aa45e32ccc581d9a746be44341d2028c

Sharing

Copy URL Twitter E-mail

General

Target

aa45e32ccc581d9a746be44341d2028c
Size

1.8MB
MD5

aa45e32ccc581d9a746be44341d2028c
SHA1

c6b8a76d5cc992bde28716ad76396e80d954bae4
SHA256

8fccff9b3fef4bcebf9d3c1f70a2bc41464ff746a5147a55a33b9236fff0cbe6
SHA512

062fcf97f016cfea5cd4fa692c788607325f6b1317f7d32c4431186caf7c7dae18fd4686601346a0f6254b8487a36b9a5d48e2fb68c2c84062a29b8dcca7df9c
SSDEEP

49152:mFvOFNRcjV7oYyv2amxuuxusbjVWqaghPWv:gvO9cjbyvzuMsbjkq6v

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$TEMP/~nsis/c3i001/sqlite3.dll	acprotect
static1/unpack001/sqlite3.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$TEMP/~nsis/c3i001/sqlite3.dll	upx
static1/unpack001/sqlite3.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsProcess.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

aa45e32ccc581d9a746be44341d2028c
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/05/2011, 00:00

Not After

26/05/2012, 23:59

Subject

CN=agir,O=agir,L=Yeongcheon Si,ST=GYEONGSANGBUK-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/~nsis/c3i001/sqlite3.dll
.dll windows:4 windows x86 arch:x86

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/05/2011, 00:00

Not After

26/05/2012, 23:59

Subject

CN=agir,O=agir,L=Yeongcheon Si,ST=GYEONGSANGBUK-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 183KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/~nsis/c3i001/winagrs141.dll
.dll windows:4 windows x86 arch:x86

c994332f308b7a3d11e373bdc0f8011b

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/05/2011, 00:00

Not After

26/05/2012, 23:59

Subject

CN=agir,O=agir,L=Yeongcheon Si,ST=GYEONGSANGBUK-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sqlite3

sqlite3_free_table
sqlite3_reset
sqlite3_changes
sqlite3_bind_text
sqlite3_bind_int
sqlite3_bind_double
sqlite3_bind_blob
sqlite3_mprintf
sqlite3_open
sqlite3_close
sqlite3_exec
sqlite3_get_table
sqlite3_last_insert_rowid
sqlite3_busy_timeout
sqlite3_prepare
sqlite3_free
sqlite3_bind_null
sqlite3_step
sqlite3_finalize
sqlite3_errmsg
sqlite3_column_type
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_double
sqlite3_column_int
sqlite3_column_text
sqlite3_column_count
sqlite3_vmprintf

kernel32

GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetFileSize
GetFileTime
SystemTimeToFileTime
SetLastError
lstrlenW
LocalAlloc
FindNextFileA
GetCurrentThread
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetProcessVersion
GetCPInfo
LockFile
GlobalSize
CopyFileA
GetPrivateProfileIntA
GetCurrentDirectoryA
RtlUnwind
RaiseException
GetCommandLineA
CreateThread
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
SetStdHandle
GetFileType
FatalAppExitA
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
GetThreadLocale
MulDiv
lstrcmpA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
FindFirstFileA
FileTimeToSystemTime
FormatMessageA
LocalFree
SuspendThread
SetThreadPriority
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
lstrcpynA
FindResourceA
SizeofResource
LoadResource
LockResource
FreeResource
GetVersion
GetFileAttributesA
SetFileAttributesA
LoadLibraryA
FreeLibrary
CreateProcessA
GetExitCodeProcess
RemoveDirectoryA
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetFileAttributesExA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
GetShortPathNameA
MoveFileA
CreateDirectoryA
WideCharToMultiByte
WritePrivateProfileStringA
OpenProcess
GetModuleHandleA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
GetExitCodeThread
MultiByteToWideChar
SetFilePointer
WriteFile
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiA
DeleteFileA
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcess
DuplicateHandle
TerminateThread
CloseHandle
SetEvent
WaitForSingleObject
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcpyA
lstrcatA
Sleep
GetCurrentProcessId
GetTickCount
ResumeThread
FindClose
SetEndOfFile
FileTimeToLocalFileTime
UnlockFile
GetOEMCP
InterlockedExchange

