867e75ee5d9e2ff92db12fd7350093d3

Sharing

Copy URL Twitter E-mail

General

Target

867e75ee5d9e2ff92db12fd7350093d3
Size

2.0MB
MD5

867e75ee5d9e2ff92db12fd7350093d3
SHA1

ea43b3b7082fdb54065c26990eab7329539fe50b
SHA256

40c0f8cb33306a53aabe933ff0d9e3391ce13b62882ba83f65cdafa835a2aeca
SHA512

0bc07db353928648ccbd8a67f8a006fb3eec883f9123678bbac242e528251a044530b11f007175eeaa5b1f4d93e57e372745d22e2cc4af51d7c055af7775d2e0
SSDEEP

49152:V8MM5zDDFQEJrGcSKGQjvfIjhgwnOQKQsae+lgF+FRqxNGF:V8MM5zDDOurJSJQjvf4iMsaXWF+FAzGF

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/Builder.exe	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
static1/unpack001/Builder.exe	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Builder.exe

Files

867e75ee5d9e2ff92db12fd7350093d3
.rar
Builder.exe
.exe windows:4 windows x86 arch:x86

9086c7d132c408997369ed4e2c65fe6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
ord593
__vbaVarForInit
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaBoolVar
_CIsin
ord631
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
ord648
__vbaVarInt
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarMod
__vbaVarCopy
ord616
ord617
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 492KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 892KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Log.php/log.php
OCX/Codejock.CommandBars.v12.1.0.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c2fa87eb9d83e32862ab538f4e1969f9

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:9f:8d:f8:a6:01:ff:8d:44:c8:36:d0:bf:b6:00:e5:f6:02:24:11
Signer

Actual PE Digest

5b:9f:8d:f8:a6:01:ff:8d:44:c8:36:d0:bf:b6:00:e5:f6:02:24:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord567
ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord283
ord703
ord603
ord1989
ord1969
ord2454
ord3508
ord273
ord403
ord2393
ord786
ord5989
ord519
ord3216
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord4277
ord6283
ord4278
ord2763
ord4204
ord538
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord6571
ord3030
ord2639
ord6109
ord6335
ord2546
ord291
ord923
ord2714
ord5785
ord1842
ord3092
ord1270
ord2867
ord1859
ord859
ord2795
ord4083
ord4287
ord1140
ord1829
ord656
ord2089
ord4047
ord6199
ord2642
ord3803
ord4284
ord4124
ord939
ord941
ord5631
ord3089
ord1217
ord1883
ord2884
ord3084
ord3348
ord4351
ord2625
ord297
ord619
ord5860
ord2464
ord4036
ord1656
ord3443
ord3786
ord434
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord5148
ord3716
ord790
ord6111
ord2113
ord6880
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3402
ord768
ord489
ord2302
ord4258
ord3699
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2298
ord2370
ord6334
ord3721
ord795
ord3097
ord5953
ord2301
ord6241
ord1908
ord1690
ord4439
ord2054
ord771
ord2041
ord498
ord1008
ord4259
ord4715
ord5718
ord1568
ord1180
ord6728
ord2629
ord1137
ord609
ord807
ord5510
ord3027
ord4042
ord1652
ord429
ord4431
ord5849
ord5288
ord2576
ord4397
ord3352
ord4644
ord4217
ord3577
ord4225
ord1719
ord4060
ord4123
ord2937
ord2575
ord4396
ord3574
ord5890
ord1229
ord3957
ord4234
ord2243
ord1234
ord6402
ord6403
ord3521
ord3887
ord2830
ord4222
ord5467
ord1581
ord2918
ord2805
ord960
ord6314
ord4179
ord5445
ord6012
ord5775
ord2603
ord3180
ord3183
ord3176
ord3652
ord6401
ord3522
ord1643
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord975
ord5472
ord3403
ord2879
ord2878
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord3369
ord4427
ord366
ord5012
ord4151
ord3623
ord674
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord2383
ord4437
ord5255
ord3373
ord402
ord4428
ord4153
ord3651
ord5284
ord5282
ord4317
ord3448
ord1664
ord3499
ord3175
ord2515
ord355
ord1929
ord4268
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord554
ord4021
ord2097
ord5884
ord2921
ord5883
ord2120
ord5805
ord2513
ord293
ord955
ord1194
ord805
ord4364
ord1709
ord3583
ord620
ord298
ord4230
ord4759
ord2408
ord4285
ord3815
ord5129
ord3742
ord4895
ord4896
ord4832
ord4894
ord1904
ord4515
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4723
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord4432
ord761
ord569
ord480
ord4256
ord4461
ord3103
ord5260
ord2785
ord1767
ord5925
ord6130
ord6128
ord6131
ord6216
ord3816
ord5146
ord5037
ord6603
ord6565
ord6802
ord6825
ord6026
ord6027
ord5856
ord3610
ord3520
ord1803
ord1716
ord4454
ord4755
ord2681
ord5153
ord4530
ord4525
ord4544
ord4542
ord4523
ord5685
ord3274
ord439
ord736
ord1858
ord5495
ord6242
ord6320
ord2571
ord5053
ord4114
ord1865
ord979
ord5782
ord2566
ord3920
ord353
ord324
ord6129
ord3753

msvcrt

wcsstr
_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
sscanf
_ftol
_CIpow
__CxxFrameHandler
wcslen
strtod
mbstowcs
wcsncpy
calloc
_mbctype
_mbschr
qsort
_mbsrchr
rand
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
swscanf
floor
ceil
_strdup
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcscmp

kernel32

LocalFree
GlobalFree
GlobalSize
lstrcpyA
Sleep
GetCurrentProcessId
SetFileAttributesA
GetModuleFileNameA
CreateDirectoryA
CompareStringA
GetCurrentDirectoryA
lstrlenA
lstrcpynA
GetVersion
InterlockedDecrement
GetTickCount
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventA
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
DeleteFileA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

MoveWindow
DeferWindowPos
UnionRect
GetTabbedTextExtentA
GetClipboardData
FindWindowExA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
DrawFocusRect
GetLastActivePopup
GetWindowLongA
IntersectRect
SetCapture
LockWindowUpdate
GetDCEx
IsRectEmpty
GetCapture
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
BringWindowToTop
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
IsCharLowerA
ToAsciiEx
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
IsWindowEnabled
MessageBoxA
OpenClipboard
EmptyClipboard
CloseClipboard
SetForegroundWindow
GetActiveWindow
SetActiveWindow
GetClassLongA
GetMenuDefaultItem
CreatePopupMenu
GetDlgItem
SetParent
MapWindowPoints
SetFocus
GetClassNameA
ShowWindow
IsDialogMessageA
IsClipboardFormatAvailable
wsprintfA
TranslateMessage
WaitMessage
UpdateWindow
GetTopWindow
GetWindow
GetDlgCtrlID
InflateRect
HideCaret
SetCursor
ShowCaret
GetNextDlgTabItem
GetFocus
IsChild
MapVirtualKeyA
RedrawWindow
IsZoomed
CharUpperA
GetKeyboardLayoutList
GetClientRect
GetKeyboardState
MessageBeep
PostMessageA
IsMenu
GetMenuItemCount
GetMenuItemInfoA
GetMenuItemID
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
GetSystemMetrics
IsIconic
CopyAcceleratorTableA
GetKeyboardLayout
MapVirtualKeyExA
SetWindowsHookExA
GetKeyNameTextA
FillRect
DrawEdge
GetDoubleClickTime
ShowScrollBar
SendMessageTimeoutA
AdjustWindowRectEx
SetCursorPos
SetMenu
GetMenu
GetSystemMenu
LoadIconA
GetMenuState
DestroyMenu
GetClipboardFormatNameA
BeginDeferWindowPos
EndDeferWindowPos
GetParent
DrawFrameControl
LoadMenuIndirectA
GetMenuStringA
GetMenuStringW
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
GetForegroundWindow
DrawStateA

gdi32

CreateRectRgn
CombineRgn
CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
PtInRegion
EnumFontFamiliesA
GetViewportOrgEx
CreatePatternBrush
GetTextColor
ExtFloodFill
Ellipse
GetCurrentObject
GetMapMode
CreateFontA
Polyline
Rectangle
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
Escape
GetWindowExtEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
GetTextAlign
GetTextMetricsA
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
AbortDoc
EndDoc
EndPage
StartPage
DPtoLP
StartDocA
SetAbortProc
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
GetViewportExtEx
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA

comctl32

ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Add
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageInfo
PropertySheetA
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarI4FromCy
VarI4FromR4
VarI4FromR8
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SafeArrayCreate

winmm

PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 528KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OCX/Codejock.Controls.v12.1.0.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

0aa2645479303d0ac2e1c572740c2beb

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:11:b0:70:0e:5e:81:71:b0:72:28:a5:4a:02:e8:99:08:19:b5:40
Signer

Actual PE Digest

58:11:b0:70:0e:5e:81:71:b0:72:28:a5:4a:02:e8:99:08:19:b5:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord567
ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord703
ord603
ord1969
ord2454
ord273
ord403
ord2393
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord538
ord4277
ord6283
ord4278
ord2763
ord4204
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord4287
ord1229
ord6880
ord5785
ord939
ord1150
ord6662
ord1140
ord3402
ord3610
ord656
ord765
ord6458
ord5053
ord4480
ord3092
ord2645
ord2108
ord4284
ord6377
ord2078
ord6199
ord3721
ord795
ord2116
ord6663
ord3089
ord4123
ord6170
ord3698
ord3957
ord1795
ord2642
ord1871
ord1000
ord5589
ord394
ord696
ord3435
ord4185
ord3630
ord2580
ord4400
ord682
ord1844
ord1849
ord4083
ord1848
ord5805
ord6086
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord2041
ord498
ord1008
ord3475
ord4259
ord5849
ord4715
ord2646
ord5788
ord472
ord4258
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord3719
ord793
ord768
ord489
ord2294
ord2362
ord2302
ord4976
ord6334
ord1771
ord6366
ord2413
ord2024
ord4401
ord692
ord1847
ord3803
ord6194
ord4124
ord1815
ord5861
ord1651
ord2867
ord2112
ord6195
ord3520
ord6401
ord3870
ord2463
ord3711
ord783
ord1816
ord4234
ord324
ord2575
ord4396
ord609
ord2714
ord6008
ord6905
ord3574
ord801
ord541
ord2301
ord668
ord2770
ord356
ord6883
ord1858
ord2652
ord1669
ord4538
ord3530
ord2439
ord1693
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord3133
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord1205
ord723
ord4249
ord4996
ord4743
ord5888
ord5979
ord6128
ord5573
ord3199
ord5033
ord5574
ord3057
ord4820
ord2566
ord559
ord812
ord1088
ord5862
ord5610
ord1829
ord3876
ord2546
ord291
ord1927
ord4530
ord4544
ord4523
ord5685
ord3274
ord439
ord736
ord5495
ord5782
ord3920
ord1262
ord1832
ord5651
ord350
ord6447
ord4033
ord5642
ord1083
ord501
ord1114
ord1113
ord1877
ord3376
ord423
ord1126
ord1614
ord4811
ord1685
ord6040
ord3742
ord3474
ord5008
ord353
ord6874
ord5683
ord5953
ord3499
ord2515
ord355
ord4042
ord2613
ord1706
ord6570
ord729
ord2504
ord2795
ord430
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5252
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord4723
ord5121
ord674
ord5483
ord2496
ord5959
ord3119
ord6042
ord3230
ord3212
ord2901
ord5984
ord3203
ord6166
ord3804
ord4788
ord4760
ord4390
ord4651
ord4735
ord5328
ord5314
ord1605

msvcrt

wcsstr
_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
_ftol
_CIpow
__CxxFrameHandler
sscanf
wcslen
strtod
mbstowcs
wcsncpy
calloc
realloc
_splitpath
floor
_mbsnbcmp
_fstat
fopen
fclose
fseek
ftell
fgets
_mbschr
isprint
sprintf
isxdigit
_ismbcalnum
_ismbcspace
_ismbcdigit
_ismbcprint
_ismbcalpha
qsort
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
_mbctype
swscanf
ceil
_mbsrchr
_strdup
_mbsinc
wcstombs
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcscmp

kernel32

lstrlenW
IsDBCSLeadByte
lstrcpyA
lstrcpynA
InterlockedDecrement
GlobalSize
LocalFree
GetPrivateProfileIntA
lstrlenA
GetCurrentDirectoryA
GetModuleFileNameA
GetTickCount
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
GetForegroundWindow
GetLastActivePopup
GetWindowLongA
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
GetCapture
DragDetect
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
ShowCaret
GetScrollInfo
GetScrollPos
GetWindowPlacement
ShowWindow
GetClassLongA
LoadIconA
WinHelpA
RemoveMenu
BeginDeferWindowPos
EndDeferWindowPos
wsprintfA
OpenClipboard
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageA
DrawFrameControl
GetFocus
SetCursor
DrawFocusRect
FillRect
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringA
SetWindowTextA
GetDlgCtrlID
GetWindow
GetClassNameA
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
DrawAnimatedRects
FindWindowA
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
SetClassLongA
GetDlgItem
DestroyCaret
GetSystemMenu
GetSystemMetrics
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
VkKeyScanA
CreateAcceleratorTableA
DestroyAcceleratorTable
DrawMenuBar
GetMenu
DeferWindowPos
SetWindowPlacement
UnionRect
TranslateMessage
GetDoubleClickTime
GetTabbedTextExtentA
IsChild
HideCaret
GetMenuItemCount
GetMenuItemID
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
GetMessageA
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsA
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontA
GetCharWidthA
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
GetViewportExtEx
GetWindowExtEx
Ellipse
Polyline
CombineRgn
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
Rectangle
GetTextExtentPointA
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
StrokePath
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

DragQueryFileA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
Shell_NotifyIconA

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1000KB - Virtual size: 997KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 340KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OCX/Registrator.exe
.exe windows:4 windows x86 arch:x86

7e753ff681654f6baf71d608521060db

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d
Signer

Actual PE Digest

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord800
ord2514
ord2764
ord537
ord1205
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord1089
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord535
ord860
ord540
ord1168
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord858
ord1146
ord567
ord2358
ord2302
ord6215
ord5949
ord6199
ord3998
ord2614
ord4277
ord4129
ord6648
ord3092
ord4160
ord2863
ord668
ord2642
ord3178
ord2781
ord2770
ord924
ord356
ord6334
ord2379
ord755
ord470
ord3181
ord6907
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbsrchr
__CxxFrameHandler
_setmbcp
_initterm

kernel32

GetCommandLineA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetSystemMenu
DrawIcon
GetClientRect
AppendMenuA
IsIconic
EnableWindow
SendMessageA
GetSystemMetrics
FindWindowA
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9086c7d132c408997369ed4e2c65fe6f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 492KB - Virtual size: 488KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 892KB - Virtual size: 889KB

c2fa87eb9d83e32862ab538f4e1969f9

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bfCertificate

Extended Key Usages

Key Usages

5b:9f:8d:f8:a6:01:ff:8d:44:c8:36:d0:bf:b6:00:e5:f6:02:24:11Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 252KB - Virtual size: 251KB

.data Size: 56KB - Virtual size: 65KB

.rsrc Size: 528KB - Virtual size: 526KB

.reloc Size: 124KB - Virtual size: 123KB

0aa2645479303d0ac2e1c572740c2beb

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bfCertificate

Extended Key Usages

Key Usages

58:11:b0:70:0e:5e:81:71:b0:72:28:a5:4a:02:e8:99:08:19:b5:40Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

.text
Size: 492KB - Virtual size: 488KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 892KB - Virtual size: 889KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

5b:9f:8d:f8:a6:01:ff:8d:44:c8:36:d0:bf:b6:00:e5:f6:02:24:11
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 56KB - Virtual size: 65KB

.rsrc
Size: 528KB - Virtual size: 526KB

.reloc
Size: 124KB - Virtual size: 123KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

58:11:b0:70:0e:5e:81:71:b0:72:28:a5:4a:02:e8:99:08:19:b5:40
Signer

.text
Size: 1000KB - Virtual size: 997KB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 48KB - Virtual size: 57KB

.rsrc
Size: 340KB - Virtual size: 337KB

.reloc
Size: 108KB - Virtual size: 107KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d
Signer

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 724B

.rsrc
Size: 28KB - Virtual size: 27KB