8a6388f079439c3feba7734f01cbca31

Sharing

Copy URL Twitter E-mail

General

Target

8a6388f079439c3feba7734f01cbca31
Size

9.4MB
MD5

8a6388f079439c3feba7734f01cbca31
SHA1

4960d4d41bec9558906158a7eb5399d8b639e4e0
SHA256

d5cde92928823ef47e7975771b856e1c1ff53f32f5ce20338773cfa6627cf6ce
SHA512

b55c25ed722f0127cecd7aa569268c0b841fa1d2a4c13f30ed97767fc773513b8fb6ce9833a5390a4bd9e816e18832b94b9a3183333bf9eb5fad40cd646e1888
SSDEEP

196608:XsAEOQPqZAcDJVBVe+AIhjuvQ3ZtMuBIDEqMcUkd4K9MHpI+T:XexWH93VeahSQ3LMuDDc74KKJIM

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/enswerapi.dll	patched_upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/OpenPot.exe
unpack001/enswerapi.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

8a6388f079439c3feba7734f01cbca31
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:04:a9:20:05:c2:70:cd:b6:1e:e7:79:98:b5:4c:18
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/07/2011, 00:00

Not After

27/08/2013, 23:59

Subject

CN=Media works,O=Media works,L=Anyang,ST=Kyunggi,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d1:de:76:97:a3:05:8f:ff:6d:b0:59:85:ad:c3:cf:ef:42:f5:a7:f8
Signer

Actual PE Digest

d1:de:76:97:a3:05:8f:ff:6d:b0:59:85:ad:c3:cf:ef:42:f5:a7:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/AILogix/CUXL/CUXLMonx.dll
.dll regsvr32 windows:5 windows x86 arch:x86

cdc64a35f5dd9776de5cf423d34436ac

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:01:0b:3a:0d:6d:ef:85:de:77:8d:9a:82:38:f4:a7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/04/2011, 00:00

Not After

04/04/2012, 23:59

Subject

CN=AILOGIX PTY LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AILOGIX PTY LTD,ST=Queensland,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:f2:8b:0b:9d:8c:42:3b:c1:07:26:75:5a:fa:be:b4:2c:6c:9b:50
Signer

Actual PE Digest

eb:f2:8b:0b:9d:8c:42:3b:c1:07:26:75:5a:fa:be:b4:2c:6c:9b:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\projects\public\ailogix\private\vaite\private\project\win\vc9.0\build\bin\Release\Win32\CUXLMon.pdb

Imports

kernel32

LocalAlloc
CreateFileW
GetVersionExW
CloseHandle
GetFileSize
lstrlenA
MultiByteToWideChar
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetSystemTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
GetTickCount
FormatMessageW
LocalFree
lstrcpynW
lstrcpyW
WideCharToMultiByte
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
DisableThreadLibraryCalls
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetProcAddress
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
lstrcpyA
lstrcmpiA
lstrcpynA
WaitForSingleObject
ResumeThread
SetEvent
ResetEvent
CreateEventW
GetExitCodeThread
TryEnterCriticalSection
WaitForMultipleObjects
GetSystemInfo
Sleep
CreateIoCompletionPort
CancelIo
PostQueuedCompletionStatus
GetQueuedCompletionStatus
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
HeapReAlloc
FatalAppExitA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
CreateThread
ExitThread
GetCommandLineA
VirtualProtect
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
DeleteFileW
WriteFile
GetFileTime
ReadFile
GetFileAttributesW
SetFileAttributesW
SetFilePointer
SetEndOfFile
IsBadCodePtr
VirtualQuery
VirtualAlloc
InterlockedCompareExchange

user32

SetWindowLongW
GetWindowLongW
ShowWindow
UnregisterClassA
GetClassInfoExW
LoadCursorW
ReleaseDC
GetDC
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
DefWindowProcW
BeginPaint
CallWindowProcW
SetFocus
IsChild
GetFocus
GetParent
GetKeyState
IsWindow
InvalidateRect
RegisterClassExW
CreateWindowExW
GetActiveWindow
UnionRect
PtInRect
DestroyWindow
CharNextW
GetClientRect

gdi32

CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutW
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
GetClipRgn

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyW

shell32

SHGetFolderPathW
SHGetFileInfoW
SHFileOperationW
ShellExecuteW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
WriteClassStm
OleSaveToStream
ReadClassStm
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemAlloc

oleaut32

VariantCopy
OleCreatePropertyFrame
VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarUI8FromStr
VarBstrCmp
VarBstrFromUI4
VarBstrFromUI8

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW
StrToIntExW
StrToIntW
UrlEscapeW
UrlCreateFromPathW
PathAppendW
PathRemoveBackslashW
PathFileExistsW
StrFromTimeIntervalW
StrFormatByteSizeW
StrToInt64ExW
wnsprintfW
PathIsDirectoryW

ws2_32

WSAStartup
WSACleanup
inet_ntoa
htonl
inet_addr
gethostbyname
WSAConnect
WSAGetOverlappedResult
WSAAccept
__WSAFDIsSet
WSAIoctl
WSASend
WSARecv
select
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAGetLastError
bind
listen
ntohs
shutdown
closesocket
WSACreateEvent
ioctlsocket
WSAEventSelect
WSARecvFrom
WSASendTo
htons
setsockopt
WSACloseEvent
WSASocketW
getsockopt
getsockname

urlmon

CreateAsyncBindCtx
CreateURLMoniker
URLDownloadToFileW
ReleaseBindInfo
RevokeBindStatusCallback
FindMimeFromData
RegisterBindStatusCallback

wininet

CommitUrlCacheEntryW
CreateUrlCacheEntryW
SetUrlCacheEntryInfoW
RetrieveUrlCacheEntryFileW
GetUrlCacheEntryInfoW
InternetTimeFromSystemTimeW
FindFirstUrlCacheEntryExW
FindCloseUrlCache
FindNextUrlCacheEntryExW
UnlockUrlCacheEntryFileW
DeleteUrlCacheEntryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetIfTable
GetIfEntry

Exports

Exports

AcquireCUXLNetHandle
CUXLNetAbortFile
CUXLNetCloseFile
CUXLNetConnectFileA
CUXLNetConnectFileExA
CUXLNetConnectFileExW
CUXLNetConnectFileStreamA
CUXLNetConnectFileStreamExA
CUXLNetConnectFileStreamExW
CUXLNetConnectFileStreamW
CUXLNetConnectFileW
CUXLNetFileAddRef
CUXLNetFileRelease
CUXLNetLockRequestFile
CUXLNetOpenFile
CUXLNetQueryFileDataAvailable
CUXLNetReadFile
CUXLNetSetFilePointer
CUXLNetSetStatusCallback
CUXLNetUnlockRequestFile
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
ReleaseCUXLNetHandle
UninstallA
UninstallW

Sections

.text
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Capfile.ico
$SYSDIR/Capfile_License.txt
$SYSDIR/OpenPot.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/WSLcapfile.exe
.exe windows:4 windows x86 arch:x86

8f3e2749baae6bdab52fbd8c2bbf4d3a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e1:4b:21:95:f6:9e:03:83:6d:ba:87:28:d3:0d:8f
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/02/2011, 00:00

Not After

08/03/2012, 23:59

Subject

CN=Datawave System Inc.,OU=Business Solution Divsion,O=Datawave System Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateProcess
Sleep
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateMutexA
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep
GetVersionExA

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

shell32

Shell_NotifyIconA
ShellExecuteExA

Sections

.text
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/WSLcapfile_agree.txt
$SYSDIR/openpot_agree.txt
CapfileDown.exe
.exe windows:4 windows x86 arch:x86

f70aad45d2f5fa4f5c09c869184911ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

01:92:5d:a7:8e:1d:d4:f0:94:7f:71:a5:86:aa:5a:cb
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

22/07/2010, 00:00

Not After

22/07/2011, 23:59

Subject

CN=Media works,O=Media works,L=Anyang,ST=Kyunggi,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\documents and settings\dra\바탕 화면\웹하드\캡파일\클루넷_grid\capfile\speeddown\downclient\release\ApplefilesDown.pdb

Imports

ws2_32

select
getsockopt
__WSAFDIsSet
bind
htons
setsockopt
WSAEventSelect
WSACreateEvent
WSAGetLastError
WSASocketW
ntohs
connect
closesocket
WSACloseEvent
WSAStartup
WSACleanup
listen
accept
send
recv
ioctlsocket
socket
ntohl
gethostname
gethostbyname
inet_ntoa
htonl
inet_addr

iphlpapi

GetAdaptersInfo
GetIpNetTable

kernel32

GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
GetFullPathNameW
FormatMessageW
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalGetAtomNameW
SetErrorMode
WritePrivateProfileStringW
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ExitThread
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetDriveTypeA
FreeResource
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalDeleteAtom
ReadDirectoryChangesW
GetModuleHandleA
GetModuleFileNameA
CreateFileA
IsProcessorFeaturePresent
GetSystemInfo
lstrcmpiW
GlobalMemoryStatus
FindNextFileW
GetDriveTypeW
GetFileTime
SetFileTime
GlobalMemoryStatusEx
GetFileSizeEx
MoveFileExW
GetVersionExA
SetFilePointerEx
SetEndOfFile
GetCurrentThreadId
LocalAlloc
ResetEvent
CreateNamedPipeW
ExitProcess
TerminateProcess
OpenMutexW
GetCurrentProcessId
OpenEventW
SetFilePointer
CreateProcessW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetLocalTime
CreateDirectoryW
InterlockedDecrement
QueryPerformanceFrequency
QueryPerformanceCounter
CreateThread
CreateEventW
SetEvent
TerminateThread
SuspendThread
MoveFileW
WriteFile
LocalFree
ReleaseMutex
ResumeThread
SetThreadPriority
lstrcpynW
MulDiv
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
FindClose
FindFirstFileW
HeapAlloc
HeapDestroy
HeapFree
HeapCreate
FindResourceW
LoadResource
LockResource
SizeofResource
SetCurrentDirectoryW
GetTickCount
GetCommandLineW
ReadFile
GetFileSize
CreateFileW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
OpenProcess
SetLastError
WaitForSingleObject
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
DeleteCriticalSection
lstrcpyW
lstrcmpW
lstrlenW
GetPrivateProfileStringW
GetModuleFileNameW
InitializeCriticalSection
lstrlenA
DeleteFileW
CloseHandle
GetCurrentProcess
Sleep
GetLastError
CreateMutexW
FileTimeToLocalFileTime
RaiseException
FileTimeToSystemTime

user32

ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatW
PostThreadMessageW
LoadCursorW
DrawIcon
IsRectEmpty
CharUpperW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
SystemParametersInfoW
GetMenuItemInfoW
ShowOwnedPopups
GetMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
LoadMenuW
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
PostQuitMessage
RegisterWindowMessageW
EnumWindows
GetWindowTextW
AttachThreadInput
GetForegroundWindow
SetWindowPos
ReleaseDC
EnableMenuItem
RegisterClassExW
CreateWindowExW
DefWindowProcW
IsWindowVisible
DrawFocusRect
GetFocus
FillRect
SetWindowRgn
GetActiveWindow
SetRect
GetDC
GetWindowLongW
IsWindow
GetDesktopWindow
CallWindowProcW
MessageBoxW
GetParent
SetCursor
UpdateWindow
RedrawWindow
LoadBitmapW
DestroyIcon
LoadImageW
DrawIconEx
CopyRect
PtInRect
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
OffsetRect
GetSystemMetrics
InflateRect
GetSysColor
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
CreatePopupMenu
DestroyWindow
EnableWindow
DispatchMessageW
TranslateMessage
PeekMessageW
ExitWindowsEx
ShowWindow
PostMessageW
InvalidateRect
GetWindowRect
ReplyMessage
SetForegroundWindow
GetKeyState
LoadAcceleratorsW
InsertMenuItemW
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
MessageBeep
GetClientRect
SendMessageW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
GetSysColorBrush
UnregisterClassW
GetMenu
SetTimer
SetWindowLongW
GetWindowThreadProcessId
FindWindowW
AppendMenuW
GetSystemMenu
KillTimer
LoadIconW
GetClassInfoW
UnregisterClassA
wsprintfW

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
Escape
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
GetDIBits
CreateRectRgn
CreateFontW
SetRectRgn
CreateRectRgnIndirect
GetDeviceCaps
CreatePen
CombineRgn
ExtCreateRegion
CreateDIBSection
DeleteDC
SetBkColor
BitBlt
GetMapMode
SetMapMode
CreateCompatibleBitmap
CreateBitmap
DPtoLP
SelectObject
CreateCompatibleDC
StretchBlt
DeleteObject
CreateFontIndirectW
GetObjectW
GetTextExtentPoint32W
Rectangle
GetStockObject
CreateSolidBrush
RestoreDC
SaveDC
ExtTextOutW
GetClipBox
SetTextColor
SetBkMode

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
QueryServiceConfigW
DeleteService
ControlService
CreateServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegConnectRegistryW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathGetArgsW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
StrFormatByteSizeW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
OleInitialize
CoUninitialize
CoInitializeEx
CoInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc

oleaut32

SysAllocStringLen
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SysStringLen
VariantInit
VariantClear
SysAllocString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString
GetErrorInfo

version

VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CapfileUp.exe
.exe windows:4 windows x86 arch:x86

e9d6c7ac4a8a5f992a575ccdf3c7aef4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

01:92:5d:a7:8e:1d:d4:f0:94:7f:71:a5:86:aa:5a:cb
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

22/07/2010, 00:00

Not After

22/07/2011, 23:59

Subject

CN=Media works,O=Media works,L=Anyang,ST=Kyunggi,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Documents and Settings\JiNo\바탕 화면\웹하드_Application\캡파일\Capfile_client_20101210\Capfile\Bin\CapfileUp.pdb

Imports

shell32

DragFinish
DragQueryFileA
SHGetFileInfoA
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA

kernel32

TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
TlsAlloc
ExitProcess
HeapSize
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GlobalHandle
TlsGetValue
LocalAlloc
GlobalFlags
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
SuspendThread
ResumeThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetCurrentProcessId
GetModuleFileNameW
FormatMessageA
LocalFree
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetProcessHeap
GetCommandLineA
lstrcmpA
GetCurrentProcess
DuplicateHandle
GetExitCodeProcess
CreateRemoteThread
FreeLibrary
GetSystemDirectoryA
DeleteFileA
GetNumberFormatA
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
InterlockedDecrement
GetModuleFileNameA
GetCurrentThreadId
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
GetTickCount
CloseHandle
CreateMutexA
Sleep
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
WideCharToMultiByte
CompareStringA
CompareStringW
InterlockedExchange
GetVersion
MultiByteToWideChar
lstrcpynA
MulDiv
lstrcpyA
lstrlenA
GetStartupInfoA
CreateFileW

user32

LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
PostThreadMessageA
UnregisterClassA
GetMenuItemInfoA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
InsertMenuItemA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
ScrollWindow
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
LoadIconA
DrawIconEx
GetWindowLongA
GetMenuState
EnableMenuItem
CheckMenuItem
ExitWindowsEx
ReplyMessage
SetWindowPos
ReleaseDC
MapWindowPoints
EnumChildWindows
GetClassNameA
FindWindowA
SetWindowRgn
GetActiveWindow
GetDC
SetRect
GetParent
GetWindowRect
IsWindow
SetWindowLongA
CallWindowProcA
RedrawWindow
UpdateWindow
SetRectEmpty
SetMenu
TranslateAcceleratorA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
EndDeferWindowPos
CharNextA
CharUpperA
CopyRect
PtInRect
InflateRect
LoadBitmapA
FillRect
DrawFocusRect
SendMessageA
GetClientRect
InvalidateRect
GetFocus
EnableWindow
GetClassInfoA
MessageBoxA
PostMessageA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetTimer
KillTimer
ShowWindow
SetForegroundWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
CloseWindow
GetSystemMetrics
GetSysColor
ReleaseCapture
GetIconInfo
LoadImageA
DestroyIcon
OffsetRect
ClientToScreen
SetCursor
WindowFromPoint
SetCapture
GetCapture

gdi32

ExtSelectClipRgn
CreatePatternBrush
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CreateSolidBrush
CreatePen
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateDCA
GetPixel
CreateRectRgn
CreateFontA
CreateDIBSection
ExtCreateRegion
CombineRgn
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreateFontIndirectA
DeleteObject
GetStockObject
GetTextExtentPoint32A
StretchBlt
Rectangle
GetDeviceCaps
CreateCompatibleDC
SelectClipRgn

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

AdjustTokenPrivileges
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegConnectRegistryA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA

comctl32

ord17

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathGetArgsA
StrFormatByteSize64A
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

CoFreeUnusedLibraries
CoUninitialize
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantChangeType
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString

ws2_32

connect
WSACleanup
htons
inet_addr
closesocket
socket
send
__WSAFDIsSet
WSAGetLastError
select
WSASocketA
WSARecv
WSASend
WSAWaitForMultipleEvents
setsockopt
WSAConnect
WSAStartup

enswerapi

EnswerAPIDisconnect
DeleteReport
EnswerAPIUploadCheck
EnswerAPIDelete
NewReport
EnswerAPIConnect
EnswerAPINew
EnswerAPISetEnv
EnswerAPIGetUnitedHash
EnswerAPIInit

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 480KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 624KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
enswerapi.dll
.dll windows:4 windows x86 arch:x86

b3e852034ea11aea0265009c1f4cfab8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

inet_ntoa
gethostbyname
send
inet_addr
ioctlsocket
htons
shutdown
setsockopt
socket
closesocket
WSAStartup
WSAGetLastError

kernel32

PeekNamedPipe
GetFileInformationByHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
CreatePipe
TerminateThread
CreateProcessA
CloseHandle
TerminateProcess
GetLastError
CreateMutexA
GetCurrentProcessId
CreateThread
GetProcAddress
LoadLibraryA
GetVersionExA
CreateFileA
GetFileSize
ReadFile
GetLocaleInfoW
GetSystemTimeAsFileTime
GetTickCount
LockResource
LoadResource
CreateDirectoryA
SizeofResource
FindResourceA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
GetFileAttributesA
MultiByteToWideChar
IsDBCSLeadByteEx
WideCharToMultiByte
InterlockedExchange
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
WriteFile
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetCurrentDirectoryA
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoA
SetHandleCount
SetStdHandle
CreateFileW
GetFileType
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DuplicateHandle
DeleteFileA
RemoveDirectoryA
GetTimeFormatA
GetDateFormatA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetTimeZoneInformation
FindNextFileA
GetCommandLineA
RtlUnwind
RaiseException
MoveFileA
HeapReAlloc
SetFilePointer
GetModuleHandleA
ExitProcess
GetFullPathNameA
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetLastError
GetStdHandle
GetEnvironmentStrings

ws2_32

WSACloseEvent
WSAResetEvent
WSACleanup
WSAWaitForMultipleEvents
WSAConnect
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSACreateEvent
WSARecv

Exports

Exports

DeleteReport
EnswerAPIConnect
EnswerAPIConnectArg
EnswerAPIConnectArg2
EnswerAPIDelete
EnswerAPIDisconnect
EnswerAPIDownloadCheck
EnswerAPIDownloadCheckByKey
EnswerAPIGetErrorString
EnswerAPIGetHash
EnswerAPIGetLastError
EnswerAPIGetUnitedHash
EnswerAPIInit
EnswerAPINew
EnswerAPISetEnv
EnswerAPISetEnv2
EnswerAPISetLastError
EnswerAPIStopUploadCheck
EnswerAPIUploadCheck
EnswerAPIUploadCheck_NoHashCheck
NewReport

Sections

.text
Size: 472KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stabstr
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

10:04:a9:20:05:c2:70:cd:b6:1e:e7:79:98:b5:4c:18Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

d1:de:76:97:a3:05:8f:ff:6d:b0:59:85:ad:c3:cf:ef:42:f5:a7:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 9KB - Virtual size: 8KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

cdc64a35f5dd9776de5cf423d34436ac

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:01:0b:3a:0d:6d:ef:85:de:77:8d:9a:82:38:f4:a7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

eb:f2:8b:0b:9d:8c:42:3b:c1:07:26:75:5a:fa:be:b4:2c:6c:9b:50Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

10:04:a9:20:05:c2:70:cd:b6:1e:e7:79:98:b5:4c:18
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

d1:de:76:97:a3:05:8f:ff:6d:b0:59:85:ad:c3:cf:ef:42:f5:a7:f8
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 9KB - Virtual size: 8KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:01:0b:3a:0d:6d:ef:85:de:77:8d:9a:82:38:f4:a7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

eb:f2:8b:0b:9d:8c:42:3b:c1:07:26:75:5a:fa:be:b4:2c:6c:9b:50
Signer

.text
Size: 659KB - Virtual size: 659KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 28KB - Virtual size: 35KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 37KB - Virtual size: 36KB

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 588B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

1f:e1:4b:21:95:f6:9e:03:83:6d:ba:87:28:d3:0d:8f
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 674KB - Virtual size: 673KB

.itext
Size: 4KB - Virtual size: 4KB

.data
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 131KB - Virtual size: 130KB

.debug
Size: 5.9MB - Virtual size: 5.9MB