user32

InsertMenuA
AppendMenuA
GetMenuStringA
RemoveMenu
DeleteMenu
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
DestroyIcon
GetDialogBaseUnits
ClientToScreen
UnregisterClassA
WaitMessage
MapDialogRect
SetWindowContextHelpId
SetCursor
ShowOwnedPopups
PostQuitMessage
CharUpperA
CharNextA
InflateRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
MsgWaitForMultipleObjects
OemToCharA
CharToOemA
GetMessageA
TranslateMessage
ValidateRect
LoadIconA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
CopyAcceleratorTableA
SetWindowPlacement
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetClassInfoA
GetDC
ReleaseDC
CopyRect
MonitorFromPoint
GetMonitorInfoA
GetWindowLongA
RegisterWindowMessageA
SetRect
MessageBoxA
SetWindowTextA
GetWindowTextA
EnumChildWindows
GetClassNameA
RedrawWindow
ShowWindow
IsZoomed
SetWindowPos
InvalidateRect
UpdateWindow
FindWindowExA
SetWindowsHookExA
GetFocus
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
CallWindowProcA
SetWindowLongA
KillTimer
SetTimer
GetClientRect
SetWindowRgn
PtInRect
GetActiveWindow
GetCursorPos
GetWindowRect
GetParent
LoadStringA
DestroyMenu
GetSysColorBrush
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
ScreenToClient
EnableWindow
SetParent
GetDesktopWindow
PostMessageA
PeekMessageA
wvsprintfA
wsprintfA
GetWindowThreadProcessId
IsWindow
SendMessageA
BeginPaint
EndPaint
TrackPopupMenu
GetWindowDC
EndDialog

gdi32

SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
CreatePen
SetTextJustification
CreateSolidBrush
CreateHatchBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
Escape
LPtoDP
CopyMetaFileA
CreateDCA
SetViewportExtEx
OffsetViewportOrgEx
ArcTo
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
DPtoLP
CreateFontIndirectA
ExtTextOutA
CreateRectRgnIndirect
CreateRectRgn
SetRectRgn
PatBlt
CreatePatternBrush
GetMapMode
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetCurrentPositionEx
SetMapperFlags
SetViewportOrgEx
SetTextCharacterExtra
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
EnumFontFamiliesA
FrameRgn
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
DeleteObject
ExtCreatePen
GetStockObject
RestoreDC
SaveDC
StartDocA
DeleteDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
GetBkColor
GetTextColor
ScaleViewportExtEx

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegGetKeySecurity
RegCreateKeyExA
ControlService
DeleteService
EnumServicesStatusA
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegSetKeySecurity
RegQueryInfoKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA

shell32

ExtractIconA
SHGetFileInfoA
DragAcceptFiles
ord680
SHGetDesktopFolder
SHGetSpecialFolderPathA

comctl32

ord17

oledlg

ord8

ole32

OleInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleRun
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
ReleaseStgMedium
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData

olepro32

ord253

oleaut32

SysStringByteLen
VariantChangeType
SysAllocStringByteLen
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SysAllocString
SysFreeString
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SysReAllocStringLen
SysStringLen
LoadTypeLi
VarCyFromStr
VarDateFromStr
VariantClear
SysAllocStringLen
VarBstrFromCy

urlmon

URLDownloadToCacheFileA

wsock32

inet_ntoa
sendto
connect
recvfrom
socket
WSACleanup
WSAStartup
WSASetLastError
WSAGetLastError
inet_addr
ntohs
getpeername
getsockname
accept
ioctlsocket
bind
htons
htonl
closesocket
gethostbyname
recv
WSAAsyncSelect
send

wininet

FtpPutFileA
FtpOpenFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetOpenUrlA
InternetQueryOptionA
InternetCanonicalizeUrlA
FindFirstUrlCacheEntryA
FtpGetFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetOpenA
InternetSetOptionA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
GopherOpenFileA
HttpEndRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpFindFirstFileA
InternetFindNextFileA
GopherFindFirstFileA
InternetGetLastResponseInfoA
GopherCreateLocatorA
GopherGetAttributeA
DeleteUrlCacheEntry
InternetErrorDlg

