Change My Software XP Edition[.]zip

Resubmissions

20/02/2024, 10:06

240220-l5kkaafd38 3

Sharing

Copy URL Twitter E-mail

General

Target

Change My Software XP Edition.zip
Size

2.9MB
MD5

96ec1ab596723ca1c54e98f39dff4a96
SHA1

bc43acca068e97a3eda4d7b3f99b9d3a4f2096b3
SHA256

bc3457320dea427279108b498e14fbc3236bfc8a016a013d564318936b4f2930
SHA512

b4cb991d798adc8fe372d40370908c340636810981b8e9e3cad5a47582299bf529993c9ebf9b8e6319d9308b3746ce9ffa8d7ae7879299dbc69d548e4aadf901
SSDEEP

49152:XngZqCJIS9wsseDPUS328ldH16sgJUvjbGO4oHSXstrE9MZphOPlkqTEt:QgCJDtse7US3ApJU7bw6QD9MReT2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Change My Software XP Edition/Change My Software XP Edition.exe

Files

Change My Software XP Edition.zip
.zip
Change My Software XP Edition/Change My Software XP Edition.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Tobiasz\Desktop\Programy opublikowane + pliki\Change My Software XP Edition\Program z błędem urządzenia\Projekt\Change My Software XP Edition\Change My Software XP Edition\obj\x86\Debug\Change My Software XP Edition.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Change My Software XP Edition/ainar.dll
Change My Software XP Edition/device_test.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0c137f2991b6d7df1e28d6131824a83d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

12:f4:23:c2:53:36:23:d9:61:23:84:41:5a:b4:49:89:5b:13:44:64
Signer

Actual PE Digest

12:f4:23:c2:53:36:23:d9:61:23:84:41:5a:b4:49:89:5b:13:44:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvbprj.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData

kernel32

InterlockedExchange
DisableThreadLibraryCalls
GlobalReAlloc
GlobalSize
SetCurrentDirectoryW
LoadLibraryA
DeleteCriticalSection
LoadLibraryExW
lstrcmpiW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetFullPathNameA
FindFirstFileA
GetVersionExA
IsValidCodePage
CreateFileA
CreateFileMappingA
GetACP
SetEnvironmentVariableW
SetPriorityClass
OpenProcess
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalFree
lstrcmpW
IsDBCSLeadByte
GetCurrentDirectoryW
GetSystemDirectoryW
GetModuleHandleExW
GetSystemDefaultLangID
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetShortPathNameA
GetShortPathNameW
GetFileTime
HeapCreate
LocalAlloc
GetConsoleOutputCP
CompareStringW
EnumResourceNamesA
CreateThread
InitializeCriticalSection
SetEvent
CreateEventW
FindAtomW
FreeLibrary
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetSystemInfo
SwitchToThread
FindNextFileW
RemoveDirectoryW
GetTempPathW
GetVolumeInformationW
SetFileTime
CompareFileTime
FreeResource
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTempFileNameW
CreateFileW
GetFileType
CopyFileW
DeleteFileW
GetFileSize
MoveFileW
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
GetFullPathNameW
GetVersionExW
LoadLibraryW
CloseHandle
SetFileAttributesW
FindFirstFileW
FindClose
FormatMessageW
LocalFree
GetFileAttributesW
CreateDirectoryW
GetEnvironmentVariableW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
DecodePointer
EncodePointer
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
GetCurrentProcess
FlushInstructionCache
SetLastError
GetProcAddress
GetModuleHandleW
GetLastError
MultiByteToWideChar
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
InterlockedDecrement

msvcr100

iswalpha
wcsspn
??3@YAXPAX@Z
wmemcpy_s
memcpy_s
wcsrchr
wcsnlen
free
malloc
_recalloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_strnicmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wmkdir
_waccess_s
_swab
_waccess
_snwprintf_s
_CIfmod
_stricmp
_CIpow
_isnan
tolower
wprintf
_wmakepath_s
atof
sprintf_s
strncat_s
strcat_s
_ecvt_s
_ui64tow_s
_i64tow_s
_mktime64
_localtime64
_vsnwprintf
__iob_func
fwprintf
_vsnwprintf_s
printf
??0exception@std@@QAE@XZ
wcstoul
_wcstoi64
_errno
??0exception@std@@QAE@ABQBDH@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_ultow_s
_itow_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_ltow_s
bsearch
_itow
wcstok
_wfullpath
_fullpath
_wtol
iswdigit
wcsncpy
_localtime64_s
ceil
floor
_time64
_wsplitpath_s
_wcslwr_s
_wcsicmp
wcsncmp
_wcsnicmp
wcspbrk
__CxxFrameHandler3
_CxxThrowException
memmove
memcpy
memset
??2@YAPAXI@Z
_resetstkoflw
calloc
_purecall
memmove_s
_vscwprintf
vswprintf_s
wcsstr
wcschr
wcsncpy_s
wcscpy_s
wcscat_s
wcstok_s
swprintf_s
qsort
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
iswspace

oleaut32

VarBstrFromDate
GetErrorInfo
CreateErrorInfo
SetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString
SafeArrayLock
SafeArrayGetVartype
SafeArrayUnlock
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
QueryPathOfRegTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLibEx
SafeArrayCreate
VarBstrCmp
VarBstrCat
VariantChangeType
VarCmp
VarBoolFromStr
VarBstrFromDec
VarDecCmp
VarDecFromStr
VarR8FromStr
VarR4FromR8
VarUI4FromR4
VarUI4FromR8
VarUI4FromDec
VarR8FromDec
VarDecFromR8
VarDecAdd
VarDecSu
VarDecMul
VarDecDiv
VarDecFix
VarDecNeg
SysReAllocStringLen
SafeArrayPutElement
SafeArrayRedim
SafeArrayAccessData
SafeArrayUnaccessData

ole32

CoUninitialize
CoWaitForMultipleHandles
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
OleDuplicateData
CreateDataAdviseHolder
CoRegisterMessageFilter
CoInitializeEx
StringFromIID
OleFlushClipboard
CreateStreamOnHGlobal
CoCreateGuid
CoGetClassObject
IIDFromString
StringFromCLSID
CoCreateFreeThreadedMarshaler
CLSIDFromString
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

user32

IsCharAlphaNumericW
IsCharAlphaW
OpenClipboard
EmptyClipboard
CloseClipboard
LoadImageW
RegisterClipboardFormatW
IsClipboardFormatAvailable
SendDlgItemMessageW
GetDlgCtrlID
GetParent
GetDlgItem
EnableWindow
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
DialogBoxIndirectParamW
EndDialog
DialogBoxParamW
SetWindowLongW
CharNextW
UnregisterClassA
LoadStringW
IsWindowEnabled
GetActiveWindow
MessageBoxW
GetCursorPos
LoadCursorW
SetCursor
ReleaseDC
GetDC
MessageBoxIndirectW
SetWindowTextW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DestroyWindow
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetDlgItemTextW
SetFocus
SendMessageW
DispatchMessageW
ScreenToClient
DrawTextExW
IsDlgButtonChecked

comctl32

ImageList_LoadImageW
ImageList_Destroy

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mscoree

LoadLibraryShim
GetCORSystemDirectory
GetFileVersion
CorBindToCurrentRuntime
GetRealProcAddress
StrongNameKeyDelete

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

gdi32

GetTextExtentPointW
GetStockObject
SelectObject
CopyMetaFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 958KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Change My Software XP Edition/readme.htm
Change My Software XP Edition/serv_info.dll
.dll windows:5 windows x86 arch:x86

17597f3f37b45172862d5fdf44cbad20

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:d2:53:97:95:d0:c0:1a:93:24:d7:dd:dc:08:88:11:ad:26:99:89
Signer

Actual PE Digest

a9:d2:53:97:95:d0:c0:1a:93:24:d7:dd:dc:08:88:11:ad:26:99:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vsbasereqs.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegOpenKeyW
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
LsaOpenPolicy

kernel32

LoadLibraryA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExW
GetLocalTime
GetFileInformationByHandle
PeekNamedPipe
GetProcessHeap
SetEndOfFile
GetTimeZoneInformation
GetSystemInfo
GetWindowsDirectoryW
GetPrivateProfileSectionW
FormatMessageW
LocalAlloc
FindClose
InitializeCriticalSection
MulDiv
CreateFileMappingW
MapViewOfFile
GetShortPathNameW
UnmapViewOfFile
CreateThread
CompareStringW
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
FreeLibrary
lstrlenW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetProcAddress
GetDiskFreeSpaceExW
GetSystemDirectoryW
ExitProcess
WriteFile
CreateFileW
GetTempPathW
GetVersionExW
GetCommandLineW
GetCurrentThreadId
GetCommandLineA
GetFileAttributesW
HeapFree
GetFullPathNameW
HeapAlloc
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetCurrentDirectoryW
GetDriveTypeW
GetLocaleInfoW
HeapReAlloc
InterlockedExchange
LoadLibraryW
RtlUnwind
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CloseHandle
FlushFileBuffers
EnumUILanguagesW
LocalFree
GetPrivateProfileStringW
ReadFile
IsWow64Process
SetEnvironmentVariableA

user32

MessageBoxW
CharNextW
MsgWaitForMultipleObjects
GetSystemMetrics
DispatchMessageW
PeekMessageW
CharPrevW
ReleaseDC
SystemParametersInfoW
GetDC
TranslateMessage

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CLSIDFromProgID
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
StringFromCLSID
OleRun

oleaut32

VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
SetErrorInfo
CreateErrorInfo
SysAllocString
VarUI4FromStr
VarBstrCmp

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetClassID

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Change My Software XP Edition/trylat.dll
.dll windows:5 windows x86 arch:x86

4fcd4125ca6d063e639ed394c0519ff2

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c3:cb:2f:aa:e3:9b:04:46:79:bd:f6:39:00:aa:38:da:bc:37:98:01
Signer

Actual PE Digest

c3:cb:2f:aa:e3:9b:04:46:79:bd:f6:39:00:aa:38:da:bc:37:98:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vsscenario.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegCreateKeyW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
RegOpenKeyW
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
ImpersonateSelf
OpenServiceW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
LsaOpenPolicy

kernel32

GetDriveTypeW
DeviceIoControl
GlobalMemoryStatusEx
GetCurrentProcessId
Sleep
MapViewOfFile
FindResourceExW
GetPrivateProfileSectionW
GetLogicalDriveStringsW
LoadLibraryW
GetFullPathNameW
CreateFileMappingW
GetCommandLineW
GetSystemInfo
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
CompareStringW
GetTimeZoneInformation
PeekNamedPipe
GetFileInformationByHandle
GetLocalTime
FindFirstFileExW
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
InterlockedDecrement
LoadLibraryExW
SizeofResource
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
GetProcAddress
SetEndOfFile
CreateEventW
SetEvent
CreateMutexW
LocalAlloc
ReleaseMutex
FreeLibrary
FormatMessageW
FindClose
GetShortPathNameW
UnmapViewOfFile
EnumUILanguagesW
CreateThread
IsWow64Process
GetCurrentDirectoryW
GetFileSize
ReadFile
lstrlenA
GetSystemDirectoryW
LocalFree
FreeResource
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
InterlockedPushEntrySList
InitializeCriticalSection
InterlockedCompareExchange
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
RtlUnwind
InterlockedExchange
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCurrentThread
TlsFree
SetEnvironmentVariableA
TlsSetValue
TlsGetValue
TlsAlloc
GetFileAttributesW
HeapAlloc
HeapFree
GetCommandLineA
lstrcmpW
MulDiv
FlushInstructionCache
GetCurrentProcess
lstrlenW
GlobalFree
GlobalHandle
SetLastError
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
GetLastError
GlobalLock
GlobalAlloc
LockResource
LoadResource
FindResourceW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
DeleteFileW
GetVersionExW
GetPrivateProfileStringW
GetModuleFileNameW
GetWindowsDirectoryW

gdi32

GetStockObject
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetObjectW
GetDeviceCaps

dlmgr

?DisposeHInternet@@YGXPAX@Z
?Create@CDownloadManager@dlmgr@@SGPAV12@PAUIDownloadClient@2@PAUIDownloadLog@2@@Z
?CreateJob@CDownloadManager@dlmgr@@QBEPAVCDownloadJob@2@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG1IABVCRegistryValue@@_N0HH3@Z
?Null@CRegistryValue@@2V1@B
?NeedToCheckCert@CDownloadJob@dlmgr@@SGHH@Z
?GetState@CDownloadJob@dlmgr@@QAE?AW4State@12@XZ
?Dispose@CDownloadManager@dlmgr@@SGXPAV12@@Z
?Dispose@CDownloadJob@dlmgr@@SGXPAV12@@Z
?Cancel@CDownloadJob@dlmgr@@QAEXXZ
?WaitForFinish@CDownloadJob@dlmgr@@QAE_NXZ
?Start@CDownloadJob@dlmgr@@QAEXXZ
?Msg@CDownloadError@dlmgr@@QBEPBGXZ
?GetDownloadServer@CGlobalSettings@dlmgr@@SGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

user32

GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
GetDlgItem
SetWindowTextW
SetDlgItemTextW
GetParent
EndDialog
SetWindowLongW
ShowWindow
SendMessageW
GetSysColor
GetSystemMetrics
ScreenToClient
CreateWindowExW
MessageBoxW
SetWindowPos
MapWindowPoints
SetForegroundWindow
GetClientRect
CreateDialogIndirectParamW
RegisterClassExW
LoadCursorW
DefWindowProcW
DestroyAcceleratorTable
SystemParametersInfoW
GetDlgItemTextW
GetKeyboardType
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW
UnregisterClassA
LoadIconW
DialogBoxParamW
EnumWindows
FindWindowW
IsWindowVisible
GetWindowThreadProcessId
GetActiveWindow
MapDialogRect
SetWindowContextHelpId
SetScrollPos
CreateCaret
SetScrollInfo
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
IsWindow
GetClassNameW
CharNextW
RedrawWindow
GetClassInfoExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow

wininet

HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetGetConnectedState

shell32

CommandLineToArgvW
ShellExecuteW

ole32

OleLockRunning
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize
OleRun
CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

LoadTypeLi
LoadRegTypeLi
VariantClear
VariantInit
CreateErrorInfo
SetErrorInfo
VarUI4FromStr
GetErrorInfo
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupIterateCabinetW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetClassID

Sections

.text
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Change My Software XP Edition/update.dll
Change My Software XP Edition/vs70uimgr.dll
.dll windows:5 windows x86 arch:x86

4d6ccbdbe5296916a3791a78b18962c8

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

45:9a:b6:32:74:5b:0c:37:05:b6:c0:ad:0d:1e:7b:36:4d:7f:bf:e5
Signer

Actual PE Digest

45:9a:b6:32:74:5b:0c:37:05:b6:c0:ad:0d:1e:7b:36:4d:7f:bf:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vs70uimgr.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
GetCommandLineW
GetCurrentThread
CreateThread
WaitForSingleObject
WriteFile
GetTempPathW
CreateFileMappingW
GetFileAttributesW
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
LoadLibraryW
CreateProcessW
SetEvent
SetFileAttributesW
SetErrorMode
CreateEventW
GetExitCodeThread
ResetEvent
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FreeLibrary
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetLastError
lstrlenW
MultiByteToWideChar
CompareStringW
GetTimeZoneInformation
PeekNamedPipe
GetFileInformationByHandle
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
GetModuleFileNameW
CloseHandle
Sleep
GetDriveTypeW
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
MapViewOfFile
GetCurrentThreadId
IsWow64Process
GetCurrentDirectoryW
EnumUILanguagesW
GetVersion
GetModuleHandleA
lstrcmpA
MulDiv
GetPrivateProfileStringW
GetShortPathNameW
GetWindowsDirectoryW
GetPrivateProfileSectionW
GetSystemDirectoryW
SetEndOfFile
ReadFile
RemoveDirectoryW
CreateDirectoryW
lstrlenA
GetSystemDefaultLCID
UnmapViewOfFile
GetSystemInfo
CreateMutexW
ReleaseMutex
GetExitCodeProcess
DuplicateHandle
OutputDebugStringW
FormatMessageW
DeleteFileW
GetTempFileNameW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
FindFirstFileExW
EnterCriticalSection
InterlockedPushEntrySList
InitializeCriticalSection
InterlockedCompareExchange
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetLocaleInfoW
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
SetEnvironmentVariableA
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapAlloc
HeapFree
GetCommandLineA
LoadLibraryA
InterlockedExchange
LocalFree
LocalAlloc

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

user32

GetWindow
GetWindowTextW
CreateWindowExW
TranslateMessage
DispatchMessageW
SetWindowLongW
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
PeekMessageW
SetWindowPos
SetWindowTextW
GetDlgItem
CharPrevW
CharNextW
MessageBoxW
EndDialog
SetDlgItemTextW
ShowWindow
SetCursor
GetWindowTextLengthW
GetDlgItemTextW
EnableWindow
SetFocus
SetForegroundWindow
LoadStringW
DefWindowProcW
CallWindowProcW
GetSystemMetrics
PostMessageW
DestroyWindow
LoadCursorW
GetClassInfoExW
MapWindowPoints
RegisterClassExW
ReleaseCapture
SetCapture
UnregisterClassA
ReleaseDC
GetDC
CreateDialogParamW
DialogBoxParamW
GetSystemMenu
EnableMenuItem
GetFocus
IsWindow
TranslateAcceleratorW
SetWindowPlacement
GetWindowPlacement
LoadIconW
GetDesktopWindow
SystemParametersInfoW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetMessageW
GetMessageA
DispatchMessageA
EndPaint
BeginPaint
PostThreadMessageW
SendMessageW
MsgWaitForMultipleObjects

comdlg32

GetOpenFileNameW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CLSIDFromProgID
OleRun
CoInitializeEx
CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoRegisterClassObject
CoLoadLibrary
CoRevokeClassObject
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
SysStringLen
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
VariantClear
SafeArrayDestroy
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VarBstrCmp
SafeArrayGetElement
GetErrorInfo
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msi

ord204
ord205
ord113
ord45
ord92
ord70
ord111
ord8
ord120
ord160
ord159
ord32

shlwapi

PathCombineW
PathRemoveFileSpecW

setupapi

SetupIterateCabinetW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetClassID

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOSX/._Change My Software XP Edition
__MACOSX/Change My Software XP Edition/._Change My Software XP Edition.exe
__MACOSX/Change My Software XP Edition/._ainar.dll
__MACOSX/Change My Software XP Edition/._device_test.dll
__MACOSX/Change My Software XP Edition/._readme.htm
__MACOSX/Change My Software XP Edition/._serv_info.dll
__MACOSX/Change My Software XP Edition/._src_files
__MACOSX/Change My Software XP Edition/._trylat.dll
__MACOSX/Change My Software XP Edition/._update.dll
__MACOSX/Change My Software XP Edition/._vs70uimgr.dll

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 240KB - Virtual size: 239KB

.sdata Size: 512B - Virtual size: 284B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

0c137f2991b6d7df1e28d6131824a83d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

12:f4:23:c2:53:36:23:d9:61:23:84:41:5a:b4:49:89:5b:13:44:64Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcr100

oleaut32

ole32

user32

comctl32

version

mscoree

msvcp100

gdi32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.data Size: 65KB - Virtual size: 67KB

.rsrc Size: 958KB - Virtual size: 957KB

.reloc Size: 134KB - Virtual size: 134KB

17597f3f37b45172862d5fdf44cbad20

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

a9:d2:53:97:95:d0:c0:1a:93:24:d7:dd:dc:08:88:11:ad:26:99:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

shell32

.text
Size: 240KB - Virtual size: 239KB

.sdata
Size: 512B - Virtual size: 284B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

12:f4:23:c2:53:36:23:d9:61:23:84:41:5a:b4:49:89:5b:13:44:64
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 65KB - Virtual size: 67KB

.rsrc
Size: 958KB - Virtual size: 957KB

.reloc
Size: 134KB - Virtual size: 134KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

a9:d2:53:97:95:d0:c0:1a:93:24:d7:dd:dc:08:88:11:ad:26:99:89
Signer

.text
Size: 335KB - Virtual size: 335KB

.data
Size: 17KB - Virtual size: 33KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 39KB - Virtual size: 39KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

c3:cb:2f:aa:e3:9b:04:46:79:bd:f6:39:00:aa:38:da:bc:37:98:01
Signer

.text
Size: 620KB - Virtual size: 619KB

.data
Size: 27KB - Virtual size: 44KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 57KB - Virtual size: 56KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

45:9a:b6:32:74:5b:0c:37:05:b6:c0:ad:0d:1e:7b:36:4d:7f:bf:e5
Signer