wps[.]vba[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

wps.vba.exe
Size

8.4MB
MD5

327b28fdf771a5c5d4aade543a9e4442
SHA1

ca56888cfeb68bd7e6394a31472e916ef86276b8
SHA256

51fd8e8d84fac2b192becff116170299ffeae2c1887421841e6f90c7192e63cb
SHA512

767bc7b0fa3859b7c6b9380d65b0865c7b9c9130de736c71e3489273096158fe882baf96917f009dc3f095ad3538e4d6c917538d722be0203307ffd8a2b8bc3e
SSDEEP

196608:TFtudMxvH29UG0tOZUA1omGXDiT3cGnW9PhP8NK4jUQGEXF5l7RPr4GP7Vjl27:THudMhi0tOuMuDiT3zW9P5UK4j5vxRP2

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
wps.vba.exe
unpack001/$COMMONFILES/Microsoft Shared/VBA/VBA7/$COMMONFILES/Microsoft Shared/VBA/uninst.exe
unpack001/$COMMONFILES/Microsoft Shared/VBA/VBA7/1033/VBE7INTL.DLL
unpack001/$COMMONFILES/Microsoft Shared/VBA/VBA7/VBE6EXT.OLB
unpack001/$PLUGINSDIR/InstallOptions.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$COMMONFILES/Microsoft Shared/VBA/VBA7/$COMMONFILES/Microsoft Shared/VBA/uninst.exe	nsis_installer_1
static1/unpack001/$COMMONFILES/Microsoft Shared/VBA/VBA7/$COMMONFILES/Microsoft Shared/VBA/uninst.exe	nsis_installer_2

Files

wps.vba.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Microsoft Shared/Office10/1033/MSOINTL.DLL
.dll windows:4 windows x86 arch:x86

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Microsoft Shared/Office10/2052/msointl.dll
.dll windows:4 windows x86 arch:x86

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Microsoft Shared/Office10/MSO.DLL
.dll windows:4 windows x86 arch:x86

40ed62e50ea37173a91b7578a842008a

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
GetCurrentHwProfileA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegQueryInfoKeyA
GetUserNameA
RegEnumValueA
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatus
StartServiceW
ChangeServiceConfigW
ControlService
RegQueryValueW
RegQueryValueA
RegDeleteKeyA
CryptGenRandom
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyA
RegCreateKeyW
RegEnumKeyA
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
SetFileSecurityA
SetFileSecurityW
GetFileSecurityA
GetFileSecurityW
GetUserNameW
DeregisterEventSource
CloseEventLog
ReportEventA
RegisterEventSourceA
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

gdi32

GetTextAlign
SetTextColor
SelectObject
SetTextAlign
GetMetaFileBitsEx
GetEnhMetaFileBits
DeleteMetaFile
SetMetaFileBitsEx
DeleteEnhMetaFile
SetEnhMetaFileBits
GetBkColor
CreatePen
DeleteObject
CreateSolidBrush
SelectPalette
LineTo
MoveToEx
SetROP2
Rectangle
Polyline
CreateBrushIndirect
GetStockObject
PolyBezier
GetROP2
GetDeviceCaps
CloseMetaFile
CloseEnhMetaFile
CreateMetaFileA
CreateEnhMetaFileA
DeleteDC
CreateCompatibleDC
RealizePalette
GetObjectA
GetTextMetricsA
SetBkMode
GetBkMode
GetCurrentObject
IntersectClipRect
SetViewportOrgEx
GetViewportOrgEx
OffsetRgn
Ellipse
GetTextColor
EnumEnhMetaFile
GetEnhMetaFileHeader
PlayEnhMetaFileRecord
SetBkColor
LPtoDP
GetArcDirection
StretchDIBits
GetObjectType
DPtoLP
GetEnhMetaFilePaletteEntries
RestoreDC
EnumMetaFile
PlayMetaFileRecord
GetPaletteEntries
GetTextExtentPoint32A
CreateFontIndirectA
SetDIBitsToDevice
BitBlt
SelectClipRgn
CreateRectRgn
CreateDIBPatternBrushPt
GetNearestColor
CreateHatchBrush
CreateCompatibleBitmap
Polygon
UnrealizeObject
CreateBitmap
EqualRgn
CombineRgn
SetRectRgn
GetRgnBox
CreateRectRgnIndirect
FillRgn
OffsetClipRgn
ExtSelectClipRgn
PatBlt
CreateDIBSection
CopyEnhMetaFileA
CopyMetaFileA
ExtTextOutA
SaveDC
PaintRgn
CreatePolygonRgn
ExcludeClipRect
CreatePatternBrush
SetBrushOrgEx
LineDDA
SetStretchBltMode
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
GetBitmapBits
CreateFontA
EnumFontFamiliesExA
FrameRgn
CreateRoundRectRgn
SetTextJustification
RectVisible
CreateDIBitmap
CreatePalette
UpdateColors
CreateFontIndirectW
SetTextCharacterExtra
EnumFontFamiliesExW
GetNearestPaletteIndex
GdiFlush
GetPixel
GetDIBits
GetTextCharacterExtra
GetObjectW
GetMapMode
GdiComment
GetEnhMetaFileDescriptionW
GetEnhMetaFileDescriptionA
GetWinMetaFileBits
SetWinMetaFileBits
GetKerningPairsA
GetCharWidthA
GetGlyphOutlineA
GetGlyphOutlineW
GetCharABCWidthsA
EnumFontFamiliesA
GetSystemPaletteEntries
GetViewportExtEx
GetWindowExtEx
StrokePath
EndPath
BeginPath
PolyBezierTo
CloseFigure
GetClipBox
ExtEscape
ExtCreatePen
PolyPolygon
SetDIBColorTable
GetDIBColorTable
Escape
CreateHalftonePalette
GetSystemPaletteUse
OffsetViewportOrgEx
GetTextCharset
StretchBlt
SetDIBits
GetTextExtentPointA
GetTextCharsetInfo
GetTextFaceA
GetTextFaceW
GetOutlineTextMetricsA
GetDCOrgEx
GetClipRgn
GetFontData
GetTextMetricsW
ExtTextOutW
GetCharWidthW
GetTextExtentPoint32W
GetTextExtentExPointA
TranslateCharsetInfo
GetTextExtentExPointW
CreateMetaFileW
CopyMetaFileW
GetMetaFileA
GetMetaFileW
CreateEnhMetaFileW
CopyEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileW
EnumFontFamiliesW
CreateDCA
CreateDCW
ResetDCA
ResetDCW
StartDocA
StartDocW
CreateICA
CreateICW
GetWindowOrgEx
SetPolyFillMode
GetPolyFillMode
RectInRegion
TextOutA
GetRandomRgn
SetMetaRgn
PlayMetaFile
SetWorldTransform
SetGraphicsMode
SetBitmapBits
ExtCreateRegion
ModifyWorldTransform
SetMiterLimit
PolylineTo
CreatePenIndirect
GetWorldTransform
GetGraphicsMode
SelectClipPath
FillPath
StrokeAndFillPath
PolyPolyline
PlayEnhMetaFile
SetMapperFlags
CombineTransform
ScaleWindowExtEx
ScaleViewportExtEx
SetICMMode
GetRegionData
PlgBlt
ResizePalette
SetPaletteEntries
Arc
Chord
Pie
PolyDraw
RoundRect
AngleArc
WidenPath
FlattenPath
AbortPath
GetPath
SetArcDirection
GetCurrentPositionEx
ArcTo

kernel32

SetFileAttributesA
GetDriveTypeA
GetLogicalDriveStringsA
FreeLibrary
GetProcAddress
LoadLibraryA
ResumeThread
SetThreadAffinityMask
GetProcessAffinityMask
GetSystemInfo
HeapDestroy
GlobalMemoryStatus
lstrlenA
CopyFileA
lstrcpyA
SetFilePointer
InterlockedExchange
MultiByteToWideChar
GetModuleFileNameA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
HeapCreate
Sleep
CreateEventA
SetEvent
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
GetCurrentProcessId
CreateMutexA
VirtualAlloc
GlobalSize
ExitThread
SetThreadPriority
MulDiv
IsDBCSLeadByteEx
GetSystemDefaultLangID
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcmpA
GetVersionExA
GetUserDefaultLCID
IsDBCSLeadByte
SetUnhandledExceptionFilter
DeleteFileW
ResetEvent
SizeofResource
InitializeCriticalSection
LockResource
FreeResource
FindResourceA
SetProcessWorkingSetSize
DuplicateHandle
OpenProcess
SetEndOfFile
GetFileAttributesA
FindFirstFileA
FindNextFileA
CreateDirectoryA
GetUserDefaultLangID
MoveFileA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProfileStringA
GetPrivateProfileSectionA
GetShortPathNameA
GetWindowsDirectoryA
GetFileTime
CreateProcessA
CreateProcessW
OpenEventA
ExpandEnvironmentStringsW
LocalFileTimeToFileTime
TerminateThread
GetCurrentThreadId
GetSystemDefaultLCID
FindNextChangeNotification
FindCloseChangeNotification
IsBadWritePtr
GetProfileIntA
_lclose
_lread
_lopen
GetProfileStringW
SetFileTime
SearchPathA
lstrcpynA
LocalUnlock
LocalLock
GetThreadPriority
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore
GlobalHandle
GetLocaleInfoW
GetLocaleInfoA
WaitForMultipleObjects
OpenFileMappingA
_lcreat
_lwrite
CreateFileW
LoadResource
GetCurrentProcess
GlobalReAlloc
_llseek
GetWindowsDirectoryW
FileTimeToDosDateTime
CompareStringW
CompareStringA
IsBadReadPtr
TlsGetValue
SetErrorMode
DosDateTimeToFileTime
GetDateFormatW
GetDateFormatA
GetTimeFormatW
GetTimeFormatA
TlsFree
TlsAlloc
WritePrivateProfileStringW
WritePrivateProfileStringA
SetFileAttributesW
GetFileAttributesW
CreateDirectoryExW
CreateDirectoryExA
GetDriveTypeW
GetLogicalDrives
PulseEvent
GetVersion
FindFirstChangeNotificationW
FindFirstChangeNotificationA
TlsSetValue
IsValidCodePage
GetPrivateProfileIntA
VirtualFree
VirtualQuery
GetEnvironmentVariableA
GetCommandLineA
GlobalFlags
RaiseException
FormatMessageA
FormatMessageW
GetOEMCP
FindAtomA
AddAtomA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetVolumeInformationA
GetVolumeInformationW
GetPrivateProfileStringW
WriteProfileStringA
WriteProfileStringW
GetPrivateProfileIntW
GetProfileIntW
GetPrivateProfileSectionW
lstrcmpW
GetComputerNameW
GetCurrentDirectoryW
GetCurrentDirectoryA
CreateDirectoryW
FindResourceW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
RemoveDirectoryA
GetModuleHandleW
GetModuleFileNameW
CopyFileW
LoadLibraryExA
LoadLibraryExW
GetTempPathW
GetShortPathNameW
MoveFileExW
LoadLibraryW
SetCurrentDirectoryW
SetCurrentDirectoryA
GetTempFileNameW
GetFullPathNameW
GetFullPathNameA
IsValidLocale
GetSystemDirectoryA
GetSystemDirectoryW
GetEnvironmentVariableW
MoveFileW
SearchPathW
GlobalAddAtomA
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GlobalGetAtomNameA
GlobalGetAtomNameW
ExpandEnvironmentStringsA
EnumTimeFormatsA
EnumDateFormatsA
EnumTimeFormatsW
EnumDateFormatsW
EnumCalendarInfoA
SuspendThread
SetThreadContext
VirtualProtect
GetThreadContext
ExitProcess
OpenFile
lstrcatA
lstrcmpiA
GetStartupInfoA
TerminateProcess
OpenMutexA
GetModuleHandleA
GetLocalTime
FileTimeToSystemTime
GetTickCount
GetSystemTimeAsFileTime
OutputDebugStringA
FileTimeToLocalFileTime
FindClose
CompareFileTime
GetTempPathA
GetTempFileNameA
CreateFileA
WaitForSingleObject
GetExitCodeThread
GetSystemTime
SystemTimeToFileTime
DeleteFileA
GetACP
WideCharToMultiByte
HeapReAlloc
LocalAlloc
LocalFree
GetFileSize
ReadFile
CloseHandle
SetLastError
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
lstrlenW
InterlockedDecrement
InterlockedIncrement
LCMapStringW
LCMapStringA
CreateThread
WriteFile
GetComputerNameA
lstrcatW
DeviceIoControl
RtlUnwind
LocalReAlloc
ConvertDefaultLocale
QueryPerformanceCounter
CreateFileMappingW
GetProfileSectionA
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers

ole32

WriteClassStg
CoCreateGuid
CoTaskMemRealloc
OleGetIconOfClass
CreateItemMoniker
GetRunningObjectTable
PropVariantClear
PropVariantCopy
OleUninitialize
OleInitialize
CLSIDFromString
OleSaveToStream
GetClassFile
ReadClassStg
WriteClassStm
CoDisconnectObject
CoGetClassObject
CoFreeUnusedLibraries
StringFromCLSID
CoGetMalloc
OleLoadFromStream
ReadClassStm
ProgIDFromCLSID
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
StgCreateDocfile
CreateStreamOnHGlobal
CoUninitialize
OleSetClipboard
OleGetClipboard
GetHGlobalFromStream
ReleaseStgMedium
OleIsCurrentClipboard
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StgIsStorageFile
StgOpenStorage
StringFromGUID2
DoDragDrop
RevokeDragDrop
RegisterDragDrop
IIDFromString
OleSave
StgCreateDocfileOnILockBytes
OleDraw
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CreateFileMoniker
CoFileTimeNow
StringFromIID
GetHGlobalFromILockBytes
CLSIDFromProgID
CreateBindCtx

user32

CharLowerA
EndDialog
SendDlgItemMessageW
GetDCEx
GetDesktopWindow
wsprintfA
BroadcastSystemMessageA
MessageBoxA
MessageBoxW
GetParent
IsWindow
GetActiveWindow
SendMessageA
PostMessageA
EnableWindow
SetFocus
ShowWindow
GetKeyState
GetClientRect
CreateWindowExA
UpdateWindow
DestroyWindow
wvsprintfA
UnregisterClassA
FindWindowA
KillTimer
SetTimer
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassA
DefWindowProcA
PtInRect
SetActiveWindow
ClientToScreen
SetCursor
LoadCursorA
GetSysColor
GetDC
ReleaseDC
InvalidateRect
PeekMessageA
LoadImageA
DestroyIcon
RegisterWindowMessageA
GetWindowThreadProcessId
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatA
SendMessageTimeoutA
EnumWindows
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
CountClipboardFormats
GetWindow
SetWindowPos
IsWindowVisible
SetWindowLongA
EndPaint
BeginPaint
FillRect
MapWindowPoints
GetWindowLongA
GetWindowRect
GetFocus
UnionRect
SetRect
EqualRect
OffsetRect
InflateRect
SetRectEmpty
CopyRect
FrameRect
GetSysColorBrush
SetCaretPos
CreateCaret
EnumClipboardFormats
MessageBeep
IntersectRect
DrawFocusRect
DestroyCaret
ClipCursor
SetScrollRange
SetScrollPos
EnableScrollBar
WindowFromPoint
GetCursorPos
SetCapture
ReleaseCapture
ScreenToClient
GetDoubleClickTime
GetClipboardData
IsClipboardFormatAvailable
GetOpenClipboardWindow
GetSystemMetrics
ShowCursor
GetMessagePos
DrawTextA
DrawFrameControl
IsWindowEnabled
GetTopWindow
RegisterClassExA
DrawIconEx
GetLastActivePopup
GetDlgItem
GetScrollPos
IsDialogMessageA
MoveWindow
DestroyMenu
TrackPopupMenu
CreatePopupMenu
GetClassNameA
ChildWindowFromPoint
AppendMenuA
CallWindowProcA
wsprintfW
LoadIconA
GetUpdateRect
ExitWindowsEx
SendDlgItemMessageA
SetClassLongA
GetCursor
MsgWaitForMultipleObjects
SetWindowsHookExA
SetKeyboardState
GetKeyboardState
UnhookWindowsHookEx
MapVirtualKeyA
CallNextHookEx
SetForegroundWindow
GrayStringA
WaitMessage
GetForegroundWindow
OpenIcon
IsIconic
GetSystemMenu
CreateWindowExW
GetClassLongA
GetMenuItemCount
GetSubMenu
EnableMenuItem
AdjustWindowRect
PostQuitMessage
CopyImage
CreateIconIndirect
GetIconInfo
EnumChildWindows
PostThreadMessageA
CreateIconFromResourceEx
RegisterClassW
UnregisterClassW
GetClassNameW
CharLowerBuffA
DestroyCursor
LoadCursorW
CharUpperW
CharUpperA
CharLowerW
GetClipCursor
SystemParametersInfoA
RemoveMenu
GetMenuItemID
GetMenuState
DeleteMenu
RedrawWindow
LoadBitmapW
DrawMenuBar
GetAsyncKeyState
DrawIcon
GetClassInfoW
GetClassInfoA
IsChild
InvertRect
ModifyMenuW
GetQueueStatus
GetDialogBaseUnits
GetCapture
LoadBitmapA
GetWindowLongW
GetKeyboardLayout
GetWindowTextA
GetDlgCtrlID
SetWindowRgn
LockWindowUpdate
DdeDisconnect
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeClientTransaction
DdeFreeStringHandle
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
WindowFromDC
CharNextA
GetKeyboardLayoutList
CharPrevA
LoadStringA
LoadStringW
SetWindowLongW
IsWindowUnicode
GetClassLongW
DefWindowProcW
DialogBoxIndirectParamA
DialogBoxIndirectParamW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
SetWindowTextA
SetWindowTextW
GetWindowTextW
GetClipboardFormatNameA
GetClipboardFormatNameW
LookupIconIdFromDirectoryEx
LoadImageW
LoadMenuIndirectA
LoadMenuA
LoadMenuW
WinHelpA
IsRectEmpty
SetParent
DrawEdge
SetScrollInfo
ScrollWindow
SendMessageW
AppendMenuW
EnumThreadWindows
DispatchMessageW
PeekMessageW
InvalidateRgn
CallWindowProcW
SetWindowPlacement
GetWindowPlacement
ToAscii
VkKeyScanA
GetWindowTextLengthA
CreateMenu
IsMenu
IsCharAlphaNumericA
EndDeferWindowPos
GetWindowDC
ScrollWindowEx
GetMessageTime
VkKeyScanExA
SetMenuDefaultItem
DeferWindowPos
GetMenu
SetMenu
SetCursorPos
GetMenuItemRect
BeginDeferWindowPos
ReplyMessage
HiliteMenuItem
ModifyMenuA
GetMenuStringA
InsertMenuA
CopyIcon
IsDlgButtonChecked
FindWindowExA
CopyAcceleratorTableA
PostMessageW
InsertMenuW
keybd_event
CheckDlgButton
ShowScrollBar
MapDialogRect
SendNotifyMessageA
InSendMessage
AttachThreadInput
GetMenuCheckMarkDimensions

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetLCID
FInitSdm
MsoMakeCustomItem
MsoMakeFindFile
MsoVBADigSigCreateIndirectData
MsoVBADigSigGetSignedDataMsg
MsoVBADigSigIsMyTypeOfFile
MsoVBADigSigPutSignedDataMsg
MsoVBADigSigRemoveSignedDataMsg
MsoVBADigSigVerifyIndirectData
MsoWintrustFinalPolicy
OfficeSetHelpFilter
_MsoAlertWtz@12
_MsoAppendToPath@8
_MsoCbRegGetBufferSizeWz@4
_MsoCchLoadSz@16
_MsoCchSzLen@4
_MsoCchWzLen@4
_MsoChsFromLid@4
_MsoCompareStringA@24
_MsoCompareStringW@24
_MsoCpCchSzLenFromWz@8
_MsoCpgFromChs@4
_MsoCrCbvGetAccurate@12
_MsoCrashMainThread@4
_MsoCreateIOLDocFromWzPersistentName@12
_MsoDestroyIPref@4
_MsoDestroyITFC@4
_MsoDialogFontNameLid@8
_MsoDrawTextW@20
_MsoDwGimmeUserInstallBehavior@8
_MsoDwRegGetDw@4
_MsoExtTextOutW@32
_MsoFActivateControl@4
_MsoFAllocMemCore@12
_MsoFAnsiCodePageSupportsLCID@8
_MsoFCreateButtonEx@36
_MsoFCreateControl@36
_MsoFCreateIPref@28
_MsoFCreateITFC@16
_MsoFCreateITFCHwnd@20
_MsoFCreateITFCNoAssistant@16
_MsoFCreateStdComponentManager@20
_MsoFCreateToolbarSet@28
_MsoFDigitCh@4
_MsoFEnsureMsoTypelib@0
_MsoFExecWWWHelp@8
_MsoFFEWch@4
_MsoFGetButtonSize@0
_MsoFGetComponentManager@4
_MsoFGetFontSettings@20
_MsoFGetHelpFile@8
_MsoFGetHelpFileFromWz@8
_MsoFGetTbShowKbdShortcuts@0
_MsoFGetTextExtentPointW@16
_MsoFGetTooltips@0
_MsoFGimmeComponentEx@20
_MsoFGimmeFeatureEx@8
_MsoFGimmeFileEx@20
_MsoFHandledMessageNeeded@4
_MsoFIEPolicyAndVersion@8
_MsoFInitOffice@20
_MsoFLoadOsaSz@12
_MsoFLoadOsaWz@12
_MsoFLoadToolbarSet@24
_MsoFLongLoad@8
_MsoFLongSave@8
_MsoFMarkMemCore@8
_MsoFOrapiPrimeKeyCache@24
_MsoFPitbsFromHwndAndMsg@12
_MsoFPuncWch@4
_MsoFRegGetDwCore@8
_MsoFRegGetWzCore@12
_MsoFRegHookAppTables@16
_MsoFRegSetDw@8
_MsoFRegSetSz@8
_MsoFRegSetWz@8
_MsoFRgchEqual@20
_MsoFSetComponentManager@4
_MsoFSetHMsoinstOfSdm@4
_MsoFSetTooltips@4
_MsoFSpaceWch@4
_MsoFSzEqual@12
_MsoFUseIEFeature@8
_MsoFVBADigSigSignProject@24
_MsoFWebScriptingEnabled@0
_MsoFWndProc@24
_MsoFWndProcNeeded@4
_MsoFWzEqual@12
_MsoFreePv@4
_MsoGetFileAttributesW@4
_MsoGetInstallLcid@0
_MsoGetNewFileName@12
_MsoGetPublishingPlacesPidl@8
_MsoGetStringTypeExW@20
_MsoGetTextExtentExPointW@28
_MsoGetToolbarMetrics@4
_MsoGetUILcid@0
_MsoGetWWWCmdInfo@20
_MsoGimmeLocalizedLibrary@20
_MsoHpalOffice@0
_MsoHpalSelect@8
_MsoHrGetAppDataFolder@12
_MsoHrGetMyDocumentsFolder@4
_MsoHrLoadVBAStgFromHTML@8
_MsoHrOnNewProject@40
_MsoHrRegisterAll@0
_MsoHrSaveVBAStgAsHTML@12
_MsoHrSimpleQueryInterface2@20
_MsoHrSimpleQueryInterface@16
_MsoHrXInstall@12
_MsoHrXInstallEx@28
_MsoHtmlHelp@16
_MsoInitGimme@12
_MsoInitPluggableUI@0
_MsoInitShrGlobal@4
_MsoLoadStringW@16
_MsoMigrate@8
_MsoMultiByteToWideChar@24
_MsoOffice@8
_MsoPeekMessage@8
_MsoPvAllocCore@8
_MsoPwchStripAmpersandsWtz@4
_MsoPwchStripWtz@8
_MsoRegEnumValueW@28
_MsoRegOpenKeyExW@16
_MsoRegQueryValueExW@20
_MsoReleaseMemCore@4
_MsoRgchToRgwch@16
_MsoSendMessage@16
_MsoSetLVProperty@8
_MsoSetLocale@4
_MsoSetTbShowKbdShortcuts@4
_MsoSzAppend@8
_MsoSzCchCopy@12
_MsoSzCopy@8
_MsoSzIndex@8
_MsoSzIndexRight@8
_MsoSzMarkWzCore@4
_MsoSzStrStr@8
_MsoSzToWtz@8
_MsoSzToWz@8
_MsoUninitOffice@4
_MsoVBADigSigCallDlg@20
_MsoVBADigSigCallDlgEx@28
_MsoVBADigSigDllRegisterServer@0
_MsoVBADigSigDllUnregisterServer@0
_MsoVBADigSigOpenDlg@52
_MsoVBADigSigVerifyProject@56
_MsoVbaInitSecurity@4
_MsoWebServerSupportEx@12
_MsoWideCharToMultiByte@32
_MsoWtzCopy@8
_MsoWtzToWz@8
_MsoWzAfterPath@4
_MsoWzAppend@8
_MsoWzCopy@8
_MsoWzIndex@8
_MsoWzIndexRight@8
_MsoWzMarkSzCore@4
_MsoWzStrStr@8
_MsoWzToSz@8
_MsoWzToWtz@8
_MsoWzUpper@4
__MsoPvFree@8

Sections

.text
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 372KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Microsoft Shared/VBA/VBA7/$COMMONFILES/Microsoft Shared/VBA/uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Microsoft Shared/VBA/VBA7/1033/VBE7INTL.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Microsoft Shared/VBA/VBA7/2052/VBE7INTL.DLL
.dll windows:4 windows x86 arch:x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f9:10:99:19:ee:ef:5e:e4:ed:ab:5b:30:74:4f:19:d7:d0:c8:be
Signer

Actual PE Digest

75:f9:10:99:19:ee:ef:5e:e4:ed:ab:5b:30:74:4f:19:d7:d0:c8:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Microsoft Shared/VBA/VBA7/VBE6EXT.OLB
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Microsoft Shared/VBA/VBA7/VBE7.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

ce63a0f00c34bdd21e1b30243be9270c

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ca:87:a7:94:7d:44:6e:50:16:36:73:0a:a9:b2:6f:c3:ed:cd:af:bb
Signer

Actual PE Digest

ca:87:a7:94:7d:44:6e:50:16:36:73:0a:a9:b2:6f:c3:ed:cd:af:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
GetProfileIntA
DuplicateHandle
GetCurrentProcess
CreatePipe
SetLocalTime
RtlUnwind
SetFileTime
GetFileTime
GetVolumeInformationA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFileAttributesA
GetUserDefaultLangID
IsValidCodePage
GetModuleFileNameW
TerminateThread
CreateThread
GetDriveTypeW
GetLocaleInfoW
LoadLibraryW
SearchPathW
CreateFileW
GetStringTypeExW
LCMapStringW
VirtualProtect
FlushInstructionCache
GetComputerNameA
SetCurrentDirectoryA
HeapSize
SetEnvironmentVariableA
GetSystemTimeAsFileTime
CreateDirectoryA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEndOfFile
GetModuleHandleW
GetSystemInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
LockFile
UnlockFile
FindNextFileA
RemoveDirectoryA
ExitProcess
GetFullPathNameW
WriteConsoleW
GetStdHandle
GetCPInfo
GetOEMCP
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetTimeZoneInformation
HeapFree
GetFileSize
HeapReAlloc
GlobalMemoryStatus
SetFilePointer
VirtualFree
VirtualAlloc
GetLocalTime
CreateProcessW
OpenFile
FormatMessageW
HeapCreate
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
HeapAlloc
HeapDestroy
TlsFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindFirstFileA
FindClose
_lopen
InterlockedIncrement
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
WriteFile
GetSystemTime
InterlockedDecrement
_lcreat
CompareStringW
lstrcmpiW
WritePrivateProfileStringA
GetPrivateProfileIntA
GetVersion
lstrlenW
GetStringTypeExA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetStringTypeA
GetTickCount
LoadLibraryExA
MultiByteToWideChar
GetCurrentProcessId
GetEnvironmentVariableA
MulDiv
FindResourceA
SizeofResource
LoadResource
FreeResource
SetErrorMode
GlobalAddAtomA
GetACP
GlobalDeleteAtom
DisableThreadLibraryCalls
IsBadCodePtr
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
GetSystemDirectoryA
GetProcAddress
GetVersionExA
Sleep
FreeLibrary
VirtualQuery
LoadLibraryA
WideCharToMultiByte
CompareStringA
GetCurrentDirectoryA
GetModuleFileNameA
GetDriveTypeA
GlobalAlloc
GlobalSize
GetFileAttributesA
MoveFileA
LockResource
_lwrite
_lread
_lclose
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
GlobalHandle
GlobalReAlloc
GlobalLock
GetTempPathA
GetTempFileNameA
lstrcpynA
_llseek
GetModuleHandleA
FormatMessageA
GetLastError
GetWindowsDirectoryA
GetPrivateProfileStringA
GetShortPathNameA
WinExec
CreateFileA
ReadFile
CloseHandle
RaiseException
GetCurrentThreadId
IsBadReadPtr
lstrcpyA
lstrcatA
DeleteFileA
GetSystemDefaultLangID
LCMapStringA
IsDBCSLeadByte
lstrcmpiA
lstrcmpA
GetCommandLineA
lstrlenA

user32

RegisterClipboardFormatA
DefMDIChildProcA
DefFrameProcA
GetTopWindow
SetKeyboardState
GetKeyboardState
keybd_event
WaitForInputIdle
SetWindowsHookExW
VkKeyScanW
VkKeyScanA
SetCaretPos
HideCaret
ScrollDC
SetScrollRange
DestroyCaret
SetRectEmpty
OemToCharBuffA
CharToOemA
ScrollWindow
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
CharLowerBuffA
FindWindowW
FindWindowA
GetUpdateRect
GetScrollPos
MapDialogRect
SetDlgItemInt
GetDlgCtrlID
GetDoubleClickTime
CreateCaret
ShowCaret
GetMessageTime
EnableScrollBar
RedrawWindow
GetScrollInfo
SetScrollInfo
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
LockWindowUpdate
DrawFrameControl
AdjustWindowRect
CreateMDIWindowA
SetParent
GetMessagePos
WaitMessage
EnumThreadWindows
ValidateRect
GetClipCursor
LoadStringW
GetNextDlgTabItem
EmptyClipboard
SetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
EnumClipboardFormats
CloseClipboard
LoadImageA
LoadIconA
DestroyCursor
CharLowerA
GetSystemMetrics
EnumChildWindows
SetWindowsHookExA
UnhookWindowsHookEx
DrawIcon
DrawEdge
GetDlgItemInt
PostQuitMessage
GetDialogBaseUnits
CallNextHookEx
MessageBoxIndirectA
DialogBoxParamA
GetWindowTextLengthA
RegisterClassExA
FrameRect
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeFreeStringHandle
DdeUninitialize
GetDlgItemTextA
GetWindowPlacement
CreateDialogParamA
TranslateMessage
DispatchMessageA
CharToOemBuffA
GetWindowTextA
DrawTextA
SetActiveWindow
GetAsyncKeyState
LoadBitmapA
IsWindowUnicode
IsDialogMessageW
IsDialogMessageA
TranslateMDISysAccel
GetKeyboardLayout
RegisterWindowMessageA
IsDlgButtonChecked
CheckRadioButton
FillRect
SetCursor
ClipCursor
GetKeyState
CallWindowProcA
GetClassNameA
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
IsWindow
UnregisterClassA
DestroyIcon
LoadCursorA
RegisterClassA
GetDlgItem
CheckDlgButton
MessageBoxA
LoadStringA
SendDlgItemMessageA
EndDialog
GetDesktopWindow
SetRect
CharUpperA
SetDlgItemTextA
GetWindowDC
GetClassInfoA
EqualRect
CopyRect
AdjustWindowRectEx
PeekMessageA
IsCharAlphaA
CharPrevA
MoveWindow
GetUpdateRgn
ChildWindowFromPointEx
IsWindowEnabled
GetWindowLongA
GetActiveWindow
GetSysColor
GetIconInfo
OffsetRect
GetCursor
GetCursorPos
MapWindowPoints
ReleaseDC
GetDC
KillTimer
ShowWindow
IsWindowVisible
SetTimer
ScreenToClient
WindowFromPoint
SystemParametersInfoA
CreateWindowExA
UpdateWindow
SetWindowPos
SetWindowTextA
GetCapture
DestroyWindow
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
PostMessageA
GetFocus
GetParent
GetWindow
SetFocus
EnableWindow
SendMessageA
BringWindowToTop
LoadAcceleratorsA
GetDCEx
IntersectRect
InvalidateRect
InvalidateRgn
IsRectEmpty
SubtractRect
wsprintfA
CharNextA
AttachThreadInput
GetWindowThreadProcessId
PtInRect
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
GetSystemMenu
SetWindowLongA
MessageBeep
GetForegroundWindow
IsZoomed
IsIconic
EnableMenuItem
RemoveMenu
IsChild
DrawFocusRect
CopyAcceleratorTableA
DdeDisconnect

gdi32

OffsetRgn
InvertRgn
SetTextAlign
GetCurrentPositionEx
CreateICA
GetTextFaceA
EnumFontFamiliesExA
GetTextColor
GetPixel
SetStretchBltMode
MoveToEx
LineTo
Rectangle
GetTextExtentPoint32A
CopyEnhMetaFileA
CopyMetaFileA
GetObjectType
GetDIBits
GetNearestColor
GetPaletteEntries
RectInRegion
DeleteObject
CreateMetaFileA
CloseMetaFile
SaveDC
RestoreDC
DeleteMetaFile
PlayMetaFile
SetMapMode
ScaleViewportExtEx
SetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
SetAbortProc
Escape
CreateDCA
EndPage
StartPage
AbortDoc
EndDoc
StartDocA
BitBlt
CreatePalette
CreateDIBitmap
StretchBlt
GetDeviceCaps
GetBkColor
TextOutA
GetStockObject
CreateCompatibleDC
GetCurrentObject
CreateCompatibleBitmap
StretchDIBits
GetClipBox
DeleteDC
GetROP2
SetROP2
SetBrushOrgEx
EnumFontsA
PatBlt
SelectPalette
RealizePalette
GetTextMetricsA
CreateRectRgn
SetRectRgn
CombineRgn
ExcludeClipRect
SetWindowOrgEx
IntersectClipRect
SelectClipRgn
CreateRectRgnIndirect
CreateFontIndirectA
GetTextExtentPointA
GetObjectA
GetBitmapBits
SetBkMode
SelectObject
ExtTextOutA
CreatePen
CreateSolidBrush
UnrealizeObject
CreateBitmap
CreatePatternBrush
SetTextColor
SetBkColor
OffsetWindowOrgEx

advapi32

RegQueryValueExA
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegQueryValueW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegFlushKey
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegOpenKeyA

ole32

CreateBindCtx
MkParseDisplayName
BindMoniker
OleSetClipboard
OleFlushClipboard
OleGetClipboard
CoLockObjectExternal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
DoDragDrop
CoIsOle1Class
GetHGlobalFromStream
CreateStreamOnHGlobal
CoGetCurrentProcess
CoRegisterClassObject
CoRevokeClassObject
CreateFileMoniker
GetRunningObjectTable
StringFromGUID2
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CoGetMalloc
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRegGetMiscStatus
IIDFromString
CoCreateGuid
CoDisconnectObject
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
StgOpenStorage
CLSIDFromString
StringFromCLSID
OleSave

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SafeArrayGetLBound
VariantInit
VariantClear
LHashValOfNameSysA
OaBuildVersion
SysReAllocString
VariantChangeType
SetErrorInfo
CreateErrorInfo
GetErrorInfo
DispGetParam
LHashValOfNameSys
LoadRegTypeLi
QueryPathOfRegTypeLi
SysReAllocStringLen
LoadTypeLi
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
DispGetIDsOfNames
DispInvoke
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantCopy
VariantCopyInd
RevokeActiveObject
VarDateFromStr
GetActiveObject
SafeArrayDestroyData
VariantChangeTypeEx
SafeArrayAllocDescriptor
SafeArrayLock
SafeArrayUnlock
VarR8FromStr
SafeArrayGetElement
SafeArrayGetDim
VarCyFromI4
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromDate
VarBstrFromCy
VarI2FromStr
VarI4FromStr
VarI4FromR8
VarR4FromStr
VarCyFromStr
VarR4FromR8
SafeArrayCopy
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysFreeString

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
DllVbaInitHostAddins
DllVbeGetHashOfCode
DllVbeInit
DllVbeSetMsiApis
DllVbeTerm
VarPtr
_GetLongPathNameA@12
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime
rtcFormatNumber
rtcFormatPercent
rtcFreeFile
rtcGetAllSettings
rtcGetCurrentCalendar
rtcGetDateBstr
rtcGetDateValue
rtcGetDateVar
rtcGetDayOfMonth
rtcGetDayOfWeek
rtcGetErl
rtcGetFileAttr
rtcGetHostLCID
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetObject
rtcGetPresentDate
rtcGetSecondOfMinute
rtcGetSetting
rtcGetTimeBstr
rtcGetTimeValue
rtcGetTimeVar
rtcGetTimer
rtcGetYear
rtcHexBstrFromVar
rtcHexVarFromVar
rtcIMEStatus
rtcIPMT
rtcIRR
rtcImmediateIf
rtcInStr
rtcInStrChar
rtcInStrRev
rtcInputBox
rtcInputCharCount
rtcInputCharCountVar
rtcInputCount
rtcInputCountVar
rtcIntVar
rtcIsArray
rtcIsDate
rtcIsEmpty
rtcIsError
rtcIsMissing
rtcIsNull
rtcIsNumeric
rtcIsObject
rtcJoin
rtcKillFiles
rtcLeftBstr
rtcLeftCharBstr
rtcLeftCharVar
rtcLeftTrimBstr
rtcLeftTrimVar
rtcLeftVar
rtcLenCharVar
rtcLenVar
rtcLog
rtcLowerCaseBstr
rtcLowerCaseVar
rtcMIRR
rtcMacId
rtcMakeDir
rtcMidBstr
rtcMidCharBstr
rtcMidCharVar
rtcMidVar
rtcMonthName
rtcMsgBox
rtcNPV
rtcNPer
rtcOctBstrFromVar
rtcOctVarFromVar
rtcPMT
rtcPPMT
rtcPV
rtcPackDate
rtcPackTime
rtcPartition
rtcQBColor
rtcR8ValFromBstr
rtcRandomNext
rtcRandomize
rtcRate
rtcRemoveDir
rtcReplace
rtcRgb
rtcRightBstr
rtcRightCharBstr
rtcRightCharVar
rtcRightTrimBstr
rtcRightTrimVar
rtcRightVar
rtcRound
rtcSLN
rtcSYD
rtcSaveSetting
rtcSendKeys
rtcSetCurrentCalendar
rtcSetDatabaseLcid
rtcSetDateBstr
rtcSetDateVar
rtcSetFileAttr
rtcSetTimeBstr
rtcSetTimeVar
rtcSgnVar
rtcShell
rtcSin
rtcSpaceBstr
rtcSpaceVar
rtcSplit
rtcSqr
rtcStrConvVar
rtcStrConvVar2
rtcStrFromVar
rtcStrReverse
rtcStringBstr
rtcStringVar
rtcSwitch
rtcTan
rtcTrimBstr
rtcTrimVar
rtcTypeName
rtcUpperCaseBstr
rtcUpperCaseVar
rtcVarBstrFromAnsi
rtcVarBstrFromByte
rtcVarBstrFromChar
rtcVarDateFromVar
rtcVarFromError
rtcVarFromFormatVar
rtcVarFromVar
rtcVarStrFromVar
rtcVarType
rtcWeekdayName

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/FM20.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

16b10e6529748a1e7a816212b174f221

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:98:f2:72:74:c6:fa:88:19:36:7a:95:b6:93:0b:ef:54:b4:2a:04
Signer

Actual PE Digest

c8:98:f2:72:74:c6:fa:88:19:36:7a:95:b6:93:0b:ef:54:b4:2a:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringLen
LoadTypeLi
VariantInit
SysFreeString
SetErrorInfo
VarR4FromStr
VarBstrFromR4
CreateErrorInfo
VariantChangeTypeEx
VariantClear
SysAllocString
SysReAllocString
SysReAllocStringLen
SysStringLen
VariantCopy
OleCreatePictureIndirect
VarI4FromStr
VariantChangeType
VarBstrFromBool
VarBstrFromI4
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayPutElement
CreateTypeLib2
VarCyFromI2
VarDateFromI2
VarBstrFromI2
VarI2FromI4
VarR4FromI4
VarCyFromI4
VarDateFromI4
VarI2FromR4
VarI4FromR4
VarCyFromR4
VarDateFromR4
VarBoolFromI2
VarI2FromR8
VarI4FromR8
GetErrorInfo
VarR4FromR8
VarCyFromR8
VarDateFromR8
VarBstrFromR8
VarI2FromCy
VarI4FromCy
VarBoolFromI4
VarR4FromCy
VarBoolFromR4
VarR8FromCy
SafeArrayCopy
VarBoolFromR8
VarDateFromCy
VarBoolFromCy
VarBstrFromCy
VarI2FromDate
VarBoolFromDate
VarI4FromDate
VarR8FromStr
VarR4FromDate
VarR8FromDate
VarCyFromStr
VarCyFromDate
VarDateFromStr
VarBstrFromDate
VarBoolFromStr
VarI2FromStr
VarCyFromBool
VarDateFromBool
SafeArrayCreate
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayUnaccessData
UnRegisterTypeLi
SafeArrayDestroy

kernel32

GetACP
FreeLibrary
GetModuleFileNameW
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
GetCurrentThreadId
TlsFree
GetProcessHeap
TlsAlloc
LoadLibraryExW
GetLocaleInfoW
IsValidLocale
GetSystemDefaultLCID
GetUserDefaultLCID
GetProcAddress
LoadLibraryA
SearchPathW
GetCommandLineA
GetModuleHandleW
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeResource
SizeofResource
LockResource
LoadResource
_lread
_lwrite
_llseek
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleHandleA
GetUserDefaultLangID
GetProfileIntA
GetEnvironmentVariableW
CreateFileW
CloseHandle
DeleteFileW
InterlockedIncrement
MulDiv
IsDBCSLeadByte
RaiseException
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
GetSystemInfo
SetCurrentDirectoryA
OutputDebugStringA
GetWindowsDirectoryA
GetSystemDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
FormatMessageA
FindResourceA
FindFirstFileA
CreateDirectoryA
GetVersionExA
CreateDirectoryW
FindFirstFileW
FindResourceW
FormatMessageW
GetCurrentDirectoryW
_lclose
OpenFile
SetEndOfFile
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
HeapReAlloc
VirtualAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetStdHandle
GetCPInfo
WriteFile
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
LoadLibraryExA
SearchPathA
GetFullPathNameA
SetCurrentDirectoryW
OutputDebugStringW
lstrlenW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
GetFileAttributesW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegSetValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegFlushKey

ole32

OleCreateLinkFromData
CreateItemMoniker
CoGetClassObject
OleQueryLinkFromData
CoCreateGuid
StgOpenStorage
OleCreateFromData
OleCreateStaticFromData
OleRun
OleSave
CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleDraw
RegisterDragDrop
RevokeDragDrop
CreateDataCache
CreateOleAdviseHolder
OleGetIconOfClass
StgCreateDocfile
WriteClassStg
WriteFmtUserTypeStg
CreateDataAdviseHolder
CreateStreamOnHGlobal
WriteClassStm
OleGetClipboard
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
StringFromGUID2
StringFromCLSID
ReleaseStgMedium
ProgIDFromCLSID
CoTaskMemFree
CoTaskMemAlloc
CreateBindCtx
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
IIDFromString
GetRunningObjectTable
OleSaveToStream
ReadClassStg
ReadClassStm
OleQueryCreateFromData

gdi32

GetDeviceCaps
StretchBlt
SetStretchBltMode
CreateRectRgn
PolylineTo
GetROP2
SetROP2
CreatePen
MoveToEx
LineTo
GetPixel
CreateBitmap
SetPixel
SetPixelV
UnrealizeObject
SetBrushOrgEx
Rectangle
OffsetRgn
CombineRgn
GetRegionData
GetClipRgn
SelectClipRgn
CreateHatchBrush
RectVisible
ExcludeClipRect
BitBlt
CreateCompatibleBitmap
GetNearestColor
GetBkColor
GetCurrentObject
PatBlt
IntersectClipRect
CreateRectRgnIndirect
SetViewportOrgEx
SetViewportExtEx
PlayMetaFile
SaveDC
GetWindowOrgEx
GetWindowExtEx
GetMapMode
LPtoDP
GetObjectType
RestoreDC
SetBkColor
CreateMetaFileA
SetMapMode
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreatePatternBrush
CreateSolidBrush
GetStockObject
GetClipBox
SetBkMode
SetTextColor
SelectObject
GetPaletteEntries
SelectPalette
RealizePalette
CreatePalette
DeleteObject
DeleteDC
CreateCompatibleDC
GetTextMetricsW
ExtTextOutA
GetTextFaceA
GetTextExtentPoint32A
EnumFontFamiliesA
CreateICA
CreateDCA
GetTextMetricsA
GetObjectA
CreateFontIndirectA
CreateDCW
CreateFontIndirectW
CreateICW
EnumFontFamiliesW
GetObjectW
GetTextExtentPoint32W
GetTextFaceW
ExtTextOutW

user32

LoadStringW
LoadMenuW
LoadIconW
LoadCursorW
LoadBitmapW
LoadAcceleratorsW
IsDialogMessageW
InsertMenuW
GetWindowTextLengthW
GetWindowTextW
GetWindowLongW
GetPropW
GetMessageW
GetMenuStringW
GetDlgItemTextW
GetClipboardFormatNameW
GetClassNameW
GetClassInfoW
FindWindowW
DrawTextW
DispatchMessageW
DialogBoxParamW
DialogBoxIndirectParamW
DefWindowProcW
CreateWindowExW
CreateDialogParamW
CreateAcceleratorTableW
CopyAcceleratorTableW
CharUpperW
CharPrevW
CharNextW
CharLowerW
CallWindowProcW
AppendMenuW
GetWindowTextLengthA
AppendMenuA
CharLowerA
CharUpperA
CreateWindowExA
DrawTextA
FindWindowA
GetClassInfoA
GetClassNameA
GetClipboardFormatNameA
GetDlgItemTextA
GetMenuStringA
GetPropA
GetWindowTextA
InsertMenuA
LoadStringA
MessageBoxIndirectA
ModifyMenuA
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RemovePropA
SendMessageA
SetDlgItemTextA
SetPropA
SetWindowTextA
SystemParametersInfoA
UnregisterClassA
WinHelpA
wvsprintfA
GetDlgItem
VkKeyScanW
VkKeyScanA
GetKeyboardLayout
GetKeyboardLayoutList
GetSystemMetrics
GetWindow
GetSysColor
KillTimer
SetWindowPos
DestroyWindow
IsWindow
EndPaint
GetClientRect
BeginPaint
FillRect
SetTimer
WindowFromPoint
ReleaseDC
InvalidateRect
GetDC
PtInRect
GetCursorPos
RedrawWindow
GetWindowThreadProcessId
TrackPopupMenu
ReleaseCapture
GetCapture
UnhookWindowsHookEx
CallNextHookEx
SetCapture
ScreenToClient
EnumWindows
GetKeyState
DestroyCursor
GetFocus
SetCursor
CreateIconIndirect
GetIconInfo
SetFocus
MessageBoxIndirectW
ShowWindow
EnableWindow
GetUpdateRect
SetWindowRgn
EqualRect
IntersectRect
InflateRect
GetWindowDC
ClientToScreen
GetDCEx
LockWindowUpdate
EnumChildWindows
GetDoubleClickTime
GetMessageTime
InvalidateRgn
ScrollWindowEx
SetRect
SetCaretPos
SetRectEmpty
GetAsyncKeyState
CreateCaret
HideCaret
ShowCaret
InvertRect
DrawFocusRect
ValidateRect
IsRectEmpty
SubtractRect
ScrollDC
DestroyAcceleratorTable
DestroyMenu
EnableMenuItem
GetSubMenu
MapWindowPoints
EndDialog
GetWindowRect
IsChild
IsIconic
GetParent
DeleteMenu
GetMessagePos
GetActiveWindow
IsWindowVisible
GetUpdateRgn
GetForegroundWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
BringWindowToTop
CheckMenuItem
GetMenuItemID
GetMenuItemCount
MessageBoxW
CopyImage
ChildWindowFromPointEx
UpdateWindow
CheckDlgButton
IsDlgButtonChecked
ClipCursor
PostMessageW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
RemovePropW
SendDlgItemMessageW
SendMessageW
SetDlgItemTextW
SetPropW
SetWindowLongW
SetWindowsHookExW
SetWindowTextW
SystemParametersInfoW
TranslateAcceleratorW
UnregisterClassW
WinHelpW
MoveWindow
GetDialogBaseUnits
DrawFrameControl
ActivateKeyboardLayout
AdjustWindowRect
GetCursor
TranslateAcceleratorA
SetWindowLongA
PostMessageA
PeekMessageA
LoadMenuA
LoadIconA
LoadCursorA
LoadBitmapA
LoadAcceleratorsA
IsDialogMessageA
GetWindowLongA
GetMessageA
DispatchMessageA
DialogBoxParamA
DialogBoxIndirectParamA
DefWindowProcA
CreateDialogParamA
CreateAcceleratorTableA
CopyAcceleratorTableA
CallWindowProcA
wvsprintfW
ModifyMenuW
OffsetRect
PeekMessageW
SetWindowsHookExA

shell32

ExtractIconW
ExtractIconA

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
ChooseColorW
ChooseFontW
GetOpenFileNameW
ChooseColorA
GetSaveFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServerSetup
DllUnregisterServer
FormsCheckUFIControls
FormsCloseParentUnit
FormsOpenParentUnit
FormsSetLCID

Sections

.text
Size: 830KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/FM20CHS.DLL
.dll windows:4 windows x86 arch:x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

60:87:07:d9:5d:ef:bc:3a:45:58:4c:23:f0:42:90:7e:73:a8:2f:5d
Signer

Actual PE Digest

60:87:07:d9:5d:ef:bc:3a:45:58:4c:23:f0:42:90:7e:73:a8:2f:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/FM20ENU.DLL
.dll windows:5 windows x86 arch:x86

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d0:8b:46:90:a6:c7:86:90:d6:39:b3:ae:5f:b8:0c:f5:7c:aa:c8:94
Signer

Actual PE Digest

d0:8b:46:90:a6:c7:86:90:d6:39:b3:ae:5f:b8:0c:f5:7c:aa:c8:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 27KB - Virtual size: 27KB

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 240B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 8B

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 222B

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 4KB - Virtual size: 8B

40ed62e50ea37173a91b7578a842008a

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 8.3MB - Virtual size: 8.3MB

.data Size: 192KB - Virtual size: 189KB

Shared Size: 4KB - Virtual size: 3KB

.rsrc Size: 668KB - Virtual size: 667KB

.reloc Size: 372KB - Virtual size: 368KB

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 27KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 4KB - Virtual size: 240B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 8B

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 4KB - Virtual size: 222B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 4KB - Virtual size: 8B

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 8.3MB - Virtual size: 8.3MB

.data
Size: 192KB - Virtual size: 189KB

Shared
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 668KB - Virtual size: 667KB

.reloc
Size: 372KB - Virtual size: 368KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 148KB - Virtual size: 144KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

75:f9:10:99:19:ee:ef:5e:e4:ed:ab:5b:30:74:4f:19:d7:d0:c8:be
Signer

.rsrc
Size: 92KB - Virtual size: 88KB

.reloc
Size: 4KB - Virtual size: 8B

.rsrc
Size: 36KB - Virtual size: 33KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

ca:87:a7:94:7d:44:6e:50:16:36:73:0a:a9:b2:6f:c3:ed:cd:af:bb
Signer