8597e3f1438e5fa827b64a49c33702e2

Sharing

Copy URL Twitter E-mail

General

Target

8597e3f1438e5fa827b64a49c33702e2
Size

4.6MB
MD5

8597e3f1438e5fa827b64a49c33702e2
SHA1

3c976779c2c5acb15bc06b5b8ad1b90bf7658200
SHA256

e4e3e9cbfcd0be74d8e05f4e98ab5e1b67814f80d98e974d1b6c32a0765680f3
SHA512

78117b42604a52b680a581a26ac023a13172bacca4bf9e643c692119464de90e40afd8e0f6b80c1bfd94a74ffba3ebae49b62c70124c820b9cd4f03b94470730
SSDEEP

98304:ozxHcoDZPhhe6KINq5vfog1sX6QVwT0nqH8SdFgWcvfTM1W9VY0lPPgOrL+bKkd1:oBci5he0AfRWX6QVGaWFAvuW9VY0NPPm

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
8597e3f1438e5fa827b64a49c33702e2
unpack001/$PLUGINSDIR/Banner.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/processwork.dll
unpack001/FrostWire.exe
unpack001/jdic.dll

Files

8597e3f1438e5fa827b64a49c33702e2
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 884KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ApnIC.dll
.dll windows:5 windows x86 arch:x86

5db51dce57ada4573059e6a7656d53ac

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:6f:8a:30:e2:ea:c6:96:5b:93:6f:82:6a:05:30:5d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/06/2008, 00:00

Not After

17/06/2011, 23:59

Subject

CN=Ask.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Distribution,O=Ask.com,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:23:85:6a:43:2e:90:f4:e0:f0:25:d3:98:74:4b:56:57:05:c7:fb
Signer

Actual PE Digest

01:23:85:6a:43:2e:90:f4:e0:f0:25:d3:98:74:4b:56:57:05:c7:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\hudson\jobs\AskStub\workspace\AskStub\Release\APNIC.pdb

Imports

kernel32

GetCurrentProcess
GetProcAddress
LoadLibraryW
GetVersionExW
CreateDirectoryW
GetTempPathW
GetLocalTime
GetFileTime
CreateFileW
lstrlenA
GetPrivateProfileStringW
InterlockedDecrement
DeleteFileW
CloseHandle
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetSystemDefaultLangID
HeapSize
GetLocaleInfoA
GetLastError
lstrcmpW
lstrcpyW
lstrcatW
lstrlenW
SetStdHandle
LoadLibraryA
CreateFileA
SetEndOfFile
GetProcessHeap
GetACP
GetOEMCP
GetModuleHandleW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
GetModuleHandleA
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetStringTypeA
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetStringTypeW
IsValidCodePage

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsW
StrStrIW
SHDeleteKeyW

wininet

HttpSendRequestExW
InternetOpenW
InternetReadFile
HttpQueryInfoW
HttpOpenRequestW
HttpEndRequestW
InternetConnectW
InternetSetOptionW
InternetCrackUrlW
InternetCloseHandle
HttpSendRequestW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Exports

Exports

DoCheckInstall
DoCheckOverInstall
DoPostInstall
DoPreCheck
DoPreInstall
GetPayloadPath
VolatileStoreClearMacroData

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ApnStub.exe
.exe windows:5 windows x86 arch:x86

f51ad16cc9cd56f9a16e2a16dbc06ef0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:6f:8a:30:e2:ea:c6:96:5b:93:6f:82:6a:05:30:5d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/06/2008, 00:00

Not After

17/06/2011, 23:59

Subject

CN=Ask.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Distribution,O=Ask.com,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:69:42:e7:4f:06:53:63:46:3f:d0:43:f8:ed:72:47:b9:1e:e6:3b
Signer

Actual PE Digest

fb:69:42:e7:4f:06:53:63:46:3f:d0:43:f8:ed:72:47:b9:1e:e6:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\hudson\jobs\AskStub\workspace\AskStub\Release\APNStub.pdb

Imports

msi

ord224

crypt32

CertFreeCertificateContext
CertGetNameStringW

urlmon

IsValidURL
URLDownloadToFileW

kernel32

CompareStringW
GetStdHandle
CompareStringA
FlushFileBuffers
CreateFileA
lstrlenW
GetTempPathW
lstrcatW
DeleteFileW
lstrcpyW
Sleep
GetModuleFileNameW
FreeLibrary
WaitForSingleObject
LoadLibraryW
GetExitCodeProcess
GetLastError
SetLastError
GetProcAddress
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetFullPathNameW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCurrentDirectoryA
HeapAlloc
RaiseException
GetDriveTypeA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
SetEnvironmentVariableA
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
GetTimeZoneInformation
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
LCMapStringA
GetStringTypeA
GetStringTypeW

user32

GetForegroundWindow
MessageBoxW
wsprintfW

shell32

ShellExecuteExW

ole32

IIDFromString
CoInitializeEx
CoCreateInstance

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ApnToolbarInstaller.exe
.exe windows:5 windows x86 arch:x86

086be98035086de94c3bc34d58110aad

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:6f:8a:30:e2:ea:c6:96:5b:93:6f:82:6a:05:30:5d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/06/2008, 00:00

Not After

17/06/2011, 23:59

Subject

CN=Ask.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Distribution,O=Ask.com,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:7d:38:a9:35:10:9f:5e:e2:b1:bf:d7:0a:49:e3:15:50:ba:f9:ab
Signer

Actual PE Digest

64:7d:38:a9:35:10:9f:5e:e2:b1:bf:d7:0a:49:e3:15:50:ba:f9:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudson\jobs\ToolbarCore-1.11.3.0\workspace\build\ToolbarCore\toolbar\ie\src\toolbar\wrapper\Release\externalwrapper.pdb

Imports

shlwapi

PathFileExistsW
StrStrIW
StrCmpNIW
SHDeleteValueW

msi

ord159
ord92
ord8
ord205
ord113
ord163
ord160
ord20
ord32
ord118
ord125
ord70

kernel32

SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineW
FileTimeToDosDateTime
GetTempFileNameW
lstrlenA
FindResourceW
LoadResource
WaitForSingleObject
GetTickCount
GetPrivateProfileStringW
WriteFile
WideCharToMultiByte
SizeofResource
GetExitCodeProcess
CreateFileW
MultiByteToWideChar
lstrlenW
GetTempPathW
FindFirstFileA
FindClose
GetLocalTime
lstrcmpiW
lstrcatW
GetProcessHeap
FileTimeToLocalFileTime
DeleteFileW
LocalFree
lstrcpyW
CreateFileA
SetFilePointer
ReadFile
GetLastError
GetVersionExW
CreateDirectoryW
GetFileTime
InterlockedDecrement
GetSystemDefaultLangID
FreeLibrary
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetSystemInfo
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
CloseHandle
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetACP
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind
GetCurrentProcessId
RaiseException
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
GetStartupInfoW
GetCPInfo
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

GetSystemMetrics

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantInit
SysFreeString

wininet

InternetSetOptionW
HttpSendRequestW
HttpSendRequestExW
InternetCanonicalizeUrlW
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetOpenW
HttpEndRequestW
InternetCloseHandle
InternetCrackUrlW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AskToolbarPromo.bmp
$PLUGINSDIR/AskToolbarPromo.ini
$PLUGINSDIR/Banner.dll
.dll windows:5 windows x86 arch:x86

beba03bbad1f8d79d5b3c1359e913e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpW
GetModuleHandleW
CloseHandle
Sleep
CreateThread
GetCurrentThreadId
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc

user32

DestroyWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
SetDlgItemTextW
DispatchMessageW
PeekMessageW
WaitMessage
IsWindow
CreateDialogParamW
ShowWindow
AttachThreadInput
IsWindowVisible
wsprintfW
PostMessageW

Exports

Exports

destroy
getWindow
show

Sections

.text
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:5 windows x86 arch:x86

cbc66eb3222e3fcdbee2e18ba7195f5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
GetTickCount
DeleteFileA
Sleep
lstrcpyA
CreateFileA
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
CreateThread
WaitForSingleObject
WriteFile
CloseHandle
IsDebuggerPresent

user32

IsWindowVisible
GetFocus
GetDlgItem
ShowWindow
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongW
RegisterWindowMessageW
GetClientRect
GetWindowRect
CreateWindowExW
GetWindowLongW
wsprintfA
CallWindowProcW
DestroyWindow
EnableWindow
FindWindowExW
SendMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ws2_32

WSAGetLastError
send
closesocket
shutdown
ioctlsocket
htons
socket
WSACleanup
WSAStartup
recv
__WSAFDIsSet
connect
inet_addr
gethostbyname
select

Exports

Exports

download
download_quiet

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0615854a8bf9998cbbbcc756d6e6d4bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2011, 00:00

Not After

14/03/2014, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:62:56:b6:ae:c5:95:7a:b5:46:04:84:8f:07:bc:78:a8:38:ed:09
Signer

Actual PE Digest

9d:62:56:b6:ae:c5:95:7a:b5:46:04:84:8f:07:bc:78:a8:38:ed:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
CreateFileW
GetFileSize
GetCurrentProcessId
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
FindClose
ReadFile
GetTimeZoneInformation
WaitForSingleObject
OutputDebugStringW
WriteFile
DeleteFileW
GetCurrentThreadId
SetLastError
GetCurrentProcess
FlushInstructionCache
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
CreateDirectoryW
GetShortPathNameW
GetTempPathW
SetFilePointer
GetTickCount
CreateEventW
SetEvent
CreateProcessW
MoveFileExW
GlobalUnlock
GlobalLock
GlobalAlloc
Process32NextW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFileAttributesA
CreateProcessA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFullPathNameW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
Process32FirstW
CreateToolhelp32Snapshot
WriteConsoleA
GetCurrentDirectoryA
CreateFileA
CloseHandle
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
GetModuleHandleA
SetErrorMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringA
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
RtlUnwind
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap
FindResourceA
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetFileAttributesExW
CompareFileTime
FileTimeToSystemTime
GetVersion
GetSystemInfo
GetVersionExW
GetTempFileNameW
GlobalFree
ReleaseSemaphore
ResumeThread
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
GetSystemDefaultLCID
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
lstrlenA
WideCharToMultiByte
OpenProcess
GetUserDefaultUILanguage
GetLocaleInfoW
FreeLibrary
LoadLibraryW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
GetThreadLocale
GetLastError
SetThreadLocale
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
LoadLibraryExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
PeekNamedPipe
CreateThread

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

WSACleanup
WSAStartup
closesocket
WSAGetLastError
gethostname
ioctlsocket
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
WSASetLastError
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
socket

msimg32

AlphaBlend

shlwapi

PathMatchSpecW

user32

IsWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetCursor
ReleaseCapture
TrackPopupMenu
GetCursorPos
DestroyWindow
PostMessageW
PostQuitMessage
KillTimer
UnregisterClassA
GetForegroundWindow
DestroyMenu
NotifyWinEvent
FindWindowW
GetParent
GetAncestor
SetFocus
CreateDialogParamW
LoadImageW
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SystemParametersInfoW
SetWindowsHookExW
DrawTextW
ScreenToClient
SetMenuItemInfoW
IsWindowVisible
SetForegroundWindow
SetCursor
ClientToScreen
GetWindowRect
SendDlgItemMessageW
EnableMenuItem
GetSystemMenu
EnableWindow
SetDlgItemTextW
MessageBoxW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
CharNextW
FillRect
InvalidateRect
GetAsyncKeyState
EndPaint
BeginPaint
DrawFocusRect
ReleaseDC
GetDC
GetSysColorBrush
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
MoveWindow
GetClientRect
SetWindowTextW
SendMessageW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetDlgItem
ShowWindow
EnumWindows
EnumChildWindows
GetWindowTextW
GetWindowTextLengthW
SetTimer

gdi32

CreateSolidBrush
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
CreateDIBSection
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
GdiFlush

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegDeleteValueA
LookupPrivilegeValueW
RegDeleteValueW
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
GetUserNameW
RegEnumKeyW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoTaskMemRealloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree

oleaut32

VariantClear
LoadRegTypeLi
SysAllocStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OCPRD124CanLeaveOfferPage
OCPRD124CleanupProduct
OCPRD124Detach
OCPRD124FindGuidAndRunDialog
OCPRD124FindGuidAndRunDialogA
OCPRD124GetAsyncOfferStatus
OCPRD124GetBannerInfo
OCPRD124GetBannerInfoW
OCPRD124GetMsg
OCPRD124GetNoCandy
OCPRD124GetOfferState
OCPRD124GetOfferType
OCPRD124Init2A
OCPRD124Init2W
OCPRD124InnoAdjust
OCPRD124InnoRestore
OCPRD124InstallShieldAdjust
OCPRD124LoadOpenCandyDLL
OCPRD124LogDevModeMessage
OCPRD124LogDevModeMessageW
OCPRD124NSISAdjust
OCPRD124PreInit
OCPRD124PrepareDownload
OCPRD124RunDialog
OCPRD124SetCmdLineValues
OCPRD124SetCmdLineValuesW
OCPRD124SetCustomBrushColor
OCPRD124SetCustomBrushColorW
OCPRD124SetNoCandy
OCPRD124SetOCOfferEnabled
OCPRD124SetOfferData
OCPRD124SetOfferLocation
OCPRD124SetUseDefaultColorBkGrnd
OCPRD124Shutdown
OCPRD124SignalProductFailed
OCPRD124SignalProductInstalled
OCPRD124StartDLMgr2Download
OCPRD124StartDLMgr2DownloadRunasAdmin
_OCPRD124DLMgr2Check@16
_OCPRD124Display@16
_OCPRD124DownloadMgr2RecycleOffer@12
_OCPRD124MgrCheck@16
_OCPRD124MgrExec@16
_OCPRD124RestartDll@16
_OCPRD124RestartDllAsAdmin@16
_OCPRD124RunOpenCandyDLL@16

Sections

.text
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Unpack200.class
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/processwork.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CloseProcess
ExistsProcess
KillProcess
QuitProcess

Sections

CODE
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 47B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EULA.txt
FrostWire.exe
.exe windows:4 windows x86 arch:x86

d4799422a7873cd26b0baf4a53aaf408

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\FrostWire Project\FrostWire Development-1\Release Builds Win32\Project\FrostWire\internal\frostwireExe\Release\FrostWire.pdb

Imports

kernel32

GetSystemDefaultLCID
GetProcAddress
SetThreadLocale
GetModuleFileNameA
SetCurrentDirectoryA
LoadLibraryA
GetCurrentDirectoryA
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
GetModuleHandleA
ExitProcess
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetFullPathNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
InitializeCriticalSection
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
Sleep
SetEnvironmentVariableA
SetEnvironmentVariableW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
FlushFileBuffers
ReadFile
CreateFileA
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile

user32

MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FrostWire.ico
FrostWire.pack
GPL3.txt
aopalliance.pack
clink.pack
commons-codec-1.3.pack
commons-logging.pack
.js
daap.pack
forms.pack
foxtrot.pack
gettext-commons.pack
gson-1.4.pack
guice-1.0.pack
httpclient-4.0.pack
httpcore-4.0.1.pack
httpcore-nio-4.0.1.pack
icu4j.pack
inspection.props
jaudiotagger.pack
jcip-annotations.pack
jcraft.pack
jdic.dll
.dll windows:4 windows x86 arch:x86

fc4c7d9bd749d58d970fedfd418f9ada

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetFilePointer
RtlUnwind
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CloseHandle
LocalAlloc
LocalFree
GetEnvironmentStringsW
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
LocalReAlloc
lstrcatA
lstrcpyA
lstrcpynA
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
LCMapStringW
LCMapStringA
HeapFree
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
GetCommandLineA
HeapAlloc
InterlockedIncrement
InterlockedDecrement
RaiseException
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
lstrlenW
lstrlenA
GetCurrentDirectoryA
FreeLibrary
SetCurrentDirectoryA
WideCharToMultiByte
MultiByteToWideChar
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
GlobalFree
SetEnvironmentVariableA

advapi32

RegFlushKey
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear

shlwapi

AssocQueryStringA

comctl32

ord17

urlmon

FindMimeFromData

user32

EnableWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
LoadStringA
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetTopWindow
MessageBoxA
WinHelpA
GetCapture
GetWindowPlacement

gdi32

SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetStockObject
SetMapMode
SetViewportOrgEx
Escape
ExtTextOutA
GetClipBox
CreateBitmap
TextOutA
RectVisible
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

_JNI_OnLoad@8
_Java_org_jdesktop_jdic_browser_WebBrowser_nativeGetWindow@12
_Java_org_jdesktop_jdic_browser_internal_WebBrowserUtil_nativeGetBrowserPath@8
_Java_org_jdesktop_jdic_browser_internal_WebBrowserUtil_nativeGetMozillaGreHome@8
_Java_org_jdesktop_jdic_browser_internal_WebBrowserUtil_nativeSetEnv@8
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_AssocQueryString@16
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_ExpandEnvironmentStrings@12
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_RegCloseKey@12
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_RegOpenKey@20
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_RegQueryValueEx@16
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_nativeBrowseURLInIE@16
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_openMapiMailer@32
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_resolveLinkFile@12
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_shellExecute@16
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_shutDown@8
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_ExpandEnvironmentStrings@12
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_FindMimeFromData@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegCloseKey@12
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegCreateKeyEx@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegDeleteKey@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegDeleteValue@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegEnumKeyEx@20
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegEnumValue@20
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegFlushKey@12
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegOpenKey@20
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegQueryInfoKey@12
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegQueryValueEx@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegSetValueEx@20
_Java_org_jdesktop_jdic_init_InitUtility_getEnv@12
_Java_org_jdesktop_jdic_init_InitUtility_setEnv@16

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jdic.pack
jdic_stub.pack
jflac.pack
.js
jl.pack
jmdns.pack
launch.properties
log4j.pack
looks.pack
lw-azureus.pack
lw-common.pack
lw-io.pack
lw-rudp.pack
lw-security.pack

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 884KB

.rsrc Size: 21KB - Virtual size: 21KB

5db51dce57ada4573059e6a7656d53ac

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

28:6f:8a:30:e2:ea:c6:96:5b:93:6f:82:6a:05:30:5dCertificate

Extended Key Usages

Key Usages

01:23:85:6a:43:2e:90:f4:e0:f0:25:d3:98:74:4b:56:57:05:c7:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

version

rpcrt4

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

f51ad16cc9cd56f9a16e2a16dbc06ef0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

28:6f:8a:30:e2:ea:c6:96:5b:93:6f:82:6a:05:30:5dCertificate

Extended Key Usages

Key Usages

fb:69:42:e7:4f:06:53:63:46:3f:d0:43:f8:ed:72:47:b9:1e:e6:3bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 884KB

.rsrc
Size: 21KB - Virtual size: 21KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

28:6f:8a:30:e2:ea:c6:96:5b:93:6f:82:6a:05:30:5d
Certificate

01:23:85:6a:43:2e:90:f4:e0:f0:25:d3:98:74:4b:56:57:05:c7:fb
Signer

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

28:6f:8a:30:e2:ea:c6:96:5b:93:6f:82:6a:05:30:5d
Certificate

fb:69:42:e7:4f:06:53:63:46:3f:d0:43:f8:ed:72:47:b9:1e:e6:3b
Signer

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 6KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

28:6f:8a:30:e2:ea:c6:96:5b:93:6f:82:6a:05:30:5d
Certificate

64:7d:38:a9:35:10:9f:5e:e2:b1:bf:d7:0a:49:e3:15:50:ba:f9:ab
Signer

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 1024B - Virtual size: 872B

.rdata
Size: 1024B - Virtual size: 824B

.data
Size: - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 272B