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

timeKillEvent
timeSetEvent

dbghelp

MakeSureDirectoryPathExists

cabinet

ord22
ord23
ord20

imm32

ImmNotifyIME
ImmReleaseContext
ImmGetContext

oleacc

AccessibleObjectFromWindow

shlwapi

SHDeleteKeyA

psapi

GetModuleFileNameExA

Exports

Exports

BeforeNavigate2
ConnectBrowser
DocumentComplete
HookIEAddressBar
NSIS_After_Patch
NSIS_After_Setup
NSIS_After_UnInstall
NSIS_IsPatchStartible
NSIS_IsSetupStartible
NSIS_URL32Encoding
NSIS_VersionCheck
NavigateComplete2
NewWindow2
NewWindow3
OnAddressBar
OnMenuBar
OnToolBar
Quit
SetBandWeb
SetupRegisterServer
SetupUnregisterServer
Test_Func

Sections

.text
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pkdb.dat
sqlite3.dll
.dll windows:4 windows x86 arch:x86

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/05/2011, 00:00

Not After

26/05/2012, 23:59

Subject

CN=agir,O=agir,L=Yeongcheon Si,ST=GYEONGSANGBUK-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 183KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ukdb.dat
uninst1.exe.nsis
winagrb141.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8f3a631612c80c4febda6e6adc55309a

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/05/2011, 00:00

Not After

26/05/2012, 23:59

Subject

CN=agir,O=agir,L=Yeongcheon Si,ST=GYEONGSANGBUK-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
WaitForSingleObject
CreateMutexA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetShortPathNameA
GetModuleHandleA
MultiByteToWideChar
lstrlenW
SizeofResource
LoadResource
CloseHandle
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetConsoleCtrlHandler
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcessId
lstrcatA
OutputDebugStringA
lstrlenA
lstrcmpiA
lstrcpyA
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
LoadLibraryA
GetLastError
FindResourceA
FreeLibrary
IsValidCodePage
IsValidLocale
GetCPInfo
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
GetCommandLineA
GetVersion
ExitProcess
FatalAppExitA
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
Sleep
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType

user32

wsprintfA
MessageBoxA
wvsprintfA
PostMessageA
CharNextA
CallWindowProcA
GetWindowLongA
SetWindowLongA
DefWindowProcA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegEnumValueA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
RegisterTypeLi
SysAllocString
LoadTypeLi
VarUI4FromStr
VariantClear
VariantCopy
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winagrs141.dll
.dll windows:4 windows x86 arch:x86

c994332f308b7a3d11e373bdc0f8011b

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/05/2011, 00:00

Not After

26/05/2012, 23:59

Subject

CN=agir,O=agir,L=Yeongcheon Si,ST=GYEONGSANGBUK-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sqlite3

sqlite3_free_table
sqlite3_reset
sqlite3_changes
sqlite3_bind_text
sqlite3_bind_int
sqlite3_bind_double
sqlite3_bind_blob
sqlite3_mprintf
sqlite3_open
sqlite3_close
sqlite3_exec
sqlite3_get_table
sqlite3_last_insert_rowid
sqlite3_busy_timeout
sqlite3_prepare
sqlite3_free
sqlite3_bind_null
sqlite3_step
sqlite3_finalize
sqlite3_errmsg
sqlite3_column_type
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_double
sqlite3_column_int
sqlite3_column_text
sqlite3_column_count
sqlite3_vmprintf

kernel32

GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetFileSize
GetFileTime
SystemTimeToFileTime
SetLastError
lstrlenW
LocalAlloc
FindNextFileA
GetCurrentThread
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetProcessVersion
GetCPInfo
LockFile
GlobalSize
CopyFileA
GetPrivateProfileIntA
GetCurrentDirectoryA
RtlUnwind
RaiseException
GetCommandLineA
CreateThread
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
SetStdHandle
GetFileType
FatalAppExitA
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
GetThreadLocale
MulDiv
lstrcmpA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
FindFirstFileA
FileTimeToSystemTime
FormatMessageA
LocalFree
SuspendThread
SetThreadPriority
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
lstrcpynA
FindResourceA
SizeofResource
LoadResource
LockResource
FreeResource
GetVersion
GetFileAttributesA
SetFileAttributesA
LoadLibraryA
FreeLibrary
CreateProcessA
GetExitCodeProcess
RemoveDirectoryA
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetFileAttributesExA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
GetShortPathNameA
MoveFileA
CreateDirectoryA
WideCharToMultiByte
WritePrivateProfileStringA
OpenProcess
GetModuleHandleA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
GetExitCodeThread
MultiByteToWideChar
SetFilePointer
WriteFile
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiA
DeleteFileA
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcess
DuplicateHandle
TerminateThread
CloseHandle
SetEvent
WaitForSingleObject
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcpyA
lstrcatA
Sleep
GetCurrentProcessId
GetTickCount
ResumeThread
FindClose
SetEndOfFile
FileTimeToLocalFileTime
UnlockFile
GetOEMCP
InterlockedExchange

user32

InsertMenuA
AppendMenuA
GetMenuStringA
RemoveMenu
DeleteMenu
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
DestroyIcon
GetDialogBaseUnits
ClientToScreen
UnregisterClassA
WaitMessage
MapDialogRect
SetWindowContextHelpId
SetCursor
ShowOwnedPopups
PostQuitMessage
CharUpperA
CharNextA
InflateRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
MsgWaitForMultipleObjects
OemToCharA
CharToOemA
GetMessageA
TranslateMessage
ValidateRect
LoadIconA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
CopyAcceleratorTableA
SetWindowPlacement
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetClassInfoA
GetDC
ReleaseDC
CopyRect
MonitorFromPoint
GetMonitorInfoA
GetWindowLongA
RegisterWindowMessageA
SetRect
MessageBoxA
SetWindowTextA
GetWindowTextA
EnumChildWindows
GetClassNameA
RedrawWindow
ShowWindow
IsZoomed
SetWindowPos
InvalidateRect
UpdateWindow
FindWindowExA
SetWindowsHookExA
GetFocus
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
CallWindowProcA
SetWindowLongA
KillTimer
SetTimer
GetClientRect
SetWindowRgn
PtInRect
GetActiveWindow
GetCursorPos
GetWindowRect
GetParent
LoadStringA
DestroyMenu
GetSysColorBrush
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
ScreenToClient
EnableWindow
SetParent
GetDesktopWindow
PostMessageA
PeekMessageA
wvsprintfA
wsprintfA
GetWindowThreadProcessId
IsWindow
SendMessageA
BeginPaint
EndPaint
TrackPopupMenu
GetWindowDC
EndDialog

gdi32

SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
CreatePen
SetTextJustification
CreateSolidBrush
CreateHatchBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
Escape
LPtoDP
CopyMetaFileA
CreateDCA
SetViewportExtEx
OffsetViewportOrgEx
ArcTo
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
DPtoLP
CreateFontIndirectA
ExtTextOutA
CreateRectRgnIndirect
CreateRectRgn
SetRectRgn
PatBlt
CreatePatternBrush
GetMapMode
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetCurrentPositionEx
SetMapperFlags
SetViewportOrgEx
SetTextCharacterExtra
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
EnumFontFamiliesA
FrameRgn
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
DeleteObject
ExtCreatePen
GetStockObject
RestoreDC
SaveDC
StartDocA
DeleteDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
GetBkColor
GetTextColor
ScaleViewportExtEx

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegGetKeySecurity
RegCreateKeyExA
ControlService
DeleteService
EnumServicesStatusA
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegSetKeySecurity
RegQueryInfoKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA

shell32

ExtractIconA
SHGetFileInfoA
DragAcceptFiles
ord680
SHGetDesktopFolder
SHGetSpecialFolderPathA

comctl32

ord17

oledlg

ord8

ole32

OleInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleRun
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
ReleaseStgMedium
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData

olepro32

ord253

oleaut32

SysStringByteLen
VariantChangeType
SysAllocStringByteLen
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SysAllocString
SysFreeString
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SysReAllocStringLen
SysStringLen
LoadTypeLi
VarCyFromStr
VarDateFromStr
VariantClear
SysAllocStringLen
VarBstrFromCy

urlmon

URLDownloadToCacheFileA

wsock32

inet_ntoa
sendto
connect
recvfrom
socket
WSACleanup
WSAStartup
WSASetLastError
WSAGetLastError
inet_addr
ntohs
getpeername
getsockname
accept
ioctlsocket
bind
htons
htonl
closesocket
gethostbyname
recv
WSAAsyncSelect
send

wininet

FtpPutFileA
FtpOpenFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetOpenUrlA
InternetQueryOptionA
InternetCanonicalizeUrlA
FindFirstUrlCacheEntryA
FtpGetFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetOpenA
InternetSetOptionA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
GopherOpenFileA
HttpEndRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpFindFirstFileA
InternetFindNextFileA
GopherFindFirstFileA
InternetGetLastResponseInfoA
GopherCreateLocatorA
GopherGetAttributeA
DeleteUrlCacheEntry
InternetErrorDlg

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

timeKillEvent
timeSetEvent

dbghelp

MakeSureDirectoryPathExists

cabinet

ord22
ord23
ord20

imm32

ImmNotifyIME
ImmReleaseContext
ImmGetContext

oleacc

AccessibleObjectFromWindow

shlwapi

SHDeleteKeyA

psapi

GetModuleFileNameExA

Exports

Exports

BeforeNavigate2
ConnectBrowser
DocumentComplete
HookIEAddressBar
NSIS_After_Patch
NSIS_After_Setup
NSIS_After_UnInstall
NSIS_IsPatchStartible
NSIS_IsSetupStartible
NSIS_URL32Encoding
NSIS_VersionCheck
NavigateComplete2
NewWindow2
NewWindow3
OnAddressBar
OnMenuBar
OnToolBar
Quit
SetBandWeb
SetupRegisterServer
SetupUnregisterServer
Test_Func

Sections

.text
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winagru.exe
.exe windows:4 windows x86 arch:x86

08c102ce74d5032f2e396a9ec66313bf

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/05/2011, 00:00

Not After

26/05/2012, 23:59

Subject

CN=agir,O=agir,L=Yeongcheon Si,ST=GYEONGSANGBUK-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetShortPathNameA
CreateProcessA
GetVersionExA
GetProcAddress
GetModuleHandleA
lstrcpynA
GetTempPathA
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointer
CreateDirectoryA
GetLocalTime
FreeLibrary
LoadLibraryA
TerminateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteFile
MoveFileA
CreateThread
GetLastError
FindFirstFileA
FindNextFileA
FindClose
lstrcatA
ResetEvent
ExpandEnvironmentStringsA
GetTickCount
Sleep
lstrcmpiA
lstrcpyA
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
GetFileAttributesExA
lstrlenA
SetStdHandle
SetConsoleCtrlHandler
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
RtlUnwind
GetTimeZoneInformation
GetSystemTime
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
WideCharToMultiByte
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
FlushFileBuffers

user32

wvsprintfA
wsprintfA

advapi32

OpenServiceA
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
CloseServiceHandle
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
RegSetValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
StartServiceA

shell32

SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetDesktopFolder

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetSetOptionA
HttpQueryInfoA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shlwapi

SHDeleteKeyA
SHDeleteValueA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:beCertificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 7KB - Virtual size: 6KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 534B

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 146B

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:beCertificate

Extended Key Usages

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 7KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 534B

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

UPX0
Size: - Virtual size: 248KB

UPX1
Size: 183KB - Virtual size: 184KB

UPX2
Size: 5KB - Virtual size: 8KB

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 480KB - Virtual size: 478KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 48KB - Virtual size: 77KB

.rsrc
Size: 48KB - Virtual size: 46KB

.reloc
Size: 40KB - Virtual size: 38KB

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate