUninitialize
CoCreateInstance
CoGetCurrentLogicalThreadId
CoInitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
VarUI4FromStr

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveBlanksW
PathMatchSpecW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CryptQueryObject
CertFreeCertificateContext

Exports

Exports

DllRegisterServer
DllUnregisterServer
SetupForAppIntegrator
Shutdown

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/AssistMonitor64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

ef41199b2e446df6ad06dbb57599345a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:4a:1e:43:66:65:f9:e5:1a:1b:b1:98:39:72:c4:46:51:a3:88:b2
Signer

Actual PE Digest

05:4a:1e:43:66:65:f9:e5:1a:1b:b1:98:39:72:c4:46:51:a3:88:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleacc

WindowFromAccessibleObject
AccessibleObjectFromWindow
AccessibleChildren

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetTickCount
SwitchToThread
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
SetEvent
LoadLibraryExW
lstrcmpiW
RaiseException
FindClose
InitializeCriticalSection
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
WaitForSingleObject
InitializeSListHead
GetThreadTimes
FindNextFileW
FindFirstFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
GetLastError
GetModuleHandleW
GetProcAddress
LoadLibraryA
LocalAlloc
VerifyVersionInfoW
VerSetConditionMask
CloseHandle
lstrlenA
ResetEvent
CreateEventA
OpenEventA
TlsFree
ReadFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
lstrcmpiA
lstrlenW
OutputDebugStringA
GetUserDefaultLCID
LocalFree
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
Sleep
QueryPerformanceCounter
SetLastError
OutputDebugStringW
GetCurrentThreadId
GetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
CreateProcessW
GetModuleHandleExW
WaitForMultipleObjectsEx
GetCurrentProcess
GetPrivateProfileSectionW
CreateFileW
WriteFile
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
GetStdHandle
GetLocaleInfoW
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetStringTypeW

user32

CallMsgFilterW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
PostQuitMessage
UnhookWinEvent
GetForegroundWindow
SetWinEventHook
KillTimer
SetTimer
IsWindow
GetWindowTextW
GetClassNameW
ScreenToClient
IsWindowVisible
GetWindowThreadProcessId
PeekMessageW
GetParent
GetClassNameA

advapi32

GetSidSubAuthority
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
RegCloseKey
GetSidSubAuthorityCount

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemFree
CoGetCurrentLogicalThreadId
CoUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveBlanksW
PathMatchSpecW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

UnloadUserProfile

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CryptQueryObject
CertFreeCertificateContext

Exports

Exports

DllRegisterServer
DllUnregisterServer
SetupForAppIntegrator
Shutdown

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/CrExt.dll
.dll windows:5 windows x86 arch:x86

7856d9597c10138689406653aaf14883

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:2f:5a:8d:34:6e:77:de:4f:0a:5c:e1:df:a9:88:84:1a:98:03:43
Signer

Actual PE Digest

e3:2f:5a:8d:34:6e:77:de:4f:0a:5c:e1:df:a9:88:84:1a:98:03:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrAsyncServerCall
RpcBindingFree
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringFreeW
RpcServerUseProtseqEpW
RpcAsyncCancelCall
RpcAsyncGetCallStatus
RpcAsyncAbortCall
RpcAsyncCompleteCall
RpcServerUnregisterIf
RpcServerRegisterIfEx
NdrAsyncClientCall
RpcAsyncInitializeHandle
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef

kernel32

WaitForSingleObject
ReleaseMutex
GetModuleHandleW
SwitchToThread
FreeLibrary
GetFileAttributesW
CreateWaitableTimerW
GetCurrentProcess
DuplicateHandle
CancelWaitableTimer
CreateEventW
SetWaitableTimer
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
LocalFree
lstrcatW
CreateProcessW
OpenEventW
DeleteFileW
CreateFileW
WriteFile
lstrcmpiW
CreateEventA
SetEvent
OpenEventA
ResetEvent
GetProcessHeap
HeapAlloc
HeapFree
CreateFileA
lstrcpynW
TlsGetValue
GetDriveTypeW
CompareStringW
TlsAlloc
TlsSetValue
TlsFree
FindCloseChangeNotification
FindFirstChangeNotificationW
GetFileAttributesExW
LoadLibraryExW
GetCurrentThreadId
FlushInstructionCache
UnregisterWait
RegisterWaitForSingleObject
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
DeleteCriticalSection
PostQueuedCompletionStatus
GetQueuedCompletionStatus
TerminateProcess
SetFilePointer
ReadFile
OpenMutexW
InitializeSListHead
GetThreadTimes
GetPrivateProfileSectionW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
CloseHandle
GetTickCount
lstrlenA
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
MultiByteToWideChar
GetLastError
RaiseException
GetProcAddress
lstrlenW
GetLocaleInfoW
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
RtlUnwind
GetConsoleCP
GetConsoleMode
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
Sleep
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
GetCommandLineA
LoadLibraryA
InterlockedExchange
LocalAlloc
IsValidLocale
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
InterlockedCompareExchange
CreateMutexW
SetLastError
WideCharToMultiByte
lstrcpyW
GetShortPathNameW
LoadLibraryW
SleepEx
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
GetUserDefaultLCID
GetLocaleInfoA
GetSystemInfo
OutputDebugStringW
OutputDebugStringA
ProcessIdToSessionId
GetComputerNameW
MapViewOfFileEx
VirtualFree
GetLongPathNameW
CreateSemaphoreW
ReleaseSemaphore
QueueUserAPC
WaitForMultipleObjectsEx
GetModuleHandleExW
LockResource
SizeofResource
LoadResource
FindResourceW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
SetFileAttributesW
CopyFileW
GetFileSize
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
InitializeCriticalSection
InterlockedPopEntrySList
VirtualAlloc
EnumSystemLocalesA

user32

GetClassInfoExW
LoadCursorW
PostMessageW
SetWindowPos
SetForegroundWindow
MapWindowPoints
IsRectEmpty
SetTimer
KillTimer
GetWindowThreadProcessId
IsWindow
GetParent
GetWindow
LoadImageW
wsprintfW
CallWindowProcW
SetWindowLongW
GetWindowLongW
UnregisterClassA
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
CallMsgFilterW
TranslateMessage
DispatchMessageW
FindWindowExW
GetActiveWindow
IsChild
GetWindowRect
MessageBoxW
DefWindowProcW
RegisterClassExW
DestroyWindow
CreateWindowExW
SetParent
SendMessageW

advapi32

GetSecurityDescriptorDacl
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetLengthSid
FreeSid
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
DuplicateTokenEx
AllocateAndInitializeSid
SetTokenInformation
CreateProcessAsUserW
GetNamedSecurityInfoW
GetAclInformation
GetAce
IsValidSid
OpenProcessToken

ole32

CoGetCurrentLogicalThreadId
CoInitialize
CLSIDFromProgID
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VarCmp
SafeArrayUnlock
SafeArrayLock
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
DispCallFunc
VariantCopy
VariantChangeType
VariantInit
VarBstrCat
VarBstrCmp
LoadTypeLi
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString
LoadRegTypeLi
VariantClear
SysStringLen
SysAllocStringLen

shlwapi

SHRegWriteUSValueW
SHRegEnumUSValueW
SHRegQueryUSValueW
SHRegCloseUSKey
PathRemoveFileSpecW
SHDeleteKeyW
SHRegEnumUSKeyW
SHRegDeleteUSValueW
SHRegOpenUSKeyW
SHRegDeleteEmptyUSKeyW
SHRegGetUSValueW
SHRegCreateUSKeyW
StrRetToStrW
PathFindFileNameW
PathRenameExtensionW
StrRetToBufW
StrRChrW
ord176
StrChrW
PathAppendW

urlmon

URLOpenPullStreamW

ws2_32

connect
WSAAsyncSelect
WSASetLastError
closesocket
WSAGetLastError
send
recv
WSAStartup
WSACleanup
socket
gethostbyname
htons

wininet

InternetCrackUrlW

setupapi

SetupDecompressOrCopyFileW
SetupGetFileCompressionInfoW

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertFreeCertificateContext

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/CrExtP65.exe
.exe windows:5 windows x86 arch:x86

dd80a0938141b51560580a4be704cecc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:37:de:1e:ca:b5:0f:20:bb:84:a4:1a:26:3d:b2:57:ae:86:c8:06
Signer

Actual PE Digest

e5:37:de:1e:ca:b5:0f:20:bb:84:a4:1a:26:3d:b2:57:ae:86:c8:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
CreateEventA
OpenEventA
HeapAlloc
GetProcessHeap
HeapFree
lstrcpyW
lstrcatW
ResetEvent
CreateMutexW
ReleaseMutex
UnregisterWait
RegisterWaitForSingleObject
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
GetSystemInfo
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CancelWaitableTimer
CreateWaitableTimerW
SetWaitableTimer
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
SwitchToThread
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetFileAttributesW
SetFilePointer
GetCurrentDirectoryW
GetFileSize
ReadFile
lstrcmpiW
WideCharToMultiByte
OpenMutexW
GlobalFree
GetModuleHandleW
InitializeSListHead
GetThreadTimes
GetPrivateProfileSectionW
CreateFileMappingW
LoadLibraryW
GetProcAddress
WaitForSingleObject
CreateThread
SleepEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForMultipleObjectsEx
SetCurrentDirectoryW
Sleep
CreateEventW
SetEvent
FlushInstructionCache
SetLastError
RaiseException
GetCurrentThreadId
lstrlenW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
VerSetConditionMask
SetStdHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetStdHandle
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
ExitThread
GetStartupInfoW
HeapSetInformation
CreateDirectoryW
OutputDebugStringW
QueryPerformanceCounter
OutputDebugStringA
ProcessIdToSessionId
GetComputerNameW
OpenFileMappingW
WriteFile
GetLocalTime
SetNamedPipeHandleState
CreateFileW
DisconnectNamedPipe
CancelIo
CompareStringW
GetModuleHandleExW
GetCommandLineW
VerifyVersionInfoW
QueueUserAPC
GetCurrentThread
GetCurrentProcess
DuplicateHandle
CloseHandle
lstrlenA
MultiByteToWideChar
GetLastError
GetTickCount
MapViewOfFileEx
UnmapViewOfFile
GetLongPathNameW
CreateSemaphoreW
ReleaseSemaphore
FlushFileBuffers
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalFree
LocalAlloc

user32

CopyRect
GetMonitorInfoW
SetDlgItemTextW
CallWindowProcW
DestroyWindow
CreateWindowExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
RegisterClassExW
GetClassInfoExW
LoadCursorW
MessageBoxW
SetTimer
IsRectEmpty
SetRect
GetWindowRect
GetDlgItem
FindWindowW
MsgWaitForMultipleObjectsEx
GetMessageW
TranslateMessage
SetClipboardData
GetClipboardData
EnumDisplayMonitors
OpenClipboard
GetForegroundWindow
MonitorFromRect
AdjustWindowRectEx
InflateRect
OffsetRect
EqualRect
BringWindowToTop
IsWindowVisible
PostMessageW
SetParent
GetTopWindow
EnumChildWindows
SetRectEmpty
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ShowWindow
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
SendMessageW
IsWindow
GetClassNameW
GetSysColor
SetWindowPos
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
UnregisterClassA
PeekMessageW
PostQuitMessage
CallMsgFilterW
SetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoW
IsIconic
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
CharUpperW
CharNextW
CreateDialogParamW
GetActiveWindow
PostThreadMessageW
KillTimer
DispatchMessageW
CloseClipboard

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush

advapi32

RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW

ole32

CoTaskMemFree
CoRevokeClassObject
CoReleaseServerProcess
CoAddRefServerProcess
StringFromGUID2
CoUninitialize
CoReleaseMarshalData
OleUninitialize
CreateStreamOnHGlobal
CoUnmarshalInterface
CoInitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoGetCurrentLogicalThreadId
OleInitialize
CoCreateInstance
CoMarshalInterface
CoTaskMemAlloc

oleaut32

VariantChangeType
SafeArrayCopy
SafeArrayGetVartype
SysStringByteLen
SysFreeString
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
VariantCopyInd
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
SafeArrayCreate
DispCallFunc
VarBstrCat
SafeArrayLock
RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
SysReAllocStringLen
SafeArrayDestroy
SafeArrayUnlock
SafeArrayRedim
VariantCopy

shlwapi

PathAppendW
PathRemoveFileSpecW
StrChrW
PathFindFileNameW
UrlCanonicalizeW
UrlUnescapeW
SHRegCreateUSKeyW
SHRegGetUSValueW
SHRegDeleteEmptyUSKeyW
SHRegOpenUSKeyW
SHDeleteKeyW
SHRegDeleteUSValueW
SHRegEnumUSKeyW
SHRegEnumUSValueW
SHRegWriteUSValueW
SHRegQueryUSValueW
SHRegCloseUSKey
UrlIsW
UrlCreateFromPathW
PathCombineW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

CoInternetGetSecurityUrl
CoInternetGetSession

rpcrt4

RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcAsyncCompleteCall
RpcAsyncAbortCall
RpcAsyncGetCallStatus
RpcAsyncCancelCall
RpcServerUseProtseqEpW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingSetOption
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFree
NdrAsyncServerCall
NdrAsyncClientCall
RpcAsyncInitializeHandle

userenv

UnloadUserProfile

Sections

.text
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/DpnMngr.dll
.dll windows:5 windows x86 arch:x86

18e88e564acf4df5fc28a0a56ae6b6e0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:b3:b6:48:70:e9:3d:a6:da:a4:0a:f2:14:dd:81:c3:7f:05:0f:7d
Signer

Actual PE Digest

2d:b3:b6:48:70:e9:3d:a6:da:a4:0a:f2:14:dd:81:c3:7f:05:0f:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessW
AssignProcessToJobObject
ResumeThread
TerminateProcess
WaitForSingleObject
GetQueuedCompletionStatus
lstrlenA
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
LoadLibraryW
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetInformationJobObject
CreateIoCompletionPort
CreateJobObjectW
GetCurrentProcess
IsProcessInJob
CloseHandle
lstrlenW
GetModuleHandleW
InitializeSListHead
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
OutputDebugStringA
GetProcAddress
SetLastError
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetModuleHandleExW
GetPrivateProfileSectionW
CreateFileW
WriteFile
DecodePointer
EncodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetLocaleInfoW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsFree
GetCurrentThread
HeapCreate
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
LCMapStringW
RtlUnwind
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
FreeLibrary
InterlockedExchange
SetStdHandle
WriteConsoleW
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetLastError
LocalAlloc
LoadLibraryA
InterlockedCompareExchange
InitializeCriticalSection
SetEvent
OpenEventA
CreateEventA
ResetEvent
GetThreadTimes

advapi32

GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateInstance
CoGetCurrentLogicalThreadId
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
SysAllocString
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCmp

shlwapi

PathFindFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/FF-NativeMessagingDispatcher.dll
.dll windows:5 windows x86 arch:x86

df79885aa1c84434b82dc9eac7831659

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:09:10:db:f2:b5:8c:c1:a3:9c:f3:d5:77:90:48:53:eb:20:76:8f
Signer

Actual PE Digest

4d:09:10:db:f2:b5:8c:c1:a3:9c:f3:d5:77:90:48:53:eb:20:76:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CompareStringW
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
FreeLibrary
GetProcAddress
MultiByteToWideChar
lstrlenA
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
GetLastError
RaiseException
DeleteCriticalSection
lstrlenW
ReadFile
GetFileSize
GetCommandLineW
CreateEventW
LocalAlloc
LocalFree
InterlockedExchange
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
GetModuleFileNameW
TlsGetValue
TlsSetValue
GetCurrentProcessId
HeapFree
GetCommandLineA
RtlUnwind
HeapAlloc
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
HeapReAlloc
WriteFile
GetStdHandle
GetLocaleInfoW
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
GetProcessHeap
SetEvent
WaitForSingleObject
OpenEventA
CreateEventA
ResetEvent
CreateProcessW
GetPrivateProfileSectionW
GetModuleHandleExW
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
CloseHandle
InitializeSListHead
GetThreadTimes

advapi32

GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoGetCurrentLogicalThreadId
CoInitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CoUninitialize

oleaut32

SysStringByteLen
SysAllocStringLen
VarBstrCat
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
VariantChangeType
SysAllocString
SysAllocStringByteLen

userenv

UnloadUserProfile

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW

user32

MsgWaitForMultipleObjectsEx
DispatchMessageW
TranslateMessage
CallMsgFilterW
PostQuitMessage
PeekMessageW

Exports

Exports

Chrome_wWinMain
CreateEXEManager
CreateSettings
DllCanUnloadNow
DllGetClassObject
GetFormatedDependents
LaunchEXE
ReleaseNMDHandle
ReleaseNMDString
SilentUninstall
sendDetectExe
sendLaunchExe

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/HiddenToolbarReminder.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d6d6c98fce48f1cfd037adae2a8df887

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:92:01:e7:f1:ee:6d:0d:78:5f:54:a1:e5:e2:d4:67:8e:f8:c4:d2
Signer

Actual PE Digest

12:92:01:e7:f1:ee:6d:0d:78:5f:54:a1:e5:e2:d4:67:8e:f8:c4:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCrackUrlW
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW

kernel32

FindResourceW
LoadLibraryExW
GetModuleFileNameW
lstrcpyW
FreeLibrary
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
WaitForSingleObject
GetCurrentThreadId
FlushInstructionCache
SetLastError
LoadResource
InitializeSListHead
GetThreadTimes
LockResource
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
GetSystemDirectoryW
LoadLibraryW
GetSystemTimeAsFileTime
LocalFree
GetEnvironmentVariableW
SetEvent
WaitForMultipleObjects
CreateEventW
lstrlenW
VerSetConditionMask
VerifyVersionInfoW
GetLastError
GetCurrentProcess
CloseHandle
LoadLibraryA
LocalAlloc
GetModuleHandleW
GetProcAddress
DecodePointer
ResetEvent
OpenEventA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
GetStringTypeW
EncodePointer
Sleep
OutputDebugStringA
QueryPerformanceCounter
lstrlenA
OutputDebugStringW
SwitchToThread
GetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
CreateProcessW
GetTickCount
WaitForMultipleObjectsEx
GetPrivateProfileSectionW
CreateFileW
WriteFile
GetModuleHandleExW
SetFilePointer
GetModuleFileNameA
CreateEventA
VirtualProtect
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsFree
GetCurrentThread
ExitProcess
GetStdHandle
HeapCreate
GetLocaleInfoW
SetHandleCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW

user32

CallWindowProcW
CharNextW
UnhookWinEvent
GetWindowLongW
SetWindowLongW
DestroyWindow
DefWindowProcW
UnregisterClassA
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
CallMsgFilterW
TranslateMessage
DispatchMessageW
EnumChildWindows
EnumWindows
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetClassNameW
SetWinEventHook
CreateWindowExW
SetForegroundWindow
IsWindowVisible
IsIconic

advapi32

GetSidSubAuthority
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
RegCreateKeyExW
ConvertSidToStringSidA
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetSidSubAuthorityCount

ole32

CLSIDFromString
CoTaskMemFree
CoGetCurrentLogicalThreadId
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

userenv

UnloadUserProfile

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathFindFileNameW
PathAppendW
PathRemoveFileSpecW

Exports

Exports

DllRegisterServer
DllUnregisterServer
ProcessesToInject
SetupForAppIntegrator
Shutdown

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/HkFxMgr.dll
.dll windows:5 windows x86 arch:x86

a80b3040f552b068035bf38e0b942b3c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9a:f3:58:35:a6:68:61:2f:a4:10:eb:e7:88:4a:08:63:b2:48:fb:ed
Signer

Actual PE Digest

9a:f3:58:35:a6:68:61:2f:a4:10:eb:e7:88:4a:08:63:b2:48:fb:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
LocalFree
FormatMessageA
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
GetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
CloseHandle
GetCurrentProcessId
GetCurrentProcess
GetPrivateProfileSectionW
CreateFileW
GetModuleHandleW
WriteFile
GetModuleHandleExW
VirtualQuery
VirtualProtect
LoadLibraryW
FreeLibrary
HeapFree
GetCommandLineA
RtlUnwind
HeapAlloc
RaiseException
LCMapStringW
GetCPInfo
VerSetConditionMask
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
GetLocaleInfoW
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetProcessHeap
SetEvent
WaitForSingleObject
OpenEventA
CreateEventA
ResetEvent
VerifyVersionInfoW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetLastError
LocalAlloc
LoadLibraryA
GetThreadTimes
InitializeSListHead

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken

ole32

CoTaskMemFree
CoGetCurrentLogicalThreadId

shlwapi

PathFindFileNameW

userenv

UnloadUserProfile

Exports

Exports

HookedModules
ReapplyHooks
SetupForHooker

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/HkFxMgr64.dll
.dll windows:5 windows x64 arch:x64

c31ae4a4d15cd081e02a82da955403b0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:c6:f0:4f:00:82:65:bd:77:f4:1a:11:fd:d6:37:87:cc:9a:68:c3
Signer

Actual PE Digest

ea:c6:f0:4f:00:82:65:bd:77:f4:1a:11:fd:d6:37:87:cc:9a:68:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
LocalFree
FormatMessageA
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
GetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
CloseHandle
GetCurrentProcessId
GetCurrentProcess
GetPrivateProfileSectionW
CreateFileW
GetModuleHandleW
WriteFile
GetModuleHandleExW
VirtualQuery
VirtualProtect
LoadLibraryW
FreeLibrary
HeapFree
FlsSetValue
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
RaiseException
RtlPcToFileHeader
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VerSetConditionMask
RtlVirtualUnwind
RtlCaptureContext
HeapSize
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
GetLocaleInfoW
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetProcessHeap
SetEvent
TlsFree
WaitForSingleObject
OpenEventA
CreateEventA
ResetEvent
VerifyVersionInfoW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
GetLastError
LocalAlloc
LoadLibraryA
GetThreadTimes
InitializeSListHead

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken

ole32

CoTaskMemFree
CoGetCurrentLogicalThreadId

shlwapi

PathFindFileNameW

userenv

UnloadUserProfile

Exports

Exports

HookedModules
ReapplyHooks
SetupForHooker

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/InstallEnabler.dll
.dll regsvr32 windows:5 windows x86 arch:x86

feec90f7bc180ecef1a7b2afa73a3ee7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:a0:ff:09:3c:c3:c9:16:7e:48:89:78:72:a3:99:34:73:dc:ac:2a
Signer

Actual PE Digest

d4:a0:ff:09:3c:c3:c9:16:7e:48:89:78:72:a3:99:34:73:dc:ac:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
MultiByteToWideChar
lstrlenA
CloseHandle
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetModuleFileNameW
GetCurrentProcess
GetPrivateProfileSectionW
CreateFileW
WriteFile
GetModuleHandleExW
HeapFree
DecodePointer
EncodePointer
GetCommandLineA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
TlsFree
InterlockedIncrement
GetSystemDirectoryW
GetCurrentThread
RtlUnwind
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
GetStdHandle
Sleep
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedExchange
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetProcessHeap
SetEvent
WaitForSingleObject
OpenEventA
CreateEventA
ResetEvent
LoadLibraryW
GetModuleHandleW
InterlockedDecrement
GetProcAddress
LocalAlloc
LoadLibraryA
GetThreadTimes
InitializeSListHead

advapi32

GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegEnumValueW

shlwapi

PathFindFileNameW
SHDeleteKeyW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ole32

CoTaskMemFree
CoGetCurrentLogicalThreadId

userenv

UnloadUserProfile

Exports

Exports

DllRegisterServer
DllUnregisterServer
EnableInstall

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/T8EXTEX.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

af97164021d1705681b94bb8432c07a9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:01:9c:27:6b:37:09:54:e6:b0:a4:3e:bd:29:73:55:12:3b:34:68
Signer

Actual PE Digest

ea:01:9c:27:6b:37:09:54:e6:b0:a4:3e:bd:29:73:55:12:3b:34:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
GetProcAddress
GetModuleHandleA
lstrcmpiA
IsDBCSLeadByte
RaiseException
SizeofResource
LoadLibraryExA
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
lstrcmpA
lstrcpynA
EnterCriticalSection
lstrcatA
CreateProcessA
CloseHandle
GetStringTypeW
LCMapStringW
RtlUnwind
LoadLibraryW
FindResourceA
FreeLibrary
LoadResource
MultiByteToWideChar
lstrlenA
GetLastError
WideCharToMultiByte
lstrcpyA
lstrlenW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
Sleep
HeapSize
HeapReAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage

user32

FindWindowExA
GetWindowLongA
GetWindowRect
ShowWindow
IsWindowVisible
GetClassNameA
EnumChildWindows
CharNextA
wsprintfA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA
RegDeleteValueA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VarBstrCat
SysStringByteLen
VarBstrCmp
SysAllocString
SysStringLen
SysAllocStringLen
DispCallFunc
VarUI4FromStr
VariantInit
SysFreeString
VariantClear
SysAllocStringByteLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LaunchIE

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/T8EXTPEX.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

e056937ad921400a0e29fa26aedd54ac

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:b5:47:dd:21:43:3b:e0:96:8c:42:16:3e:cb:f3:08:38:bc:aa:02
Signer

Actual PE Digest

0b:b5:47:dd:21:43:3b:e0:96:8c:42:16:3e:cb:f3:08:38:bc:aa:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameW
FreeLibrary
lstrcmpiA
MultiByteToWideChar
IsDBCSLeadByte
RaiseException
SizeofResource
GetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetUserDefaultLangID
lstrcmpA
OpenProcess
CloseHandle
lstrcpynA
lstrlenW
WriteFile
SetLastError
LoadLibraryW
RtlUnwind
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcatA
lstrcpyA
GetProcAddress
GetModuleHandleA
lstrlenA
VerifyVersionInfoW
GetCurrentProcess
VerSetConditionMask
SetHandleCount
HeapReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapDestroy
HeapCreate
GetStdHandle
ExitProcess
HeapSize
Sleep
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
DecodePointer
EncodePointer

user32

IsWindow
IsWindowVisible
GetWindowThreadProcessId
GetParent
CharNextA
wsprintfA
FindWindowExA
EnumChildWindows
GetClassNameA

advapi32

RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantClear
VariantInit
SysAllocString
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

shlwapi

SHRegCloseUSKey
SHRegOpenUSKeyA
SHRegQueryUSValueA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/T8HTML.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

0c48c7d5d76a6e2192404b2bde8c7788

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:de:59:5d:f8:fc:61:b4:ea:33:f5:4d:8f:f2:7e:20:7d:f4:6f:ad
Signer

Actual PE Digest

62:de:59:5d:f8:fc:61:b4:ea:33:f5:4d:8f:f2:7e:20:7d:f4:6f:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

VirtualQuery
VirtualProtect
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LockResource
GetFileType
SetHandleCount
GetStringTypeW
LCMapStringW
RtlUnwind
Sleep
HeapSize
HeapReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapDestroy
HeapCreate
GetStdHandle
WriteFile
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
DecodePointer
EncodePointer
GetSystemInfo
InitializeCriticalSection
lstrcmpA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
lstrcmpiW
lstrcatA
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpiA
FlushFileBuffers
GetModuleHandleA
GetProcAddress
SizeofResource
LoadResource
GetLastError
FindResourceA
lstrcpyA
GetModuleFileNameA
lstrlenA
LoadLibraryExA
WriteConsoleW
CreateFileW
CloseHandle
GetStartupInfoW

user32

DestroyWindow
LoadImageA
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
CharNextA
SendMessageA
SetRectEmpty
SetWindowPos
GetClientRect
OffsetRect
SetRect
IntersectRect
UpdateWindow
SetWindowRgn
GetWindowRect
MapWindowPoints
UnregisterClassA
UnionRect
PtInRect
GetKeyState
wsprintfA
SetWindowLongW
GetWindowLongW
CallWindowProcW
DefWindowProcW
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
BeginPaint
EndPaint
RedrawWindow
InvalidateRect
FillRect
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
IsWindow
GetClassNameA
GetClassInfoExA
CreateWindowExA
CreateAcceleratorTableA
ClientToScreen
GetParent
ScreenToClient
SetCapture
ReleaseCapture
InvalidateRgn
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
LoadCursorA
RegisterClassExA
DrawTextA
LoadStringA
IsRectEmpty
CopyRect
SetCursor
GetSysColor
MoveWindow
ShowWindow
GetWindowRgn

advapi32

RegSetValueExA
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromCLSID
OleUninitialize
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
OleSaveToStream
WriteClassStm
ReadClassStm
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
OleInitialize
CLSIDFromString
CLSIDFromProgID

oleaut32

OleCreateFontIndirect
SysAllocStringByteLen
VariantClear
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
VariantChangeTypeEx
VarBstrCat
SysAllocStringLen
SysStringByteLen
SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantInit

gdi32

CreateRectRgnIndirect
CreateRoundRectRgn
OffsetRgn
GetStockObject
SetTextColor
SetBkColor
CombineRgn
CreateRectRgn
SetRectRgn
SelectObject
SetBkMode
ExtTextOutA
GetDeviceCaps
GetObjectA
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
TextOutA
SetTextAlign
CreateDIBSection
CreateBitmap
GetBitmapBits
ExtCreateRegion
DeleteObject

rpcrt4

UuidFromStringW
UuidFromStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/T8TICKER.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

6b931176f0abcefc1cbe35826e2142e6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:12:65:4b:c9:a3:17:3f:77:fd:47:3a:1c:cf:d7:cf:27:d1:21:05
Signer

Actual PE Digest

3f:12:65:4b:c9:a3:17:3f:77:fd:47:3a:1c:cf:d7:cf:27:d1:21:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
MultiByteToWideChar
lstrcpyW
OutputDebugStringW
lstrcmpiA
IsDBCSLeadByte
SizeofResource
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
LocalFree
CreateFileMappingA
MapViewOfFile
SetEvent
UnmapViewOfFile
WaitForMultipleObjects
lstrcpynA
GetNativeSystemInfo
WriteFile
SetThreadPriority
ResumeThread
CreateFileW
WriteConsoleW
SetStdHandle
GetTickCount
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetStringTypeW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
LCMapStringW
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
HeapReAlloc
ExitProcess
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FreeLibrary
WideCharToMultiByte
OutputDebugStringA
lstrcatA
VirtualProtect
VirtualQuery
RaiseException
FlushInstructionCache
lstrlenA
GetCurrentProcess
GetCurrentThreadId
SetLastError
GetLastError
GetModuleHandleW
lstrcmpA
GetCurrentProcessId
ResetEvent
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
CreateEventA
VerifyVersionInfoW
VerSetConditionMask
lstrcpyA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
CreateThread
ExitThread
GetCommandLineA
GetSystemInfo
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FlushFileBuffers

user32

DestroyWindow
SetWindowLongA
RegisterClassExA
GetClassInfoExA
PostMessageA
IsWindow
PeekMessageA
GetClassNameA
EnumWindows
GetWindowThreadProcessId
DefWindowProcW
GetKeyboardType
UnregisterClassA
DrawTextW
CharNextA
SetCursor
PtInRect
ScreenToClient
UpdateWindow
InvalidateRect
ScrollWindowEx
OffsetRect
IsRectEmpty
ReleaseDC
GetDC
wsprintfA
GetCursorPos
FillRect
CopyRect
GetSysColor
SetRectEmpty
EnumChildWindows
FindWindowExA
SetWindowLongW
GetWindowLongA
GetWindowLongW
CreateWindowExA
DefWindowProcA
CallWindowProcW
CallWindowProcA
LoadCursorA

gdi32

ExtTextOutW
SetTextColor
CreateFontIndirectA
SetTextAlign
SetBkColor
GetTextFaceA
GetTextExtentPoint32A
GetTextMetricsA
GetObjectA
DeleteDC
SetBkMode
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
RealizePalette
SelectPalette
CreateHalftonePalette
GetDeviceCaps
BitBlt

advapi32

RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA

ole32

CoTaskMemRealloc
CoGetCurrentProcess
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

VariantChangeTypeEx
SysFreeString
SysAllocStringLen
SysStringLen
VarBstrCat
VariantInit
SysAllocString
VariantClear

shlwapi

PathAppendA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/TPIManagerConsole.exe
.exe windows:5 windows x86 arch:x86

119a4d70e460e7844018a7e19ee66c38

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:0c:9b:19:6a:cc:18:32:a2:da:ab:92:72:32:cf:5d:74:d2:48:86
Signer

Actual PE Digest

aa:0c:9b:19:6a:cc:18:32:a2:da:ab:92:72:32:cf:5d:74:d2:48:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetModuleFileNameA
LoadLibraryA
FreeLibrary
InitializeCriticalSection
CreateEventA
CreateMutexA
DeleteCriticalSection
CloseHandle
EnterCriticalSection
LeaveCriticalSection
lstrcpyA
lstrcatA
MultiByteToWideChar
SetLastError
GetLastError
WriteFile
RtlUnwind
LoadLibraryW
lstrlenA
LocalFree
GetModuleHandleA
GetProcAddress
GetStringTypeW
RaiseException
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
EncodePointer
DecodePointer
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
GetModuleHandleW
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameW
HeapCreate
IsProcessorFeaturePresent
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount

ole32

CoUninitialize
CoInitializeEx

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

StrRChrA

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/ToolbarGuard.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0b5209367887999df6690d61712d9908

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:d1:a9:95:07:90:21:8a:d2:9e:25:74:49:09:b6:68:9e:f5:4a:b9
Signer

Actual PE Digest

b7:d1:a9:95:07:90:21:8a:d2:9e:25:74:49:09:b6:68:9e:f5:4a:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForMultipleObjects
FreeLibrary
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
lstrcpyW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SetLastError
SetEvent
LoadLibraryW
CreateEventW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
InitializeSListHead
GetThreadTimes
LoadLibraryA
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
VerSetConditionMask
DecodePointer
Sleep
OutputDebugStringA
QueryPerformanceCounter
lstrlenA
OutputDebugStringW
SwitchToThread
GetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
CreateProcessW
WaitForMultipleObjectsEx
GetPrivateProfileSectionW
CreateFileW
WriteFile
GetModuleHandleExW
LockResource
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
GetStdHandle
GetLocaleInfoW
HeapCreate
HeapDestroy
HeapReAlloc
TlsFree
GetCurrentThread
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
ReadFile
FlushFileBuffers
WaitForSingleObject
OpenEventA
CreateEventA
ResetEvent
LocalAlloc
VerifyVersionInfoW
GetLastError
GetProcAddress
GetModuleHandleW
EncodePointer
GetTickCount

user32

CharNextW
PeekMessageW
RegisterClassExW
GetClassInfoExW
MsgWaitForMultipleObjectsEx
UnregisterClassA
LoadCursorW
DefWindowProcW
SetWindowLongW
GetWindowLongW
PostQuitMessage
CallMsgFilterW
TranslateMessage
CreateWindowExW
CallWindowProcW
DispatchMessageW

advapi32

OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetCurrentLogicalThreadId
CoCreateInstance

oleaut32

VarUI4FromStr

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathAppendW
PathFindFileNameW
PathRemoveFileSpecW

userenv

UnloadUserProfile

Exports

Exports

ApisToHook
DllRegisterServer
DllUnregisterServer
GetHookedListener
ProcessesToInject
SetupForAppIntegrator
SetupForInjectedProcess

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/ToolbarGuard64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

8b264d2895e925fd7842c772bdb877e7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d6:06:29:43:6b:67:0a:5d:84:85:28:21:20:9c:d3:09:6d:96:ef:cc
Signer

Actual PE Digest

d6:06:29:43:6b:67:0a:5d:84:85:28:21:20:9c:d3:09:6d:96:ef:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventW
LoadLibraryW
SetEvent
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
OutputDebugStringA
QueryPerformanceCounter
SetLastError
lstrlenA
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
GetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetModuleFileNameW
GetCurrentProcess
GetPrivateProfileSectionW
CreateFileW
WriteFile
GetModuleHandleExW
LoadLibraryExW
FindResourceW
LoadResource
LockResource
FreeLibrary
HeapFree
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount
HeapAlloc
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSize
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
ReadFile
FlushFileBuffers
GetProcessHeap
TlsFree
WaitForSingleObject
OpenEventA
CreateEventA
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
VerSetConditionMask
VerifyVersionInfoW
GetLastError
GetProcAddress
RtlUnwindEx
GetModuleHandleW
LocalAlloc
LoadLibraryA
GetThreadTimes
InitializeSListHead

advapi32

RegSetValueExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ole32

CoGetCurrentLogicalThreadId
CoTaskMemFree

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathAppendW

userenv

UnloadUserProfile

Exports

Exports

ApisToHook
DllRegisterServer
DllUnregisterServer
GetHookedListener
ProcessesToInject
SetupForAppIntegrator
SetupForInjectedProcess

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/Verify.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8a8fd21d2164b2d542bf2d6ac8563c71

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:21:e4:19:83:ce:d3:92:28:c8:c8:1a:be:06:9d:6d:4e:21:00:7c
Signer

Actual PE Digest

cc:21:e4:19:83:ce:d3:92:28:c8:c8:1a:be:06:9d:6d:4e:21:00:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
SetFilePointer
GetFileSize
CloseHandle
LCMapStringW
RtlUnwind
LoadLibraryW
CreateFileW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
MultiByteToWideChar
lstrlenA
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DeleteCriticalSection
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetStringTypeW
HeapAlloc
WriteFile
GetStdHandle
GetModuleFileNameW
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc

ole32

CoCreateInstance

oleaut32

SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

wintrust

WinVerifyTrust

crypt32

CertFindCertificateInStore
CryptQueryObject
CryptVerifyMessageSignature
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToDecode
CertNameToStrW
CryptMsgClose
CertFreeCertificateContext
CertCloseStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/assists/Apa/Bar/assist.exe
.exe windows:5 windows x86 arch:x86

0f81c64e08c1893e6c76149b62379e60

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:bd:73:24:5c:a1:fb:4f:e6:aa:30:24:96:81:bf:1e:50:cd:06:95
Signer

Actual PE Digest

1f:bd:73:24:5c:a1:fb:4f:e6:aa:30:24:96:81:bf:1e:50:cd:06:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

AccessibleObjectFromEvent

wininet

HttpSendRequestW
InternetOpenW
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetCrackUrlW
HttpOpenRequestW
InternetConnectW

kernel32

lstrlenA
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
lstrcpyA
LoadLibraryExA
Sleep
InitializeSListHead
GetThreadTimes
InitializeCriticalSectionAndSpinCount
GetLastError
GetCommandLineW
GetModuleHandleW
SetEvent
RaiseException
DeleteCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
IsValidCodePage
GetModuleHandleExW
GetPrivateProfileSectionW
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
SwitchToThread
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
CloseHandle
GetCurrentProcessId
HeapFree
HeapSetInformation
GetStartupInfoW
RtlUnwind
HeapAlloc
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetProcAddress
ExitProcess
IsProcessorFeaturePresent
GetACP
GetOEMCP
TlsFree
GetCurrentThread
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTickCount
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
FreeLibrary
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
LoadLibraryExW
FindResourceW
WaitForSingleObject

user32

SetWinEventHook
CreateWindowExW
CharUpperW
CharNextW
DestroyWindow
PostQuitMessage
GetClassNameW
EnumChildWindows
PostThreadMessageW
UnhookWinEvent
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
GetWindowThreadProcessId

ole32

CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoRevokeClassObject
CoCreateInstance
CoTaskMemFree
CoGetCurrentLogicalThreadId
CoInitialize

oleaut32

SysFreeString
VariantClear
VariantInit
SysStringLen
SysAllocString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile

advapi32

OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount

shell32

SHGetKnownFolderPath
SHGetFolderPathW

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFindFileNameW

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/assists/Apa/Bar/config.xml
.xml
$_21_/assists/Apa/Dialog/assist.exe
.exe windows:5 windows x86 arch:x86

b1b99ff7e5646e2ec9fffca73040ab3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:db:50:16:03:b3:b7:b5:fb:6d:ac:03:8f:4a:51:11:6c:cb:6c:b6
Signer

Actual PE Digest

e9:db:50:16:03:b3:b7:b5:fb:6d:ac:03:8f:4a:51:11:6c:cb:6c:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetCrackUrlW

kernel32

lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
lstrcpyA
LoadLibraryExA
LoadLibraryW
FreeLibrary
lstrlenA
Sleep
InitializeCriticalSectionAndSpinCount
GetCommandLineW
SetEvent
RaiseException
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
CreateEventW
GetLastError
InitializeSListHead
GetThreadTimes
GetModuleHandleW
GetProcAddress
HeapReAlloc
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
SwitchToThread
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetTickCount
WaitForMultipleObjectsEx
GetModuleFileNameW
GetCurrentProcess
GetPrivateProfileSectionW
CreateFileW
WriteFile
GetModuleHandleExW
HeapFree
HeapSetInformation
GetStartupInfoW
RtlUnwind
HeapAlloc
GetCPInfo
LCMapStringW
CompareStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsFree
GetCurrentThread
HeapCreate
GetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
LoadLibraryExW
FindResourceW

user32

CharNextW
SetWinEventHook
DispatchMessageW
TranslateMessage
CallMsgFilterW
IsWindow
DestroyWindow
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
GetWindowThreadProcessId
PostQuitMessage
GetClassNameW
UnhookWinEvent
PostThreadMessageW
CharUpperW
EnumChildWindows

advapi32

OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
RegEnumKeyW
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation

ole32

CoReleaseServerProcess
CoInitialize
CoUninitialize
CoRevokeClassObject
CoCreateInstance
CoTaskMemFree
CoGetCurrentLogicalThreadId
CoAddRefServerProcess

oleaut32

VariantCopy
SysAllocString
VariantClear
SysStringLen
SysFreeString

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
UrlEscapeW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

UnloadUserProfile

oleacc

AccessibleChildren
AccessibleObjectFromWindow

shell32

SHGetFolderPathW
SHGetKnownFolderPath

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/assists/Apa/Dialog/config.xml
.xml
$_21_/assists/Apa/arbiter.dll
.dll windows:5 windows x86 arch:x86

225c092cdec42a653c50261fc25a394a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:6b:f3:33:eb:5a:41:4a:4c:83:c0:e4:77:7a:bb:9f:50:2d:af:f1
Signer

Actual PE Digest

0d:6b:f3:33:eb:5a:41:4a:4c:83:c0:e4:77:7a:bb:9f:50:2d:af:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
CloseHandle
CreateMutexW
GetLastError
lstrcpyW
WaitForSingleObject
lstrcmpW
ReleaseMutex

user32

wsprintfW

ole32

StringFromGUID2
CoTaskMemAlloc
CoCreateGuid

Exports

Exports

GetCommandLineArguments
Initialize
Shutdown
TryLock
Unlock

Sections

.text
Size: 512B - Virtual size: 378B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 857B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/assists/Apa/arbiter64.dll
.dll windows:5 windows x64 arch:x64

225c092cdec42a653c50261fc25a394a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:e5:af:ba:7a:e5:59:ba:f3:4d:59:2c:7f:17:0a:bd:4a:3c:2a:ca
Signer

Actual PE Digest

86:e5:af:ba:7a:e5:59:ba:f3:4d:59:2c:7f:17:0a:bd:4a:3c:2a:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
CloseHandle
CreateMutexW
GetLastError
lstrcpyW
WaitForSingleObject
lstrcmpW
ReleaseMutex

user32

wsprintfW

ole32

StringFromGUID2
CoTaskMemAlloc
CoCreateGuid

Exports

Exports

GetCommandLineArguments
Initialize
Shutdown
TryLock
Unlock

Sections

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_21_/assists/ie_default_search_provider/arbiter.dll
.dll windows:5 windows x86 arch:x86

50027cb784e3d4798c3c9eeb4c162425

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:e1:56:09:f8:40:a5:db:b2:46:73:59:89:98:08:72:d3:c1:af:47
Signer

Actual PE Digest

69:e1:56:09:f8:40:a5:db:b2:46:73:59:89:98:08:72:d3:c1:af:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueW
PathAppendW

kernel32

CreateThread
SetEvent
WaitForSingleObject
CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
CreateEventW
CreateMutexW
GetLastError
GetProcAddress
GetModuleHandleW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpiW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
SetLastError

advapi32

RegQueryValueExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey

Exports

Exports

Initialize
Shutdown
TryLock
Unlock

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/assists/ie_default_search_provider/arbiter64.dll
.dll windows:5 windows x64 arch:x64

50027cb784e3d4798c3c9eeb4c162425

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:fb:6a:e3:3d:a0:74:c7:e7:bc:43:0d:c1:53:26:c0:41:cb:b7:84
Signer

Actual PE Digest

76:fb:6a:e3:3d:a0:74:c7:e7:bc:43:0d:c1:53:26:c0:41:cb:b7:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueW
PathAppendW

kernel32

CreateThread
SetEvent
WaitForSingleObject
CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
CreateEventW
CreateMutexW
GetLastError
GetProcAddress
GetModuleHandleW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpiW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
SetLastError

advapi32

RegQueryValueExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey

Exports

Exports

Initialize
Shutdown
TryLock
Unlock

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/assists/ie_default_search_provider/assist.exe
.exe windows:5 windows x86 arch:x86

89cff1af588d842a8846a70eb59a9f00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:ae:0f:fd:ad:2d:d6:96:3e:c2:a8:0b:e0:67:9a:48:af:a8:46:c5
Signer

Actual PE Digest

61:ae:0f:fd:ad:2d:d6:96:3e:c2:a8:0b:e0:67:9a:48:af:a8:46:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

AccessibleObjectFromEvent

kernel32

MulDiv
lstrcmpW
lstrlenA
MultiByteToWideChar
SizeofResource
FindResourceExW
VerifyVersionInfoW
VerSetConditionMask
GlobalHandle
DeleteCriticalSection
SetEvent
GetCommandLineW
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
LCMapStringW
WriteConsoleW
SetStdHandle
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
LoadLibraryW
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
FlushInstructionCache
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
GetStdHandle
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
EncodePointer
DecodePointer
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualProtect
WriteFile
CreateFileW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetCurrentProcess
SetLastError
GetCurrentThreadId
lstrlenW
GlobalFree
RaiseException
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GetLastError
GlobalAlloc
WaitForSingleObject
GetProcAddress
GetModuleHandleW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InterlockedCompareExchange
GetTickCount
InterlockedPushEntrySList
GetProcessHeap
HeapFree

user32

SendMessageW
SetWindowRgn
ShowWindow
GetWindowRect
PostMessageW
SetWindowPos
GetWindowThreadProcessId
PostQuitMessage
BeginPaint
GetDlgItem
SetDlgItemTextW
SetRect
PeekMessageW
SetWinEventHook
SetForegroundWindow
GetClientRect
GetWindowLongW
ScreenToClient
FindWindowExW
IsWindow
GetParent
GetWindowTextW
MapDialogRect
DestroyWindow
GetWindow
SetWindowContextHelpId
GetMessageW
TranslateMessage
DispatchMessageW
SendDlgItemMessageW
CreateWindowExW
UnhookWinEvent
RegisterClassExW
LoadCursorW
DefWindowProcW
SetWindowLongW
PostThreadMessageW
CreateDialogIndirectParamW
CharUpperW
EndDialog
RegisterWindowMessageW
GetWindowTextLengthW
SetWindowTextW
UnregisterClassA
EndPaint
IsChild
GetFocus
SetFocus
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
GetClassInfoExW
CreateAcceleratorTableW
ClientToScreen
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable

gdi32

CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CreateFontIndirectW
GetDIBColorTable
StretchBlt
GetStockObject
SetBkMode
CreateDIBSection
GetObjectW
CreateCompatibleDC
SetDIBColorTable
SelectObject
DeleteDC
CombineRgn
CreateRectRgn
DeleteObject
CreateSolidBrush

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoInitializeEx
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoReleaseServerProcess
CoAddRefServerProcess
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysStringLen

shlwapi

PathAppendW
StrStrW
PathFindFileNameW

gdiplus

GdipCreateBitmapFromScan0
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneImage
GdiplusShutdown

msimg32

TransparentBlt
AlphaBlend

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/assists/ie_default_search_provider/config.xml
.xml
$_21_/assists/ie_enable/arbiter.dll
.dll windows:5 windows x86 arch:x86

e0e80d885051f64e4a1d9a750377f098

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:76:59:51:1d:7a:21:70:b7:7c:f2:b7:11:5b:d9:a5:c1:1e:22:d9
Signer

Actual PE Digest

01:76:59:51:1d:7a:21:70:b7:7c:f2:b7:11:5b:d9:a5:c1:1e:22:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

Initialize
Shutdown
TryLock
Unlock

Sections

.text
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/assists/ie_enable/arbiter64.dll
.dll windows:5 windows x64 arch:x64

e0e80d885051f64e4a1d9a750377f098

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:ea:e0:34:fd:23:54:d1:37:a7:fd:b7:29:b2:a5:f4:23:98:88:bc
Signer

Actual PE Digest

6c:ea:e0:34:fd:23:54:d1:37:a7:fd:b7:29:b2:a5:f4:23:98:88:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

Initialize
Shutdown
TryLock
Unlock

Sections

.text
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 617B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_21_/assists/ie_enable/config.xml
$_21_/logo.bmp
$_21_/t8EPMSup.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d5da619f105d668b9c6b8c60340c1e58

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:23:35:a5:79:9d:5e:4f:2a:1d:0f:37:cc:3a:81:c9:e6:d8:42:11
Signer

Actual PE Digest

f0:23:35:a5:79:9d:5e:4f:2a:1d:0f:37:cc:3a:81:c9:e6:d8:42:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
WideCharToMultiByte
WaitForSingleObject
GetCurrentProcess
CloseHandle
MultiByteToWideChar
RaiseException
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
LoadLibraryW
LocalFree
LocalAlloc
Sleep
CreateDirectoryA
SetLastError
GetShortPathNameA
FreeLibrary
DeleteCriticalSection
GetLastError
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcatA
lstrcpyA
GetProcAddress
GetModuleHandleA
lstrlenA
FlushFileBuffers
VerifyVersionInfoW
VerSetConditionMask
SetStdHandle
WriteConsoleW
CreateFileW
WriteFile
HeapReAlloc
RtlUnwind
GetStringTypeW
LCMapStringW
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetModuleHandleW
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue

user32

wsprintfA

advapi32

QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegEnumKeyA
RegOpenKeyA
FreeSid
SetNamedSecurityInfoA
CopySid
EqualSid
AddAce
GetAce
InitializeAcl
GetLengthSid
ConvertStringSidToSidA
GetAclInformation
GetNamedSecurityInfoA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shlwapi

SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegCreateUSKeyA
SHRegWriteUSValueA
SHRegQueryUSValueA
SHRegOpenUSKeyA

Exports

Exports

DllRegisterServer
DllUnregisterServer
S

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_21_/t8Res.dll
.dll .js windows:5 windows x86 arch:x86 polyglot

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:90:3e:d7:ff:14:a7:cd:4d:1f:ff:84:17:df:75:c9:8e:2e:a4:42
Signer

Actual PE Digest

08:90:3e:d7:ff:14:a7:cd:4d:1f:ff:84:17:df:75:c9:8e:2e:a4:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Message/common.t8s
.js
assists/common.t8s
.js
gen1/common.t8s
.js

Sharing

General

Malware Config

Signatures

Files

e221f4f7d36469d53810a4b5f9fc8966

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

64:2e:b9:de:c0:85:d1:84:c7:09:a1:1e:ef:68:4b:51:8a:ff:b0:51Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 132KB

.rsrc Size: 17KB - Virtual size: 16KB

b233fd95d297fbba0563f3f6eae042e0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 835B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 578B

58da96f4c774d946620f1d9e7be93b20

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5Certificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

64:2e:b9:de:c0:85:d1:84:c7:09:a1:1e:ef:68:4b:51:8a:ff:b0:51
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 132KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 578B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b9:83:fd:ff:6d:93:ed:d0:70:9f:a8:c5:35:f9:04:ba:64:50:ae:33
Signer

.text
Size: 126KB - Virtual size: 126KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

87:4e:62:21:b9:5c:64:50:23:1c:43:7a:85:29:54:f2:fc:25:dc:a3
Signer

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate