99e9b07c08bc61f23d5befb67ffae135

Sharing

Copy URL

Twitter E-mail

General

Target

99e9b07c08bc61f23d5befb67ffae135
Size

3.6MB
MD5

99e9b07c08bc61f23d5befb67ffae135
SHA1

b8f7c443178515f701c1f1442d6c5dfc638d32ca
SHA256

898afd6a9a30b774d8f6183de0c8ea19b54b69bc362af208e0960c5fe9fb52ad
SHA512

37f95d47dcd0f78725d54ef9d9d11e4ada0b103aeb1dfebf0537381bd604fe242e2862982ee341ab440a9393768950dd4bfd785b67c984b06b7ce7801c3b8ace
SSDEEP

98304:YI/2zQ8ENFN7wgO9dtN/poVlFCvLdkqN8:b2s7NF97O9p/poVdA8

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/IEHoster.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/IconixSetup.exe	nsis_installer_1

Files

99e9b07c08bc61f23d5befb67ffae135
.rar
IconixSetup.exe
.exe windows:4 windows x86 arch:x86

97318da386948415d08cef4a9006d669

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:b3:7c:bc:25:84:27:c2:66:8f:27:e8:b3:96:f1:52:15:f4:7b:60
Signer

Actual PE Digest

99:b3:7c:bc:25:84:27:c2:66:8f:27:e8:b3:96:f1:52:15:f4:7b:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AutoUpdateAgreement.ini
$PLUGINSDIR/IEHoster.dll
.dll windows:4 windows x86 arch:x86

d45586ff4b2f3d533e94f8f7dd1ac1f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\IEHoster.pdb

Imports

wininet

InternetAttemptConnect

kernel32

GetFileSize
lstrlenW
GetModuleHandleA
EnterCriticalSection
CompareStringW
InterlockedExchange
CompareStringA
WaitForSingleObject
GetExitCodeProcess
GetTickCount
LoadLibraryA
OutputDebugStringA
GetProcAddress
GetVersionExA
GetComputerNameA
GetCurrentProcessId
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
CreateMutexA
ReleaseMutex
GetFileType
SetHandleCount
GetStdHandle
WriteFile
HeapCreate
IsValidCodePage
GetOEMCP
RaiseException
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FreeLibrary
LeaveCriticalSection
SetFilePointer
lstrcpynA
lstrcmpA
GlobalAlloc
SetLastError
InitializeCriticalSection
GlobalFree
lstrcpyA
GetConsoleCP
GetStartupInfoA
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
lstrlenA
LoadLibraryExA
ReadFile
GetCurrentThreadId
CreateFileA
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
CloseHandle
TerminateProcess
IsDBCSLeadByte
OpenProcess
GlobalUnlock
InterlockedDecrement
MulDiv
GlobalLock
GetLastError
GetModuleFileNameA
InterlockedIncrement
MultiByteToWideChar
Sleep
lstrcmpiA
GlobalHandle
LockResource
LoadResource
FindResourceA
FindResourceExA
SizeofResource
WideCharToMultiByte
SetEnvironmentVariableA
ExitProcess
FreeEnvironmentStringsA

user32

ScreenToClient
ClientToScreen
GetParent
GetWindowPlacement
MapDialogRect
PostQuitMessage
IsDialogMessageA
GetKeyState
SetWindowContextHelpId
UnregisterClassA
MsgWaitForMultipleObjects
GetDesktopWindow
CharNextA
LoadCursorA
GetClassNameA
CreateWindowExA
GetSysColor
BeginPaint
GetWindow
GetClassInfoExA
IsChild
GetClientRect
GetFocus
SetWindowPos
SetFocus
RegisterClassExA
DestroyAcceleratorTable
SetCapture
DestroyWindow
ReleaseCapture
RegisterWindowMessageA
FillRect
GetWindowTextLengthA
UpdateWindow
EndPaint
MoveWindow
RedrawWindow
InvalidateRect
MapWindowPoints
GetWindowRect
GetDC
CreateDialogIndirectParamA
CreateAcceleratorTableA
InvalidateRgn
ShowWindow
GetWindowTextA
EnumWindows
ReleaseDC
GetWindowThreadProcessId
SetForegroundWindow
PeekMessageA
SetWindowTextA
FindWindowA
GetMessageA
IsWindow
PostMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
DefWindowProcA
GetWindowLongA
SetWindowLongA
CallWindowProcA
SendMessageA
EnableWindow
GetDlgItem

gdi32

GetDeviceCaps
DeleteObject
DeleteDC
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetStockObject

advapi32

GetSidSubAuthority
GetTokenInformation
GetLengthSid
SetTokenInformation
ConvertStringSidToSidA
DuplicateTokenEx
OpenProcessToken
RegQueryValueExA
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessAsUserA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
GetSidSubAuthorityCount

shell32

SHGetFolderPathA
ShellExecuteExA

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoCreateGuid
OleInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CreateStreamOnHGlobal
CoGetClassObject
OleUninitialize
OleLockRunning

oleaut32

SysStringByteLen
VariantInit
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
OleCreateFontIndirect
SysFreeString

comctl32

InitCommonControlsEx

crypt32

CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CertFindCertificateInStore
CertGetNameStringA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

Cleanup
GetRefID
IsInet
ShowBrowser
ShowBrowserRestart
ShowWebInPage
TerminateApp

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
.autoreg
.autoreg2
.autoreg3
AOLBasic_3.CAB
.cab
AOLBasicCommons.js
AOLBasicConstants.js
AOLBasicPrgCommons.js
AOLBasicPrgProcessEmail.js
AOLBasicPrgProcessEmailBulk.js
AOLBasicStatic.js
AOLBasicUtils.js
OSD93DD.OSD
URLRegExp.rul
AOL_4.CAB
.cab
AOLCommons.js
AOLConstants.js
AOLInjectedEventSimulator.js
AOLPrgChangeLogo.js
AOLPrgCheckPreviewEvents.js
AOLPrgCommons.js
AOLPrgProcessEmail.js
AOLPrgProcessEmailBulk.js
AOLPrgRecordEvent.js
AOLStatic.js
AOLUtils.js
OSD93BC.OSD
URLRegExp.rul
Commons_31.CAB
.cab
Commons.js
Constants.js
ConstantsUI.js
InjectedUI.htm
InjectedUI.js
OSD93EA.OSD
ProgramBillingCommit.js
arraylib.js
headers.js
injectorlib.js
json.js
selectorslib.js
Downloader2_1.dll
.dll windows:4 windows x86 arch:x86

3f5e49bc7efaa07529378dc95bc45328

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f5:73:27:fd:91:9f:1d:49:bc:fe:61:90:b9:37:fe:09:2c:bb:11:d8
Signer

Actual PE Digest

f5:73:27:fd:91:9f:1d:49:bc:fe:61:90:b9:37:fe:09:2c:bb:11:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\Downloader2.pdb

Imports

shell32

ord165
ShellExecuteExA
SHGetFolderPathA

urlmon

URLDownloadToFileA

kernel32

WideCharToMultiByte
lstrlenW
InterlockedCompareExchange
InterlockedDecrement
MultiByteToWideChar
lstrlenA
GetTempPathA
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
GetLastError
OutputDebugStringA
CompareStringA
CompareStringW
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
CloseHandle
WaitForSingleObject
GetVersionExA
GetComputerNameA
GetModuleFileNameA
GetModuleHandleA
TlsFree
LocalFree
SetLastError
HeapFree
GetProcessHeap
HeapAlloc
CreateFileA
OpenMutexA
Sleep
CreateEventA
CreateMutexA
ReleaseMutex
TlsSetValue
TlsGetValue
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapReAlloc
HeapSize
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
VirtualAlloc
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetOEMCP
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA
TlsAlloc
InterlockedIncrement

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFileExistsA
PathRemoveFileSpecA

crypt32

CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

user32

SendMessageTimeoutA
FindWindowA
PostMessageA

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
GetSidSubAuthorityCount
GetLengthSid
GetTokenInformation
GetSidSubAuthority
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
GetUserNameA
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidA
SetTokenInformation
CryptCreateHash
CryptAcquireContextA
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
RegEnumKeyA

Exports

Exports

DownloadFiles

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Downloader_7.dll
.dll windows:4 windows x86 arch:x86

b4132fabdf7b8f83815cc69e5cc9a080

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:00:f4:63:a6:7e:7e:af:e4:35:11:94:a5:74:9b:64:98:c5:6a:bc
Signer

Actual PE Digest

44:00:f4:63:a6:7e:7e:af:e4:35:11:94:a5:74:9b:64:98:c5:6a:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Proiect\branches\M5\bin\Release\DwnldrAdapt.pdb

Imports

kernel32

GetVersionExA
GetThreadLocale
MultiByteToWideChar
lstrlenA
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
GetLastError
InterlockedExchange
TlsSetValue
TlsGetValue
LocalFree
ExitProcess
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetLocaleInfoA
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
TlsFree
DisableThreadLibraryCalls
TlsAlloc

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

VariantInit
VariantClear
SysFreeString
VariantChangeType
SysAllocString

msvcp71

?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Nomemory@std@@YAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

crypt32

CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext

msvcr71

_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
memset
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??3@YAXPAX@Z
strlen
??0exception@@QAE@XZ
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_callnewh
wcslen
_write
_lseek
_read
_open
_close
_CxxThrowException
_except_handler3
malloc
__CxxFrameHandler
??_V@YAXPAX@Z
sprintf

cabinet

ord21
ord20
ord22

advapi32

RegEnumKeyExA
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptAcquireContextA
CryptCreateHash
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
CryptDecrypt

Exports

Exports

DownloadFiles

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EULA.txt
Earthlink_17.CAB
.cab
EarthlinkCommons.js
EarthlinkConstants.js
EarthlinkFolderIndex.js
EarthlinkPrgChangeLogo.js
EarthlinkPrgCommons.js
EarthlinkPrgProcessEmails.js
EarthlinkPrgRecordEvent.js
EarthlinkViewEmail.js
OSD9400.OSD
URLRegExp.rul
EmailIDBroker_1.exe
.exe windows:4 windows x86 arch:x86

f1735b6603f91649ace10fc01a46af72

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:2f:eb:0f:4a:1f:4f:dd:30:b0:cd:c3:41:aa:4a:e9:83:fb:d9:7b
Signer

Actual PE Digest

fb:2f:eb:0f:4a:1f:4f:dd:30:b0:cd:c3:41:aa:4a:e9:83:fb:d9:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\EmailIDBroker.pdb

Imports

kernel32

LoadResource
FindResourceA
LoadLibraryExA
lstrlenA
GetModuleHandleA
LockResource
FindResourceExA
CreateSemaphoreA
WaitForSingleObject
CreateFileA
WriteFile
ReleaseSemaphore
CloseHandle
SetFileAttributesA
DeleteFileA
GetLongPathNameA
LocalFree
CreateEventA
SetEvent
ResetEvent
GetVersionExA
GetComputerNameA
GetCurrentProcessId
OutputDebugStringA
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
CreateMutexA
ReleaseMutex
Sleep
GetFileAttributesA
GetCurrentDirectoryA
CreateDirectoryA
SetEnvironmentVariableA
SetLastError
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSection
SizeofResource
lstrcmpiA
InterlockedExchange
CompareStringW
FlushInstructionCache
CompareStringA
RaiseException
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
InterlockedDecrement
lstrlenW
InterlockedIncrement
DeleteCriticalSection
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
ExitProcess
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
GetModuleFileNameA
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapReAlloc
HeapSize
VirtualProtect
GetSystemInfo

user32

SetTimer
IsDialogMessageA
SetWindowLongA
CharNextA
DispatchMessageA
TranslateMessage
GetMessageA
PostQuitMessage
DestroyWindow
UnregisterClassA
CreateDialogParamA
ShowWindow
SetPropA
DefWindowProcA
PeekMessageA

advapi32

RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
GetUserNameA
RegEnumKeyA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA

shell32

SHGetFolderPathA

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathRemoveBackslashA
PathCanonicalizeA
PathRemoveFileSpecA
PathFileExistsA
SHDeleteKeyA

comctl32

InitCommonControlsEx

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FFAOLBasic_3.CAB
.cab
AOLBasicCommons.js
AOLBasicConstants.js
AOLBasicPrgCommons.js
AOLBasicPrgProcessEmail.js
AOLBasicPrgProcessEmailBulk.js
AOLBasicStatic.js
AOLBasicUtils.js
OSD9638.OSD
URLRegExp.rul
extras.xml
FFAOL_3.CAB
.cab
AOLCommons.js
AOLConstants.js
AOLInjectedEventSimulator.js
AOLPrgChangeLogo.js
AOLPrgCheckPreviewEvents.js
AOLPrgCommons.js
AOLPrgProcessEmail.js
AOLPrgProcessEmailBulk.js
AOLPrgRecordEvent.js
AOLStatic.js
AOLUtils.js
OSD962A.OSD
URLRegExp.rul
extras.xml
FFCommons_20.CAB
.cab
Commons.js
Constants.js
ConstantsUI.js
InjectedUI.htm
InjectedUI.js
OSD9643.OSD
ProgramBillingCommit.js
arraylib.js
headers.js
injectorlib.js
json.js
selectorslib.js
FFEarthlink_13.CAB
.cab
FFGmailBasic_22.CAB
.cab
FFGmailStandard2_12.CAB
.cab
FFGmailStandard_25.CAB
.cab
FFPropPage_9.dll
.dll regsvr32 windows:4 windows x86 arch:x86

333a991493349fe50cd6235fd288d570

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4d:67:0b:36:39:1d:ec:3e:15:d0:77:35:a9:23:19:6c:4c:a8:de:57
Signer

Actual PE Digest

4d:67:0b:36:39:1d:ec:3e:15:d0:77:35:a9:23:19:6c:4c:a8:de:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\FFPropPage.pdb

Imports

kernel32

CreateFileA
CloseHandle
GetProcAddress
WaitForSingleObject
GetVersionExA
GetComputerNameA
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoW
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
OutputDebugStringA
CompareStringW
CompareStringA
SetEnvironmentVariableA
LoadLibraryA
GetCurrentThreadId
MulDiv
LockResource
InterlockedExchange
SetLastError
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
FreeLibrary
SetThreadLocale
lstrcmpiA
GetThreadLocale
lstrlenW
GetModuleHandleA
WideCharToMultiByte
LoadLibraryExA
FindResourceA
GetModuleFileNameA
LoadResource
SizeofResource
GetLastError
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
HeapSize
VirtualFree
HeapCreate
HeapDestroy
GetDateFormatA
GetTimeFormatA
InitializeCriticalSection
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
IsDBCSLeadByte
InterlockedDecrement
RaiseException
DeleteCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCommandLineA
IsDebuggerPresent
CreateMutexA
ReleaseMutex
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

GetDlgItem
IsWindow
ShowWindow
MoveWindow
CreateDialogParamA
GetDialogBaseUnits
DestroyWindow
ReleaseDC
CharNextA
UnregisterClassA
DrawFrameControl
FillRect
GetWindowDC
SendMessageA
SetWindowLongA
GetDC
IsDialogMessageA
WinHelpA

gdi32

GetTextExtentPointA
DeleteDC
GetStockObject
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
GetDeviceCaps
CreateFontIndirectA
GetTextMetricsA
SelectObject
DeleteObject

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

oleaut32

RegisterTypeLi
SysAllocStringLen
VarUI4FromStr
UnRegisterTypeLi
SysAllocString
LoadTypeLi
SysStringLen
SysFreeString

shlwapi

PathFileExistsA

comctl32

ImageList_Add

crypt32

CryptMsgClose
CryptQueryObject
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FFProxy.dll
.dll windows:4 windows x86 arch:x86

c3477ce768438af0a36efe3e6a3217cf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:81:16:f9:01:96:fc:54:9c:6e:7c:7a:85:c7:a9:5b:55:24:96:35
Signer

Actual PE Digest

5b:81:16:f9:01:96:fc:54:9c:6e:7c:7a:85:c7:a9:5b:55:24:96:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\FFProxy.pdb

Imports

kernel32

CreateFileA
GetVersionExA
GetComputerNameA
GetModuleHandleA
HeapFree
GetProcessHeap
LocalFree
GetCurrentProcess
SetLastError
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoW
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
GetModuleFileNameA
InterlockedExchange
CompareStringW
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError
OutputDebugStringA
GetCurrentThreadId
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
LoadLibraryA
GetCurrentProcessId
GetTickCount
FreeLibrary
GetProcAddress
HeapAlloc
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
WriteFile
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualAlloc
HeapReAlloc
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetThreadLocale

advapi32

RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA
GetUserNameA
RegQueryValueExA

crypt32

CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NSGetModule

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FFProxy2.dll
.dll windows:4 windows x86 arch:x86

3dc5ddc93e6faec93bfbf0091059169d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:4d:83:29:bf:01:38:82:2c:f0:6c:3d:23:91:b7:2e:9a:8a:76:55
Signer

Actual PE Digest

03:4d:83:29:bf:01:38:82:2c:f0:6c:3d:23:91:b7:2e:9a:8a:76:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\FFProxy2.pdb

Imports

kernel32

GetVersionExA
GetComputerNameA
GetModuleHandleA
CreateFileA
SetLastError
HeapFree
OutputDebugStringA
HeapAlloc
GetCurrentProcess
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoW
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
LocalFree
InterlockedExchange
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
LoadLibraryA
CompareStringW
CompareStringA
FreeLibrary
GetProcAddress
GetProcessHeap
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
WriteFile
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapReAlloc
VirtualAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetThreadLocale

advapi32

RegCloseKey
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA
RegQueryValueExA

crypt32

CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NSGetModule

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FFProxy3.dll
.dll windows:4 windows x86 arch:x86

9fc43f2780b81cb35be422e2676bc1ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:98:2a:47:0c:de:52:53:d4:58:c6:9d:4b:1a:54:13:15:bd:a5:79
Signer

Actual PE Digest

ce:98:2a:47:0c:de:52:53:d4:58:c6:9d:4b:1a:54:13:15:bd:a5:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\FFProxy3.pdb

Imports

kernel32

CreateFileA
GetVersionExA
GetComputerNameA
GetModuleHandleA
SetLastError
HeapFree
ReleaseMutex
HeapAlloc
GetCurrentProcess
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoW
WaitForSingleObject
CloseHandle
CreateMutexA
LocalFree
GetLastError
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
InterlockedExchange
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
LoadLibraryA
WideCharToMultiByte
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
GetProcessHeap
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
WriteFile
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetThreadLocale

advapi32

RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA
GetUserNameA
RegQueryValueExA

crypt32

CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NSGetModule

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FFWindowsLiveMail_13.CAB
.cab
FFYahooBeta_16.CAB
.cab
FFYahoo_22.CAB
.cab
GmailBasic_27.CAB
.cab
GmailStandard2_11.CAB
.cab
GmailStandard_32.CAB
.cab
ICommandProcessor.xpt
ICommandProcessor2.xpt
ICommandProcessor3.xpt
ITabComp.xpt
ITabComp2.xpt
ITabComp3.xpt
IWndComp.xpt
IWndComp2.xpt
IWndComp3.xpt
IconixBHO_31.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c0c4887b2df9f387b99626a264eda9aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:f1:c7:1a:b0:34:1c:35:d8:fb:97:43:21:47:47:7d:59:6f:9d:49
Signer

Actual PE Digest

7c:f1:c7:1a:b0:34:1c:35:d8:fb:97:43:21:47:47:7d:59:6f:9d:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\IconixBHO.pdb

Imports

kernel32

CreateFileA
ReadFile
GetFullPathNameA
CreateSemaphoreA
GetFileSize
WaitForSingleObject
ReleaseSemaphore
GetVersionExA
GetComputerNameA
LocalFree
OpenProcess
CreateThread
ResumeThread
SuspendThread
SetThreadPriority
InterlockedCompareExchange
TlsGetValue
TlsSetValue
OpenMutexA
CreateMutexA
ReleaseMutex
GetSystemDirectoryA
CreateEventA
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetStdHandle
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetConsoleMode
GetConsoleCP
WriteFile
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetLocaleInfoA
GetACP
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
FindFirstFileA
GetTempFileNameA
GetTempPathA
FormatMessageA
HeapAlloc
GetTickCount
OutputDebugStringA
GetCurrentProcessId
GetProcAddress
lstrcmpiA
CloseHandle
CompareStringA
CompareStringW
MulDiv
LockResource
LoadLibraryA
Sleep
FlushInstructionCache
SetLastError
GetCurrentProcess
GetCurrentThreadId
InterlockedExchange
SetThreadLocale
GetThreadLocale
TlsFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
GetModuleHandleA
DeleteCriticalSection
lstrlenW
LoadLibraryExA
FreeLibrary
FindResourceA
WideCharToMultiByte
LoadResource
RaiseException
SizeofResource
GetProcessHeap
HeapFree
GetModuleFileNameA
GetLastError
lstrlenA
IsDBCSLeadByte
MultiByteToWideChar
InitializeCriticalSection
InterlockedDecrement
SetStdHandle

user32

UnregisterClassA
CharNextA
wsprintfA
PostMessageA
IsWindow
PostThreadMessageA
LoadCursorA
SetTimer
GetWindowLongA
RegisterClassExA
CreateWindowExA
KillTimer
DestroyWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowA
DefWindowProcA
CallWindowProcA
GetClassInfoExA
GetDesktopWindow
GetWindowDC
DrawFrameControl
FillRect
GetMessageA
PeekMessageA
CreateDialogParamA
ReleaseDC
GetDialogBaseUnits
SendMessageA
IsDialogMessageA
WinHelpA
GetDlgItem
MoveWindow
EnableWindow
GetDC
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
BeginPaint
SetWindowPos
GetClientRect
EndPaint
ShowWindow
InvalidateRect
UnionRect
PtInRect
GetParent
IsChild
GetFocus
GetKeyState
SetFocus

gdi32

GetObjectA
DeleteDC
GetStockObject
GetDeviceCaps
GetTextMetricsA
CreateCompatibleDC
SelectObject
DeleteObject
CreateRectRgnIndirect
TextOutA
SetTextAlign
Rectangle
SelectClipRgn
CreateRectRgn
GetClipRgn
CreateCompatibleBitmap
CreateBitmap
GetTextExtentPointA
CreateFontIndirectA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegEnumKeyA
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptAcquireContextA
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessAsUserA
RegQueryValueExA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
ConvertStringSidToSidA
DuplicateTokenEx
OpenProcessToken
GetUserNameA
RegDeleteValueA
RegSetValueExA

shell32

SHGetFolderPathA
ShellExecuteExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoUninitialize
CoInitialize
OleSaveToStream
WriteClassStm
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream
OleRegGetMiscStatus
CreateOleAdviseHolder
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CoTaskMemRealloc

oleaut32

SafeArrayGetElement
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
OleCreatePropertyFrame
VariantCopy
DispCallFunc
CreateDispTypeInfo
VariantChangeType
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathRemoveBackslashA
PathFileExistsA
UrlUnescapeA

comctl32

ImageList_Add

crypt32

CertFindCertificateInStore
CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringA
CertCloseStore

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IconixFF2_12.dll
.dll windows:4 windows x86 arch:x86

d1b669c0721f2dd709d353f1d4a2dfb6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:dd:1b:19:80:ed:93:0b:ab:38:03:32:fd:3b:dc:1b:4f:e4:f9:e5
Signer

Actual PE Digest

19:dd:1b:19:80:ed:93:0b:ab:38:03:32:fd:3b:dc:1b:4f:e4:f9:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\IconixFF2.pdb

Imports

kernel32

SetLastError
GetFullPathNameA
GetFileSize
CreateSemaphoreA
ReleaseSemaphore
GetFileAttributesA
CreateDirectoryA
InterlockedIncrement
GetTempPathA
GetTempFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
FlushInstructionCache
GetCurrentProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsSetValue
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
LocalFree
OpenMutexA
SuspendThread
SetThreadPriority
ResumeThread
GetSystemDirectoryA
CreateEventA
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
ReadFile
GetThreadLocale
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryW
HeapSize
FlushFileBuffers
GetStartupInfoA
CreateFileA
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
GetComputerNameA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
InterlockedExchange
GetStringTypeExA
CompareStringW
CompareStringA
GetLastError
ReleaseMutex
TlsAlloc
TlsFree
SetHandleCount
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetConsoleMode
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
HeapReAlloc
WaitForSingleObject
CreateMutexA
InterlockedDecrement
TerminateThread
CloseHandle
CreateThread
IsProcessorFeaturePresent
Sleep
GetConsoleCP
WriteFile
VirtualAlloc
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
InitializeCriticalSection

user32

EnumWindows
SetTimer
KillTimer
IsWindow
GetClassInfoExA
LoadCursorA
RegisterClassExA
SetWindowPos
GetWindowLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
CallWindowProcA
PostMessageA
FindWindowA
SendMessageTimeoutA
LoadStringA
UnregisterClassA
GetWindowRect
GetClassNameA
FindWindowExA
SetWindowLongA

advapi32

RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
GetUserNameA
GetSidSubAuthority
OpenProcessToken
RegEnumKeyA
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptAcquireContextA
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessAsUserA
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
ConvertStringSidToSidA
DuplicateTokenEx

shell32

SHGetFolderPathA
ShellExecuteExA

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoInitialize
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear
SysFreeString

crypt32

CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CryptQueryObject
CertFreeCertificateContext

xpcom

NS_Free
NS_UTF16ToCString
NS_StringContainerFinish
NS_StringContainerInit
NS_CStringContainerFinish
NS_CStringContainerInit
NS_CStringSetData
NS_GetComponentManager
NS_GetServiceManager
NS_CStringGetData
NS_Alloc

nspr4

PR_NewMonitor
PR_EnterMonitor
PR_Wait
PR_ExitMonitor
PR_Notify
PR_AtomicIncrement
PR_AtomicDecrement
PR_DestroyMonitor

shlwapi

PathFileExistsA
PathRemoveBackslashA

js3250

JS_EvaluateScript
JS_IsArrayObject
JS_SetElement
JS_PropertyStub
JS_EnumerateStub
JS_ResolveStub
JS_ConvertStub
JS_InitClass
JS_Finish
JS_GetStringBytes
JS_GetPrivate
JS_NewStringCopyN
JS_GetProperty
JS_DefineProperty
JS_NewArrayObject
JS_GetArrayLength
JS_GetElement
JS_GetContextPrivate
JS_SetPrivate
JS_FinalizeStub
JS_GetImplementationVersion
JS_NewContext
JS_SetErrorReporter
JS_NewObject
JS_InitStandardClasses
JS_ClearScope
JS_GC
JS_DestroyContext
JS_LookupProperty
JS_Init
JS_CallFunctionName
JS_ValueToString
JS_ExecuteScript
JS_CompileScript
JS_CompileScriptForPrincipals
JS_EvaluateScriptForPrincipals
JS_SetContextPrivate
JS_DeleteProperty

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

NSEntryPoint

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IconixFF3_1.dll
.dll windows:4 windows x86 arch:x86

baa8c0332c060d0fa38a8f3a5780420b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:00:3f:68:5e:86:39:28:b1:2a:b7:15:09:8f:5c:8d:2d:d6:1a:80
Signer

Actual PE Digest

5a:00:3f:68:5e:86:39:28:b1:2a:b7:15:09:8f:5c:8d:2d:d6:1a:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\IconixFF3.pdb

Imports

kernel32

CreateFileA
ReadFile
SetLastError
GetFullPathNameA
GetFileSize
CreateSemaphoreA
ReleaseSemaphore
InterlockedIncrement
GetTempPathA
GetTempFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedCompareExchange
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetProcessHeap
HeapAlloc
OpenProcess
LocalFree
HeapFree
TlsGetValue
TlsSetValue
OpenMutexA
ResumeThread
SuspendThread
SetThreadPriority
GetSystemDirectoryA
CreateEventA
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
GetThreadLocale
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryW
HeapSize
FlushFileBuffers
GetStartupInfoA
CreateDirectoryA
GetFileAttributesA
GetModuleHandleA
GetModuleFileNameA
GetComputerNameA
GetVersionExA
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
InterlockedExchange
GetStringTypeExA
CompareStringW
CompareStringA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
ReleaseMutex
TlsFree
TlsAlloc
SetHandleCount
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetConsoleMode
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
WaitForSingleObject
CreateMutexA
InterlockedDecrement
TerminateThread
CloseHandle
CreateThread
IsProcessorFeaturePresent
Sleep
GetConsoleCP
WriteFile
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
HeapReAlloc
VirtualAlloc
InitializeCriticalSection

user32

SetWindowPos
EnumWindows
SetTimer
KillTimer
CreateWindowExA
DestroyWindow
LoadStringA
CallWindowProcA
IsWindow
GetClassInfoExA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
PostMessageA
FindWindowA
SendMessageTimeoutA
UnregisterClassA
GetWindowRect
FindWindowExA
GetClassNameA
DefWindowProcA

advapi32

RegQueryInfoKeyA
RegCloseKey
RegEnumKeyExA
GetUserNameA
OpenProcessToken
DuplicateTokenEx
RegEnumKeyA
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptAcquireContextA
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessAsUserA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
ConvertStringSidToSidA

shell32

SHGetFolderPathA
ShellExecuteExA

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
StringFromGUID2
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear
SysFreeString

crypt32

CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CryptQueryObject
CertFreeCertificateContext

xpcom

NS_Free
NS_UTF16ToCString
NS_StringContainerFinish
NS_StringContainerInit
NS_CStringContainerFinish
NS_CStringContainerInit
NS_GetComponentManager
NS_GetServiceManager
NS_CStringSetData
NS_CStringGetData
NS_Alloc

nspr4

PR_EnterMonitor
PR_Wait
PR_ExitMonitor
PR_Notify
PR_NewMonitor
PR_AtomicIncrement
PR_AtomicDecrement
PR_IntervalNow
PR_DestroyMonitor

shlwapi

PathRemoveBackslashA
PathFileExistsA

js3250

JS_PropertyStub
JS_EnumerateStub
JS_ResolveStub
JS_EvaluateScript
JS_InitClass
JS_GetStringBytes
JS_GetPrivate
JS_NewStringCopyN
JS_IsArrayObject
JS_ConvertStub
JS_SetElement
JS_GetProperty
JS_DefineProperty
JS_NewArrayObject
JS_GetArrayLength
JS_GetElement
JS_GetContextPrivate
JS_SetPrivate
JS_FinalizeStub
JS_NewContext
JS_SetErrorReporter
JS_NewObject
JS_InitStandardClasses
JS_ClearScope
JS_GC
JS_DestroyContext
JS_LookupProperty
JS_DeleteProperty
JS_SetContextPrivate
JS_Finish
JS_Init
JS_CallFunctionName
JS_ExecuteScript
JS_CompileScript
JS_CompileScriptForPrincipals
JS_EvaluateScriptForPrincipals

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

NSEntryPoint

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IconixFF_19.dll
.dll windows:4 windows x86 arch:x86

92401eb6a1bc07bbcb9e6bef29b93fbf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:a0:f0:6a:f2:38:cf:1c:d4:19:df:31:67:05:1f:c6:2d:81:68:51
Signer

Actual PE Digest

64:a0:f0:6a:f2:38:cf:1c:d4:19:df:31:67:05:1f:c6:2d:81:68:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\IconixFF.pdb

Imports

kernel32

ReleaseSemaphore
GetFileAttributesA
CreateDirectoryA
CreateFileA
InterlockedIncrement
GetTempPathA
GetTempFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
RaiseException
EnterCriticalSection
LocalFree
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
TlsGetValue
TlsSetValue
OpenMutexA
ResumeThread
SuspendThread
SetThreadPriority
GetSystemDirectoryA
CreateEventA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
CreateSemaphoreA
GetLocaleInfoA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryW
HeapSize
FlushFileBuffers
GetStartupInfoA
SetHandleCount
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
LCMapStringW
GetFileSize
GetFullPathNameA
SetLastError
ReadFile
GetModuleHandleA
GetModuleFileNameA
GetComputerNameA
GetVersionExA
GetStringTypeExA
CompareStringW
CompareStringA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
InterlockedExchange
ReleaseMutex
TlsFree
TlsAlloc
LCMapStringA
RtlUnwind
SetFilePointer
GetConsoleMode
GetConsoleCP
IsValidLocale
WriteFile
VirtualAlloc
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
HeapReAlloc
GetCommandLineA
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
GetSystemTimeAsFileTime
IsDebuggerPresent
WaitForSingleObject
CreateMutexA
InterlockedDecrement
CreateThread
TerminateThread
CloseHandle
GetStringTypeA
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoW
IsProcessorFeaturePresent
GetThreadLocale
SetEnvironmentVariableA
SetEndOfFile

user32

IsWindow
GetClassInfoExA
LoadCursorA
RegisterClassExA
CallWindowProcA
CreateWindowExA
DestroyWindow
PostMessageA
FindWindowA
SendMessageTimeoutA
DefWindowProcA
GetWindowLongA
SetTimer
KillTimer
EnumWindows
SetWindowPos
GetWindowRect
FindWindowExA
GetClassNameA
SetWindowLongA
LoadStringA
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegCloseKey
RegEnumKeyExA
GetUserNameA
OpenProcessToken
DuplicateTokenEx
RegEnumKeyA
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptAcquireContextA
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessAsUserA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
ConvertStringSidToSidA

shell32

ShellExecuteExA
SHGetFolderPathA

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoUninitialize

oleaut32

VariantChangeType
SysAllocString
VariantInit
VariantClear
SysFreeString

crypt32

CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CryptQueryObject
CertFreeCertificateContext

xpcom

NS_Free
NS_UTF16ToCString
NS_StringContainerFinish
NS_StringContainerInit
NS_CStringGetData
NS_CStringContainerFinish
NS_CStringContainerInit
NS_CStringSetData
NS_GetComponentManager
NS_GetServiceManager
NS_Alloc

nspr4

PR_AtomicDecrement
PR_DestroyMonitor
PR_EnterMonitor
PR_Wait
PR_ExitMonitor
PR_Notify
PR_AtomicIncrement
PR_NewMonitor

shlwapi

PathFileExistsA
PathRemoveBackslashA

js3250

JS_Finish
JS_Init
JS_CallFunctionName
JS_ExecuteScript
JS_CompileScript
JS_CompileScriptForPrincipals
JS_EvaluateScriptForPrincipals
JS_SetContextPrivate
JS_EvaluateScript
JS_PropertyStub
JS_EnumerateStub
JS_ResolveStub
JS_ConvertStub
JS_InitClass
JS_GetStringBytes
JS_GetPrivate
JS_DestroyContext
JS_GC
JS_ClearScope
JS_InitStandardClasses
JS_NewObject
JS_SetErrorReporter
JS_NewContext
JS_FinalizeStub
JS_SetPrivate
JS_GetContextPrivate
JS_GetArrayLength
JS_NewArrayObject
JS_GetElement
JS_DefineProperty
JS_GetProperty
JS_SetElement
JS_IsArrayObject
JS_NewStringCopyN

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

??RnsCreateInstanceByCID@@UBEIABUnsID@@PAPAX@Z
??RnsCreateInstanceByContractID@@UBEIABUnsID@@PAPAX@Z
??RnsCreateInstanceFromFactory@@UBEIABUnsID@@PAPAX@Z
??RnsGetClassObjectByCID@@UBEIABUnsID@@PAPAX@Z
??RnsGetClassObjectByContractID@@UBEIABUnsID@@PAPAX@Z
NSEntryPoint

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IconixMaxthonPlugin_4.exe
.exe windows:4 windows x86 arch:x86

35e53a868d5be2b383702aca253ccd6c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:95:66:8d:74:f3:5e:90:2d:bd:b8:50:15:21:ca:c8:08:3e:87:7a
Signer

Actual PE Digest

a5:95:66:8d:74:f3:5e:90:2d:bd:b8:50:15:21:ca:c8:08:3e:87:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\IconixMaxthonPlugin.pdb

Imports

shlwapi

PathStripPathA

kernel32

CompareStringA
CompareStringW
CreateFileA
CloseHandle
GetVersionExA
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
SetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLastError
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
IsValidCodePage
InterlockedExchange
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetPrivateProfileSectionA
DeleteFileA
WritePrivateProfileStringA
GetACP
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
FindFirstFileA
GetLocaleInfoW
SetEndOfFile
ReadFile
SetEnvironmentVariableA
GetThreadLocale
GetOEMCP
GetModuleHandleA
GetConsoleMode
GetConsoleCP
HeapSize
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualAlloc
HeapReAlloc
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExA

crypt32

CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptMsgGetParam
CryptQueryObject

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IconixOE_18.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0a1b1bce1bbcd915d8585cea703fb144

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:70:7b:04:98:73:ab:fb:a0:a1:4b:fa:41:15:3b:46:71:ce:a4:b5
Signer

Actual PE Digest

5a:70:7b:04:98:73:ab:fb:a0:a1:4b:fa:41:15:3b:46:71:ce:a4:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\IconixOE.pdb

Imports

wininet

InternetGetConnectedStateEx

kernel32

CompareStringA
CompareStringW
GetTickCount
OutputDebugStringA
GetVersionExA
GetComputerNameA
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
CreateMutexA
ReleaseMutex
Sleep
OpenMutexA
CreateThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
InterlockedIncrement
GetOEMCP
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetConsoleMode
GetConsoleCP
WriteFile
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
VirtualProtect
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
WaitForMultipleObjects
TerminateThread
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
CreateDirectoryA
GetFileAttributesA
GetFileSize
ReleaseSemaphore
IsValidLocale
GetStringTypeA
WaitForSingleObject
CreateSemaphoreA
GetFullPathNameA
SetEnvironmentVariableA
GetLocaleInfoW
GetStringTypeW
InitializeCriticalSection
UnmapViewOfFile
RaiseException
GetModuleHandleA
LoadLibraryExA
FindResourceA
GetLastError
LoadResource
SetThreadLocale
ReadFile
CreateFileA
LoadLibraryA
LockResource
SetLastError
VirtualProtectEx
VirtualQueryEx
GetSystemInfo
GetCurrentProcessId
OpenProcess
MulDiv
GetProcAddress
DeleteCriticalSection
CloseHandle
MapViewOfFile
CreateFileMappingA
GetTempPathA
InterlockedExchange
ExitProcess
InterlockedDecrement
SizeofResource
GetThreadLocale
IsDBCSLeadByte
WideCharToMultiByte
TlsSetValue
TlsFree
TlsAlloc
lstrcmpiA
FreeLibrary
TlsGetValue
GetCurrentThreadId
lstrlenA
MultiByteToWideChar
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
FlushInstructionCache
GetCurrentProcess
SetEndOfFile
IsValidCodePage
WriteConsoleA
FlushFileBuffers

user32

SendMessageTimeoutA
PeekMessageA
CreateWindowExA
LoadCursorA
GetClassInfoExA
TranslateMessage
DispatchMessageA
UnregisterClassA
PostQuitMessage
GetMessageA
SetClassLongA
GetClassLongA
SetFocus
SetPropA
RemovePropA
IsDialogMessageA
WinHelpA
GetDialogBaseUnits
GetDlgItem
MoveWindow
EnableWindow
DestroyWindow
CreateDialogParamA
GetPropA
LoadStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoA
EnableMenuItem
InsertMenuA
GetWindowTextLengthA
SetWindowTextA
ShowWindow
SetWindowPos
GetWindowRect
GetDC
GetCursorPos
SystemParametersInfoA
GetClientRect
GetWindowTextA
GetClassNameA
GetParent
RedrawWindow
DrawTextA
GetSysColor
GetFocus
ReleaseDC
PtInRect
ClientToScreen
GetWindowDC
FillRect
GetSysColorBrush
GetSystemMetrics
UpdateWindow
PostMessageA
FindWindowExA
CharNextA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
KillTimer
SetTimer
SendMessageA
FindWindowA
SetWindowLongA
DefWindowProcA
GetWindowLongA
CallWindowProcA
IsWindow
RegisterClassExA

gdi32

CreateFontIndirectA
DeleteObject
LineTo
MoveToEx
GetPixel
CreatePen
SetTextColor
GetDeviceCaps
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
GetStockObject
GetTextExtentPointA
GetTextMetricsA
GetObjectA
SelectObject

advapi32

CryptDeriveKey
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
ConvertStringSidToSidA
DuplicateTokenEx
OpenProcessToken
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
CryptAcquireContextA
CryptCreateHash
CryptDecrypt
CryptEncrypt
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExA
RegEnumKeyA
CryptHashData

shell32

SHGetFolderPathA
ShellExecuteExA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoCreateGuid

oleaut32

VarUI4FromStr
SysAllocString
OleLoadPicture
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen

shlwapi

PathFileExistsA
PathRemoveBackslashA
PathAppendA

comctl32

ImageList_Draw

urlmon

URLOpenBlockingStreamA

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgClose
CryptQueryObject
CertCloseStore
CertGetNameStringA
CryptMsgGetParam

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ProcessThreadHook
StartOEAddOn
StopOEAddOn

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IconixPlugin_2.dll
.dll windows:4 windows x86 arch:x86

08ef137cffe372f05bd998178162c5fb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:11:f6:8d:32:6a:1b:db:cf:f3:83:8e:6e:0f:48:2d:33:9c:98:f9
Signer

Actual PE Digest

cd:11:f6:8d:32:6a:1b:db:cf:f3:83:8e:6e:0f:48:2d:33:9c:98:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\IconixPlugin.pdb

Imports

kernel32

GetModuleFileNameA
OutputDebugStringA
GetCurrentProcessId
GetCurrentThreadId
GetVersionExA
GetModuleHandleA
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
CreateFileA
GetTickCount
GetLastError
SetLastError
InterlockedExchange
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
GetLocaleInfoW
GetThreadLocale
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetConsoleMode
CompareStringW
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetConsoleCP
RtlUnwind
IsValidCodePage
GetOEMCP
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
RaiseException
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetCPInfo
GetACP

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

crypt32

CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CryptMsgClose

Exports

Exports

NPGetEntryPoints
NPInitialize
NPShutdown

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Install.CAB
.cab
Launcher.exe
.exe windows:4 windows x86 arch:x86

4b57a8c52a3e5c0654a09b1d374227b3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:51:29:d7:b2:11:c4:4f:03:6f:3e:6a:8b:60:f8:d5:31:a3:af:36
Signer

Actual PE Digest

58:51:29:d7:b2:11:c4:4f:03:6f:3e:6a:8b:60:f8:d5:31:a3:af:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\Launcher.pdb

Imports

kernel32

GetTickCount
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetVersionExA
GetModuleHandleA
HeapFree
GetProcessHeap
HeapAlloc
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetShortPathNameA
FreeLibrary
GetProcAddress
OutputDebugStringA
LoadLibraryA
GetModuleFileNameA
CloseHandle
CreateFileA
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetLastError
CompareStringA
InterlockedExchange
GetCurrentProcess
IsValidCodePage
GetOEMCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapReAlloc
HeapSize
VirtualAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
SetEnvironmentVariableA

advapi32

RegCloseKey
RegCreateKeyExA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteExA
SHGetFolderPathA

crypt32

CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam

shlwapi

PathFileExistsA
SHDeleteKeyA
PathFindExtensionA

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LibAuth_15.dll
.dll windows:4 windows x86 arch:x86

5a4058cc12816f564f1356bac234621f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:f6:34:09:c9:41:4c:f2:c6:51:4f:8e:db:b5:37:2f:75:a2:d4:7c
Signer

Actual PE Digest

94:f6:34:09:c9:41:4c:f2:c6:51:4f:8e:db:b5:37:2f:75:a2:d4:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\LibAuth.pdb

Imports

ws2_32

htonl

crypt32

CryptImportPublicKeyInfo
CryptDecodeObject

dnsapi

DnsRecordListFree
DnsQuery_A
DnsRecordSetCopyEx

kernel32

InterlockedExchange
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
GetModuleFileNameA
CreateFileA
GetVersionExA
GetComputerNameA
GetModuleHandleA
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
LocalFree
GetTimeFormatA
CompareStringW
HeapReAlloc
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
InitializeCriticalSection
HeapDestroy
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
RaiseException
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
GetLocaleInfoW
SetFilePointer
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
GetThreadLocale
CompareStringA
LocalAlloc
GetTimeZoneInformation
GetDateFormatA

advapi32

RegOpenKeyExA
RegCloseKey
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExA
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptVerifySignatureA
CryptAcquireContextA
CryptDestroyHash

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

authDKVerifySignature
authExtractFrom
authExtractMFrom
authExtractPRA
authHeaderExists
authHeaderExtract
authReverseDNS
authReverseDNSMX
authSenderIDEmail
authSenderIDMFrom
authSenderIDPRA

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LibComm_15.dll
.dll windows:4 windows x86 arch:x86

b095d221c0983d422f77e5e50d58512c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:0d:5c:eb:98:4b:80:7b:a8:fe:19:a9:06:a3:7d:fd:ff:83:e4:82
Signer

Actual PE Digest

16:0d:5c:eb:98:4b:80:7b:a8:fe:19:a9:06:a3:7d:fd:ff:83:e4:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\LibComm.pdb

Imports

urlmon

URLOpenPullStreamA

kernel32

LeaveCriticalSection
InitializeCriticalSection
HeapFree
GetProcessHeap
FormatMessageA
GetCurrentProcessId
CreateFileA
WriteFile
EnterCriticalSection
WaitForSingleObject
CloseHandle
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCPInfo
GetModuleFileNameA
GetLastError
IsDBCSLeadByte
lstrlenA
DeleteCriticalSection
RaiseException
lstrcmpiA
InterlockedIncrement
GetModuleHandleA
InterlockedDecrement
MultiByteToWideChar
lstrlenW
FreeLibrary
LoadLibraryExA
FindResourceA
WideCharToMultiByte
LoadResource
SizeofResource
GetCommandLineA
CreateThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
SetEnvironmentVariableA
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetStdHandle
ExitProcess
VirtualFree
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
InterlockedExchange
CompareStringA
CompareStringW
GetTickCount
GetCurrentThreadId
OutputDebugStringA
SetLastError
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetProcAddress
GetVersionExA
HeapAlloc
Sleep
RtlUnwind

user32

TranslateMessage
DispatchMessageA
GetDesktopWindow
GetMessageA
PeekMessageA
PostQuitMessage
UnregisterClassA
CharNextA
EnumWindows
GetClassNameA
GetWindowThreadProcessId
SendMessageA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx

oleaut32

VarUI4FromStr
SysStringLen
SysFreeString
SysAllocStringLen
VarBstrCat
VariantClear

wininet

HttpAddRequestHeadersA
InternetCrackUrlA
HttpQueryInfoA
InternetSetStatusCallback
InternetConnectA
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA
InternetErrorDlg
InternetReadFile
InternetOpenA
InternetSetOptionA

wsock32

closesocket
shutdown
select
WSAGetLastError
send
recv
WSAStartup
ioctlsocket
gethostbyname
socket
setsockopt
htons
accept
__WSAFDIsSet
getsockopt
inet_ntoa
connect

Exports

Exports

commGetConfig
commGetIdentities
commHttpGet
commHttpPost
commReportTruemarkEvent

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LibStorage_7.dll
.dll windows:4 windows x86 arch:x86

29059d76c909cf469166c8957b83f05e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:86:f3:85:ff:67:e5:c7:27:fd:ee:7a:b7:9b:74:64:60:3c:cf:b2
Signer

Actual PE Digest

bb:86:f3:85:ff:67:e5:c7:27:fd:ee:7a:b7:9b:74:64:60:3c:cf:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\LibStorage.pdb

Imports

kernel32

FindCloseChangeNotification
CloseHandle
SetEvent
ResetEvent
LocalFree
GetLastError
lstrlenA
CompareStringA
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
InterlockedExchange
LoadLibraryA
GetProcAddress
FreeLibrary
CreateEventA
CreateThread
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThreadId
GetVersionExA
GetComputerNameA
GetModuleFileNameA
GetModuleHandleA
FindClose
CreateFileA
WriteFile
ReadFile
FindFirstFileA
CreateMutexA
ReleaseMutex
CreateDirectoryA
InterlockedIncrement
GetTickCount
GetCurrentProcessId
OutputDebugStringA
FindFirstChangeNotificationA
OpenMutexA
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
GetCurrentProcess
SetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
SetStdHandle
SetHandleCount
GetStartupInfoA
GetFullPathNameA
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetLocaleInfoW
SetEnvironmentVariableA
GetThreadLocale
InterlockedDecrement
FindNextChangeNotification
WaitForSingleObject
WaitForMultipleObjects
ExitThread
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetFileAttributesA
EnterCriticalSection

ole32

CoCreateInstance
CoTaskMemAlloc

oleaut32

VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysFreeString

shlwapi

PathRemoveBackslashA
PathFileExistsA
PathRemoveFileSpecA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CertCloseStore
CertGetNameStringA

user32

SendMessageTimeoutA
PostMessageA
FindWindowA

advapi32

GetUserNameA
RegCloseKey
CryptDecrypt
CryptEncrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptHashData
RegOpenKeyExA
CryptDeriveKey
CryptAcquireContextA
RegEnumKeyA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
ConvertStringSidToSidA
DuplicateTokenEx
OpenProcessToken
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessAsUserA
CryptCreateHash

shell32

SHGetFolderPathA
ShellExecuteExA
SHFileOperationA

Exports

Exports

storageClose
storageDelete
storageOpen
storageRead
storageRegisterHandler
storageUnRegisterHandler
storageWrite

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LibUpdate.dll
.dll windows:4 windows x86 arch:x86

7bb49aff8325792419f71cc0c87f0f4c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:05:f0:96:ac:bb:27:06:b9:06:48:ab:1b:cf:64:10:bd:2f:2e:2c
Signer

Actual PE Digest

5e:05:f0:96:ac:bb:27:06:b9:06:48:ab:1b:cf:64:10:bd:2f:2e:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\LibUpdate.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

urlmon

URLDownloadToFileA

ws2_32

WSACleanup

kernel32

HeapFree
GetProcessHeap
InterlockedExchange
CompareStringW
CompareStringA
CopyFileA
FindFirstFileA
FindClose
CreateThread
WaitForSingleObject
TerminateThread
CreateSemaphoreA
ReleaseSemaphore
RemoveDirectoryA
CreateProcessA
GetExitCodeProcess
CreateDirectoryA
GetFileAttributesA
FindResourceExA
MoveFileA
GetTickCount
GetCurrentProcessId
OutputDebugStringA
GetComputerNameA
HeapAlloc
LocalFree
Sleep
CreateEventA
SetEvent
GetTempPathA
GetTempFileNameA
SetFileAttributesA
FindNextFileA
SetCurrentDirectoryA
ResumeThread
SuspendThread
SetThreadPriority
CreateMutexA
ReleaseMutex
TlsGetValue
TlsSetValue
ReadFile
CreateFileA
lstrlenW
GetFullPathNameA
OpenMutexA
GetCurrentDirectoryA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
IsValidCodePage
GetOEMCP
GetStdHandle
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCommandLineA
GetDriveTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
LockResource
WideCharToMultiByte
GetCurrentThreadId
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
InterlockedDecrement
RaiseException
SetLastError
FlushInstructionCache
GetCurrentProcess
GetLastError
CloseHandle
TerminateProcess
OpenProcess
DeleteFileA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
TlsFree
TlsAlloc
GetModuleFileNameA
InterlockedIncrement
lstrlenA
GetModuleHandleA
IsDBCSLeadByte
GetEnvironmentStrings
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetShortPathNameA
EnterCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetVersionExA
GetLocaleInfoW
FlushFileBuffers
SetEndOfFile
SetEnvironmentVariableA
GetEnvironmentStringsW
WriteFile
QueryPerformanceCounter

user32

EnumWindows
GetSystemMetrics
GetWindowThreadProcessId
IsWindowVisible
BroadcastSystemMessageA
RegisterWindowMessageA
GetPropA
GetSysColor
SetClassLongA
KillTimer
SetTimer
EndDialog
GetDlgItem
LoadStringA
SendMessageTimeoutA
FindWindowA
MessageBoxIndirectA
DefWindowProcA
CallWindowProcA
CreateWindowExA
IsWindow
LoadCursorA
GetClassInfoExA
RegisterClassExA
DestroyWindow
SystemParametersInfoA
GetWindowRect
MapWindowPoints
GetWindowLongA
GetWindow
SetWindowPos
GetClientRect
GetParent
ShowWindow
SendMessageA
CharNextA
PostMessageA
GetActiveWindow
SetWindowLongA
DialogBoxParamA
MessageBoxA
ExitWindowsEx
UnregisterClassA

gdi32

CreateSolidBrush
DeleteObject
SetBkColor
GetObjectA
CreateFontIndirectA
SetTextColor
GetStockObject

advapi32

CryptAcquireContextA
CryptDeriveKey
SetTokenInformation
ConvertStringSidToSidA
DuplicateTokenEx
OpenProcessToken
GetUserNameA
RegEnumKeyA
RegCreateKeyA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptHashData
GetLengthSid

shell32

SHFileOperationA
SHGetSpecialFolderPathA
ShellExecuteExA
SHGetFolderPathA

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
VarUI4FromStr
VariantClear
SysAllocString

shlwapi

PathFindExtensionA
SHCopyKeyA
PathRemoveFileSpecA
SHDeleteKeyA
PathFileExistsA
PathRemoveBackslashA

crypt32

CertFindCertificateInStore
CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringA
CertCloseStore

Exports

Exports

Cancel
Install
UnInstall

Sections

.text
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OEResources_5.CAB
.cab
OEdmn_3.exe
.exe windows:4 windows x86 arch:x86

b9c91cfdfb89708223f89b1f6db71f80

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:e8:a3:3d:54:c2:ce:90:c5:e7:e9:01:50:a2:c2:0a:79:fe:9c:5d
Signer

Actual PE Digest

2e:e8:a3:3d:54:c2:ce:90:c5:e7:e9:01:50:a2:c2:0a:79:fe:9c:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\OEdmn.pdb

Imports

wininet

InternetQueryOptionA

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

kernel32

CreateFileMappingA
LeaveCriticalSection
FlushInstructionCache
MapViewOfFile
LoadLibraryA
GetProcAddress
CompareStringA
CompareStringW
LocalFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
InterlockedExchange
GetTickCount
GetCurrentProcessId
OutputDebugStringA
GetVersionExA
HeapFree
GetProcessHeap
HeapAlloc
CreateSemaphoreA
ReleaseSemaphore
GetTempPathA
GetComputerNameA
CreateFileA
WriteFile
HeapCreate
IsValidCodePage
GetOEMCP
OpenProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetFileType
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryExA
SizeofResource
GlobalAlloc
GlobalUnlock
IsDBCSLeadByte
FreeLibrary
SetFilePointer
ReadFile
FlushFileBuffers
GetStringTypeA
GetEnvironmentStringsW
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileW
SetEndOfFile
InitializeCriticalSection
GetModuleHandleA
RaiseException
GlobalLock
InterlockedDecrement
MulDiv
InterlockedIncrement
DeleteCriticalSection
lstrlenA
LoadResource
FindResourceA
TlsFree
GetLastError
MultiByteToWideChar
lstrcmpA
lstrcmpiA
Sleep
EnterCriticalSection
lstrlenW
SetLastError
OpenSemaphoreA
UnmapViewOfFile
WideCharToMultiByte
CreateProcessA
CloseHandle
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetHandleCount

user32

GetPropA
GetCursorPos
PtInRect
GetAsyncKeyState
GetForegroundWindow
UnregisterClassA
RedrawWindow
GetWindowThreadProcessId
RemovePropA
FillRect
PeekMessageA
GetMessageA
SetWindowTextA
LoadCursorA
TranslateMessage
SetCursorPos
DispatchMessageA
EndPaint
GetDlgItem
GetWindowTextA
GetClassInfoExA
ScreenToClient
ShowWindow
GetDC
ReleaseDC
MoveWindow
SetWindowPos
KillTimer
GetWindowLongA
SetTimer
PostQuitMessage
CreateWindowExA
GetClassNameA
DefWindowProcA
SetCapture
ReleaseCapture
SetPropA
SetFocus
GetParent
RegisterWindowMessageA
SetWindowLongA
IsChild
InvalidateRect
FindWindowA
GetSysColor
BeginPaint
GetFocus
IsWindow
SendMessageA
GetWindow
CreateAcceleratorTableA
GetDesktopWindow
GetClientRect
InvalidateRgn
CallWindowProcA
DestroyAcceleratorTable
RegisterClassExA
CharNextA
DestroyWindow
GetWindowTextLengthA
TrackMouseEvent
ClientToScreen
GetWindowRect

gdi32

DeleteObject
CreateCompatibleDC
GetObjectA
GetStockObject
GetDeviceCaps
DeleteDC
SelectObject
BitBlt
CreateCompatibleBitmap
CreateSolidBrush

advapi32

RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameA

ole32

CLSIDFromProgID
CoUninitialize
OleUninitialize
StringFromGUID2
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoTaskMemRealloc
OleInitialize
CLSIDFromString
CoTaskMemFree

oleaut32

SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
DispCallFunc
VariantClear
VariantInit
SysFreeString
SysStringLen
VarUI4FromStr
SysStringByteLen
SysAllocString

shlwapi

PathAppendA

crypt32

CertGetNameStringA
CertCloseStore
CertFindCertificateInStore
CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OEldr_3.dll
.dll windows:4 windows x86 arch:x86

0ce757c9d1bf953eedbaeb8361910443

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:7e:3c:45:1d:c4:66:b0:d4:ad:eb:be:15:6d:f0:fb:aa:89:b1:2d
Signer

Actual PE Digest

ee:7e:3c:45:1d:c4:66:b0:d4:ad:eb:be:15:6d:f0:fb:aa:89:b1:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\OEldr.pdb

Imports

kernel32

OutputDebugStringA
GetLastError
LocalFree
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
CreateSemaphoreA
CreateFileA
OpenMutexA
GetVersionExA
GetComputerNameA
GetModuleHandleA
HeapFree
GetProcessHeap
HeapAlloc
InterlockedCompareExchange
CreateThread
ResumeThread
SuspendThread
SetThreadPriority
GetSystemDirectoryA
Sleep
CreateEventA
SetEnvironmentVariableA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
WriteFile
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapCreate
IsValidCodePage
GetCurrentProcessId
GetTickCount
InterlockedExchange
DisableThreadLibraryCalls
WideCharToMultiByte
CompareStringW
MultiByteToWideChar
CompareStringA
lstrlenA
GetCurrentThreadId
InterlockedIncrement
RaiseException
FlushInstructionCache
GetCurrentProcess
GetOEMCP
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
EnterCriticalSection
DeleteCriticalSection
SetLastError
LeaveCriticalSection
InterlockedDecrement
InitializeCriticalSection
GetModuleFileNameA
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetACP
GetLocaleInfoA

user32

GetWindowLongA
SetTimer
KillTimer
CallWindowProcA
DefWindowProcA
IsWindow
GetClassNameA
CallNextHookEx
MessageBoxA
DestroyWindow
SetWindowLongA
PostMessageA
SendMessageTimeoutA
UnregisterClassA
SendMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
FindWindowA

advapi32

RegQueryValueExA
RegCloseKey
CreateProcessAsUserA
ConvertStringSidToSidA
DuplicateTokenEx
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize
CoCreateInstance

shlwapi

PathStripPathA

crypt32

CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CryptQueryObject
CertFreeCertificateContext

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

AnnounceUpdate
InstallHook
UninstallHook

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shdata
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Preferences_11.exe
.exe windows:4 windows x86 arch:x86

d5b1ebd473fb0ecb08e65fee4849cc0c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:f7:2a:55:e8:a1:f5:89:61:c8:fd:45:b8:e0:6d:e1:09:77:bf:7b
Signer

Actual PE Digest

4b:f7:2a:55:e8:a1:f5:89:61:c8:fd:45:b8:e0:6d:e1:09:77:bf:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\Preferences.pdb

Imports

kernel32

GetTempPathA
CreateFileA
OpenMutexA
TlsGetValue
TlsSetValue
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetExitCodeProcess
ExitProcess
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStartupInfoA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetSystemDirectoryA
OpenProcess
ReleaseSemaphore
CreateSemaphoreA
ReleaseMutex
CreateMutexA
OutputDebugStringA
GetCurrentProcessId
GetTickCount
GetComputerNameA
GetVersionExA
GetProcAddress
LocalFree
WaitForSingleObject
CloseHandle
CreateEventA
GlobalFree
CompareStringW
CompareStringA
lstrcmpA
TlsAlloc
TlsFree
FindResourceExA
lstrlenW
LoadLibraryA
GetThreadLocale
FreeLibrary
IsDBCSLeadByte
InterlockedExchange
InterlockedDecrement
MultiByteToWideChar
InterlockedIncrement
lstrlenA
lstrcmpiA
DeleteCriticalSection
MulDiv
SizeofResource
GlobalAlloc
GetModuleFileNameA
GlobalLock
GlobalUnlock
FormatMessageA
HeapFree
GetProcessHeap
InitializeCriticalSection
HeapAlloc
FreeResource
LoadLibraryExA
GetModuleHandleA
WideCharToMultiByte
LockResource
LoadResource
FindResourceA
GetLastError
RaiseException
SetLastError
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetOEMCP

user32

SetWindowTextA
ShowWindow
SetTimer
EndDialog
KillTimer
SetWindowPos
MapWindowPoints
SendMessageA
GetClientRect
SendMessageTimeoutA
wsprintfA
GetWindowRect
SystemParametersInfoA
MessageBoxA
LoadImageA
GetSystemMetrics
DialogBoxParamA
GetActiveWindow
LoadStringA
DrawTextA
PostMessageA
EnableWindow
GetWindowLongA
GetDlgItem
UnregisterClassA
CreateAcceleratorTableA
GetWindow
ClientToScreen
RedrawWindow
DestroyAcceleratorTable
GetDesktopWindow
SetWindowLongA
RegisterWindowMessageA
SetCapture
ReleaseCapture
GetSysColor
FillRect
GetWindowTextLengthA
SetForegroundWindow
FindWindowA
GetParent
SetCursor
GetClassInfoExA
RegisterClassExA
CallWindowProcA
GetWindowTextA
GetClassNameA
InvalidateRgn
PtInRect
WinHelpA
IsChild
GetFocus
GetKeyState
SetFocus
DestroyWindow
GetDC
CreateDialogParamA
GetDialogBaseUnits
ReleaseDC
IsWindow
MoveWindow
CharNextA
CreateWindowExA
ScreenToClient
BeginPaint
EndPaint
IsDialogMessageA
IntersectRect
EqualRect
OffsetRect
LoadCursorA
SetWindowRgn
InvalidateRect
UnionRect
SetPropA
RemovePropA
DefWindowProcA
GetPropA

gdi32

DeleteObject
CreateFontIndirectA
SetTextColor
GetObjectA
CreateDCA
CreateRectRgnIndirect
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
RestoreDC
SelectObject
SetViewportOrgEx
GetTextExtentPointA
SetWindowOrgEx
GetTextMetricsA
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
GetStockObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
StartDocA
StartPage
EndPage
EndDoc
DeleteMetaFile
DeleteDC

comdlg32

PrintDlgA

advapi32

RegEnumKeyA
GetUserNameA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
GetLengthSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExA
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptDestroyHash
ConvertStringSidToSidA
CryptDecrypt
CryptCreateHash
CryptAcquireContextA
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptDestroyKey

shell32

ShellExecuteExA
ord165
SHGetFolderPathA
ShellExecuteA

ole32

CreateStreamOnHGlobal
StringFromGUID2
CLSIDFromProgID
CoInitialize
CoGetClassObject
OleInitialize
OleLockRunning
OleUninitialize
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
WriteClassStm
CLSIDFromString
CoTaskMemAlloc
OleLoadFromStream
CreateDataAdviseHolder
CoTaskMemRealloc
OleRegGetMiscStatus
CreateOleAdviseHolder
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

OleCreatePropertyFrame
OleLoadPicture
OleCreateFontIndirect
VariantInit
SysAllocStringLen
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
SysStringLen
LoadTypeLi
SysFreeString
LoadRegTypeLi
VariantChangeType

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

urlmon

URLDownloadToFileA

crypt32

CryptMsgClose
CryptQueryObject
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam

riched20

ord6

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Settings_13.cab
.cab
Uninstaller.exe.nsis
Updater_17.exe
.exe windows:4 windows x86 arch:x86

be1bb176fe2f029605ba279f02271525

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:35:f7:f0:c5:74:53:a4:f1:68:40:13:64:5e:aa:75:b2:42:d0:dd
Signer

Actual PE Digest

95:35:f7:f0:c5:74:53:a4:f1:68:40:13:64:5e:aa:75:b2:42:d0:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\Updater.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

LocalFree
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
InterlockedExchange
GetTickCount
GetCurrentProcessId
OutputDebugStringA
GetVersionExA
GetComputerNameA
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
RtlUnwind
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
WriteFile
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetTimeZoneInformation
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
CompareStringW
CompareStringA
GetConsoleCP
EnterCriticalSection
GetLastError
SetLastError
lstrlenA
GetModuleHandleA
RaiseException
MultiByteToWideChar
lstrlenW
LeaveCriticalSection
WideCharToMultiByte
lstrcmpiA
GetCurrentThreadId
lstrcmpA
InterlockedDecrement
InitializeCriticalSection
InterlockedIncrement
FlushInstructionCache
LoadLibraryExA
GetCurrentProcess
FindResourceA
LoadResource
DeleteCriticalSection
SizeofResource
GlobalAlloc
IsDBCSLeadByte
GetModuleFileNameA
FreeLibrary
GlobalLock
GetProcAddress
GlobalUnlock
LoadLibraryA
MulDiv
SetEnvironmentVariableA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
SetFilePointer
LCMapStringW
LCMapStringA
GetConsoleMode
Sleep

user32

UnregisterClassA
GetWindowLongA
CreateAcceleratorTableA
InvalidateRgn
RegisterClassExA
CreateWindowExA
GetDesktopWindow
ClientToScreen
ScreenToClient
RegisterWindowMessageA
GetClassNameA
SetWindowPos
GetParent
GetSysColor
BeginPaint
MoveWindow
IsChild
CharNextA
GetWindowTextLengthA
GetClientRect
GetFocus
DestroyAcceleratorTable
SetFocus
GetWindow
FillRect
GetWindowTextA
SetWindowTextA
SetCapture
ReleaseCapture
SetWindowLongA
DestroyWindow
EndPaint
IsWindow
DefWindowProcA
RedrawWindow
LoadCursorA
GetDC
GetDlgItem
SendMessageA
CallWindowProcA
ReleaseDC
InvalidateRect
GetClassInfoExA

gdi32

SelectObject
BitBlt
DeleteObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
DeleteDC
GetObjectA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

ole32

StringFromGUID2
CoCreateInstance
OleUninitialize
CoTaskMemRealloc
OleInitialize
CoGetClassObject
CoUninitialize
CoTaskMemFree
CoInitialize
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoTaskMemAlloc
OleLockRunning

oleaut32

SysStringLen
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysFreeString

comctl32

InitCommonControlsEx

crypt32

CryptQueryObject
CertFreeCertificateContext
CertGetNameStringA
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CryptMsgClose

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Updater_9.dll
.dll windows:4 windows x86 arch:x86

d758fcee2536a45c986045dd4c72b84f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:5e:ee:a5:d6:f2:b6:57:96:ae:cf:ea:d5:fd:24:37:25:88:f3:0c
Signer

Actual PE Digest

18:5e:ee:a5:d6:f2:b6:57:96:ae:cf:ea:d5:fd:24:37:25:88:f3:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\LibUpdate_s.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

urlmon

URLDownloadToFileA

ws2_32

WSACleanup

kernel32

HeapFree
GetProcessHeap
CompareStringW
InterlockedExchange
CompareStringA
CopyFileA
FindFirstFileA
FindClose
CreateSemaphoreA
ReleaseSemaphore
CreateThread
WaitForSingleObject
TerminateThread
RemoveDirectoryA
CreateProcessA
GetExitCodeProcess
GetFileAttributesA
CreateDirectoryA
FindResourceExA
MoveFileA
GetTickCount
GetCurrentProcessId
OutputDebugStringA
GetComputerNameA
HeapAlloc
LocalFree
Sleep
CreateEventA
SetEvent
GetTempPathA
GetTempFileNameA
SetFileAttributesA
FindNextFileA
SetCurrentDirectoryA
ResumeThread
SuspendThread
SetThreadPriority
GetExitCodeThread
CreateMutexA
ReleaseMutex
TlsGetValue
TlsSetValue
CreateFileA
WriteFile
ReadFile
WideCharToMultiByte
OpenMutexA
GetCurrentDirectoryA
HeapCreate
IsValidCodePage
GetOEMCP
GetStdHandle
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCommandLineA
GetDriveTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
MulDiv
LoadLibraryExA
LockResource
SizeofResource
LoadResource
FindResourceA
GlobalFree
InterlockedIncrement
GlobalHandle
TlsFree
lstrlenA
TlsAlloc
IsDBCSLeadByte
GetModuleFileNameA
lstrcmpA
GlobalUnlock
MultiByteToWideChar
GetModuleHandleA
GlobalLock
GlobalAlloc
lstrlenW
lstrcmpiA
GetCurrentThreadId
InterlockedDecrement
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
RaiseException
SetLastError
FlushInstructionCache
GetCurrentProcess
GetLastError
CloseHandle
TerminateProcess
OpenProcess
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetShortPathNameA
EnterCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetVersionExA
GetLocaleInfoW
FlushFileBuffers
SetEndOfFile
SetEnvironmentVariableA
SetHandleCount
GetFullPathNameA
GetFileType

user32

GetPropA
GetSystemMetrics
SetClassLongA
KillTimer
SetTimer
EndDialog
LoadStringA
SendMessageTimeoutA
FindWindowA
LoadIconA
DestroyIcon
SystemParametersInfoA
GetWindowRect
PostQuitMessage
IsDialogMessageA
FindWindowExA
SendMessageA
GetDlgItem
SetCapture
GetDC
ReleaseCapture
ReleaseDC
CharNextA
DefWindowProcA
RedrawWindow
GetClassInfoExA
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
BroadcastSystemMessageA
MessageBoxIndirectA
GetWindowLongA
LoadCursorA
InvalidateRect
RegisterClassExA
CreateAcceleratorTableA
GetWindow
GetSysColor
InvalidateRgn
DestroyAcceleratorTable
SetWindowPos
CreateDialogIndirectParamA
SetWindowContextHelpId
ClientToScreen
GetDesktopWindow
BeginPaint
IsChild
ScreenToClient
RegisterWindowMessageA
GetClientRect
GetFocus
CreateWindowExA
SetFocus
MapDialogRect
CallWindowProcA
MoveWindow
PeekMessageA
GetClassNameA
GetMessageA
GetWindowTextLengthA
DestroyWindow
FillRect
TranslateMessage
GetParent
DispatchMessageA
EndPaint
IsWindow
ShowWindow
GetWindowTextA
SetWindowTextA
PostMessageA
GetActiveWindow
SetWindowLongA
DialogBoxParamA
MessageBoxA
ExitWindowsEx
UnregisterClassA
MapWindowPoints

gdi32

GetStockObject
GetDeviceCaps
GetObjectA
CreateFontIndirectA
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
SetBkColor
DeleteObject

advapi32

GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
ConvertStringSidToSidA
DuplicateTokenEx
OpenProcessToken
GetUserNameA
RegEnumKeyA
RegCreateKeyA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
GetSidSubAuthority
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptHashData
CryptDeriveKey
CryptAcquireContextA
CryptCreateHash
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey

shell32

SHFileOperationA
SHGetSpecialFolderPathA
ord165
ShellExecuteExA
SHGetFolderPathA

ole32

CoGetClassObject
StringFromGUID2
CoTaskMemAlloc
OleInitialize
CLSIDFromProgID
OleLockRunning
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemRealloc
CLSIDFromString
OleUninitialize
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VarUI4FromStr
SysStringByteLen
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
OleLoadPicture
VariantChangeType
SysAllocString

shlwapi

PathFileExistsA
PathRemoveFileSpecA
SHCopyKeyA
PathFindExtensionA
PathRemoveBackslashA
SHDeleteKeyA

crypt32

CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringA
CertCloseStore
CertFindCertificateInStore

Exports

Exports

RunUpdater

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowsLiveMail_13.CAB
.cab
YahooBeta_18.CAB
.cab
Yahoo_37.CAB
.cab
chrome.manifest
chrome2.manifest
chrome3.manifest
emailID.jar
.zip .js polyglot
emailID2.jar
.zip .js polyglot
emailID3.jar
.zip .js polyglot
iconix_1.ico
install.rdf
.xml
install2.rdf
.xml
install3.rdf
.xml
npIconixProxy.dll
.dll windows:4 windows x86 arch:x86

e39ef62d626319c825784daf02a03a80

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:e1:1a:e3:af:71:ae:cd:62:e4:8c:bd:7a:d0:ec:ed:1f:81:84:ad
Signer

Actual PE Digest

18:e1:1a:e3:af:71:ae:cd:62:e4:8c:bd:7a:d0:ec:ed:1f:81:84:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\npIconixProxy.pdb

Imports

kernel32

GetVersionExA
GetComputerNameA
GetModuleHandleA
CreateFileA
HeapFree
GetProcessHeap
OutputDebugStringA
GetCurrentProcess
SetLastError
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoW
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
GetModuleFileNameA
CompareStringW
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
LoadLibraryA
LocalFree
InterlockedExchange
FreeLibrary
GetProcAddress
HeapAlloc
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
WriteFile
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapReAlloc
VirtualAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetThreadLocale

advapi32

RegCloseKey
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA
RegQueryValueExA

crypt32

CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nsIIconixPlugin.xpt
resource_4.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-06-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=Iconix\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Iconix\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

23:4e:0f:70:c2:b7:a0:88:d1:bc:c1:7d:f6:77:4b:5a:a8:f1:bd:c6
Signer

Actual PE Digest

23:4e:0f:70:c2:b7:a0:88:d1:bc:c1:7d:f6:77:4b:5a:a8:f1:bd:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\source\Iconix-LeSabre\bin\Release\resource.pdb

Sections

.rdata
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

97318da386948415d08cef4a9006d669

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96Certificate

Extended Key Usages

Key Usages

99:b3:7c:bc:25:84:27:c2:66:8f:27:e8:b3:96:f1:52:15:f4:7b:60Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 22KB - Virtual size: 22KB

d45586ff4b2f3d533e94f8f7dd1ac1f9

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

crypt32

version

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 17KB - Virtual size: 17KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4ec328f99bdd944fc98d8a5cf11f7a62

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

99:b3:7c:bc:25:84:27:c2:66:8f:27:e8:b3:96:f1:52:15:f4:7b:60
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 657B

.data
Size: 512B - Virtual size: 85B

.reloc
Size: 512B - Virtual size: 154B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1d:ae:b1:5c:f5:29:b9:b5:9a:ec:56:ba:aa:fe:38:96
Certificate

f5:73:27:fd:91:9f:1d:49:bc:fe:61:90:b9:37:fe:09:2c:bb:11:d8
Signer

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 14KB - Virtual size: 14KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate