bbba9b7a9bdc57b2561d7f4d890a4fc4

Sharing

Copy URL

Twitter E-mail

General

Target

bbba9b7a9bdc57b2561d7f4d890a4fc4
Size

2.2MB
MD5

bbba9b7a9bdc57b2561d7f4d890a4fc4
SHA1

8b18ae551645e89c7445552349e7ea678ebbf820
SHA256

002e07e65221219d7b09fbe335dbaaa4f2277b3873a049dadae6407def532486
SHA512

c9cd53dd33c7692bd703c25e74a239c6e31696cb84dc1f32bc19292c93b54341a8dfe4a2905603b7c9c275638a764ce9498332d3f0594500314ff1ec33e496f7
SSDEEP

49152:EejJrgN+AX32A1s2+zu5i2n+v6aU34S6H7tdaFXhYR0h:vNrisRu5O2ubbzR0h

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PubwinSafe-v56/Client_V5.0/PBSClient.exe
unpack001/PubwinSafe-v56/Server_V5.6/Getonlineip.dll
unpack001/PubwinSafe-v56/Server_V5.6/PBSServerV5.1.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/nsWeb.dll
unpack002/$SYSDIR/pthreadVC.dll
unpack001/PubwinSafe-v56/Server_V5.6/libeay32.dll
unpack001/PubwinSafe-v56/Server_V5.6/npptools.dll
unpack001/PubwinSafe-v56/Server_V5.6/ssleay32.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/PubwinSafe-v56/Server_V5.6/WinPcap_4_1_1.exe	nsis_installer_1
static1/unpack001/PubwinSafe-v56/Server_V5.6/WinPcap_4_1_1.exe	nsis_installer_2

Files

bbba9b7a9bdc57b2561d7f4d890a4fc4
.rar
PubwinSafe-v56/Client_V5.0/PBSClient.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PubwinSafe-v56/Client_V5.0/cfg.ini
PubwinSafe-v56/Server_V5.6/Getonlineip.dll
.dll windows:4 windows x86 arch:x86

5a3482e309887539efc47784f867da33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
Sleep
GetLastError
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetStdHandle
LCMapStringW
LCMapStringA
FlushFileBuffers
SetFilePointer
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
RtlUnwind
HeapAlloc
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
HeapReAlloc
HeapFree
VirtualFree
VirtualAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetConsoleCtrlHandler
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
SetEnvironmentVariableA

ws2_32

htons
inet_addr

wpcap

pcap_next_ex
pcap_close
pcap_findalldevs
pcap_sendpacket
pcap_open_live
pcap_freealldevs

packet

PacketRequest
PacketCloseAdapter
PacketOpenAdapter

Exports

Exports

GetIpAndMacList

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PubwinSafe-v56/Server_V5.6/PBSServerV5.1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PubwinSafe-v56/Server_V5.6/SOUND/0.wav
PubwinSafe-v56/Server_V5.6/SOUND/1.wav
PubwinSafe-v56/Server_V5.6/SOUND/2.wav
PubwinSafe-v56/Server_V5.6/SOUND/3.wav
PubwinSafe-v56/Server_V5.6/SOUND/4.wav
PubwinSafe-v56/Server_V5.6/SOUND/5.wav
PubwinSafe-v56/Server_V5.6/SOUND/6.wav
PubwinSafe-v56/Server_V5.6/SOUND/7.wav
PubwinSafe-v56/Server_V5.6/SOUND/8.wav
PubwinSafe-v56/Server_V5.6/SOUND/9.wav
PubwinSafe-v56/Server_V5.6/SOUND/A.wav
PubwinSafe-v56/Server_V5.6/SOUND/B.wav
PubwinSafe-v56/Server_V5.6/SOUND/C.wav
PubwinSafe-v56/Server_V5.6/SOUND/D.wav
PubwinSafe-v56/Server_V5.6/SOUND/E.wav
PubwinSafe-v56/Server_V5.6/SOUND/F.wav
PubwinSafe-v56/Server_V5.6/SOUND/G.wav
PubwinSafe-v56/Server_V5.6/SOUND/H.wav
PubwinSafe-v56/Server_V5.6/SOUND/I.wav
PubwinSafe-v56/Server_V5.6/SOUND/J.wav
PubwinSafe-v56/Server_V5.6/SOUND/K.wav
PubwinSafe-v56/Server_V5.6/SOUND/L.wav
PubwinSafe-v56/Server_V5.6/SOUND/M.wav
PubwinSafe-v56/Server_V5.6/SOUND/N.wav
PubwinSafe-v56/Server_V5.6/SOUND/O.wav
PubwinSafe-v56/Server_V5.6/SOUND/P.wav
PubwinSafe-v56/Server_V5.6/SOUND/Q.wav
PubwinSafe-v56/Server_V5.6/SOUND/R.wav
PubwinSafe-v56/Server_V5.6/SOUND/S.wav
PubwinSafe-v56/Server_V5.6/SOUND/T.wav
PubwinSafe-v56/Server_V5.6/SOUND/U.wav
PubwinSafe-v56/Server_V5.6/SOUND/V.wav
PubwinSafe-v56/Server_V5.6/SOUND/W.wav
PubwinSafe-v56/Server_V5.6/SOUND/X.wav
PubwinSafe-v56/Server_V5.6/SOUND/Y.wav
PubwinSafe-v56/Server_V5.6/SOUND/Z.wav
PubwinSafe-v56/Server_V5.6/SOUND/区.wav
PubwinSafe-v56/Server_V5.6/SOUND/十.wav
PubwinSafe-v56/Server_V5.6/SOUND/台客户机疑似非法使用.wav
PubwinSafe-v56/Server_V5.6/SOUND/号机疑似非法使用.wav
PubwinSafe-v56/Server_V5.6/SOUND/工作人员请注意.wav
PubwinSafe-v56/Server_V5.6/SOUND/百.wav
PubwinSafe-v56/Server_V5.6/WinPcap_4_1_1.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07-05-2008 00:00

Not After

07-05-2011 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:15:56:21:58:29:df:33:85:ee:07:25:fc:9d:97:88:f9:d4:4d:42
Signer

Actual PE Digest

30:15:56:21:58:29:df:33:85:ee:07:25:fc:9d:97:88:f9:d4:4d:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bootOptions.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Packet.dll
.dll windows:4 windows x86 arch:x86

088fedd367765cf098ba8150e3ad9014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07-05-2008 00:00

Not After

07-05-2011 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:25:d1:e9:09:f4:1b:dd:54:6b:4d:78:82:75:41:1c:4f:d1:3a:9d
Signer

Actual PE Digest

47:25:d1:e9:09:f4:1b:dd:54:6b:4d:78:82:75:41:1c:4f:d1:3a:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\releases\winpcap_4_1_0_1753\winpcap\packetNtx\Dll\Project\Release\x86\Packet.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

npptools

DestroyBlob
CreateBlob
CreateNPPInterface
GetNPPBlobTable
SetBoolInBlob

ws2_32

inet_addr

iphlpapi

GetAdaptersInfo

kernel32

GlobalFree
GlobalAlloc
GlobalHandle
ReleaseMutex
GlobalLock
WaitForSingleObject
GlobalUnlock
GetFullPathNameW
GetLastError
SetLastError
CreateFileA
GetProcAddress
CreateMutexW
CreateEventW
QueryPerformanceCounter
DeviceIoControl
SetEvent
QueryPerformanceFrequency
FlushFileBuffers
WriteFile
CloseHandle
GetVersion
WideCharToMultiByte
LoadLibraryW
ReadFile
GetModuleFileNameW
MultiByteToWideChar
DeleteCriticalSection
GetSystemTimeAsFileTime
OutputDebugStringA
InitializeCriticalSection
Sleep
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
ResetEvent
LoadLibraryA
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleW
HeapSize
GetConsoleOutputCP
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA

advapi32

CreateServiceA
ControlService
OpenSCManagerW
CloseServiceHandle
OpenServiceA
QueryServiceStatus
StartServiceW
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

ole32

CoInitialize
CoUninitialize
CoInitializeEx

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/pthreadVC.dll
.dll windows:4 windows x86 arch:x86

90ee61357770484e2d085958b94141a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

GetThreadPriority
Sleep
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
SetThreadPriority
GetProcessAffinityMask
CloseHandle
TlsSetValue
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
LoadLibraryA
GetCurrentThreadId
CreateEventA
InterlockedIncrement
DuplicateHandle
GetCurrentThread
GetCurrentProcess
FreeLibrary
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/wpcap.dll
.dll windows:4 windows x86 arch:x86

6a6ab6ea5f347cadbd2f3e8091a86bbb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07-05-2008 00:00

Not After

07-05-2011 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:8e:78:1b:6f:08:4c:4c:b2:da:c1:86:7c:64:d3:a0:1c:7c:e6:28
Signer

Actual PE Digest

34:8e:78:1b:6f:08:4c:4c:b2:da:c1:86:7c:64:d3:a0:1c:7c:e6:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\releases\winpcap_4_1_0_1753\winpcap\wpcap\PRJ\Release\x86\wpcap.pdb

Imports

ws2_32

WSACleanup
ntohl
gethostbyname
htons
gethostbyaddr
WSAGetLastError
htonl
getservbyname
inet_addr
getservbyport
inet_ntoa
WSASetLastError
getprotobyname
accept
closesocket
getpeername
getsockopt
setsockopt
getsockname
select
WSAStartup
shutdown
connect
listen
send
socket
bind
ntohs
recv

packet

PacketGetNetInfoEx
PacketGetAdapterNames
PacketSetMinToCopy
PacketSetLoopbackBehavior
PacketSetBuff
PacketSetHwFilter
PacketGetStats
PacketSendPacket
PacketSetReadTimeout
PacketReceivePacket
PacketSetMode
PacketOpenAdapter
PacketSetBpf
PacketAllocatePacket
PacketInitPacket
PacketCloseAdapter
PacketFreePacket
PacketGetNetType
PacketGetVersion
PacketSetDumpName
PacketSendPackets
PacketIsDumpEnded
PacketGetReadEvent
PacketSetDumpLimits
PacketGetAirPcapHandle
PacketGetStatsEx

kernel32

HeapFree
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapSize
SetFilePointer
CloseHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
WriteFile
GetLastError
GetSystemDirectoryA
FreeLibrary
GetProcAddress
EnterCriticalSection
LoadLibraryA
LeaveCriticalSection
GetVersion
FindNextFileA
FormatMessageA
FindFirstFileA
FindClose
Sleep
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
RtlUnwind
SetStdHandle
GetFileType
HeapReAlloc
GetModuleHandleA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
endservent
eproto_db
getservent
install_bpf_program
pcap_activate
pcap_breakloop
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_create
pcap_createsrcstr
pcap_datalink
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_open
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_hopen_offline
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_offline_read
pcap_open
pcap_open_dead
pcap_open_live
pcap_open_offline
pcap_parsesrcstr
pcap_perror
pcap_read
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_buffer_size
pcap_set_datalink
pcap_set_promisc
pcap_set_snaplen
pcap_set_timeout
pcap_setbuff
pcap_setdirection
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_strerror
wsockinit

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CACE_Banner.htm
.html
$TEMP/CACE_Logo.gif
.gif
$TEMP/NetSol.jpg
.jpg
WinPcapInstall.dll
.dll windows:4 windows x86 arch:x86

ad1fff2efc5a1aa2884d5c780a51aa99

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07-05-2008 00:00

Not After

07-05-2011 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:35:bc:bf:22:4f:c0:20:ef:08:60:cb:26:4b:6e:2d:fd:ac:88:71
Signer

Actual PE Digest

ad:35:bc:bf:22:4f:c0:20:ef:08:60:cb:26:4b:6e:2d:fd:ac:88:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\releases\winpcap_4_1_0_1753\winpcap\install\WinPcap Installer Helper\Release\x86\WinPcapInstall.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
GetCurrentProcess
LoadLibraryExA
GetLastError
Sleep
FormatMessageA
FreeLibrary
GetModuleHandleA
LocalFree
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

advapi32

OpenSCManagerA
ChangeServiceConfigA
StartServiceA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
ControlService

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

manage_netmon
manage_npf_driver
manage_rpcapd_service

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rpcapd.exe
.exe windows:4 windows x86 arch:x86

2b9e73ff502840fe6b381682c42d43cf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07-05-2008 00:00

Not After

07-05-2011 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:1a:95:c3:67:00:ba:76:69:aa:bd:45:ba:b6:f0:02:fd:cc:e3:1b
Signer

Actual PE Digest

4c:1a:95:c3:67:00:ba:76:69:aa:bd:45:ba:b6:f0:02:fd:cc:e3:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\releases\winpcap_4_1_0_1753\winpcap\wpcap\libpcap\rpcapd\Release\x86\rpcapd.pdb

Imports

wpcap

install_bpf_program
pcap_compile
pcap_open_offline
pcap_create
pcap_open_live
bpf_validate
pcap_findalldevs
pcap_strerror
pcap_freealldevs
pcap_geterr
pcap_close
pcap_setfilter
pcap_stats
pcap_next_ex

ws2_32

gethostbyaddr
closesocket
WSASetLastError
getsockname
htonl
inet_addr
getservbyname
ntohl
inet_ntoa
ntohs
accept
htons
connect
WSAStartup
shutdown
WSACleanup
recv
bind
socket
send
listen
getservbyport
select
gethostbyname
getpeername
WSAGetLastError

pthreadvc

pthread_attr_init
pthread_attr_setdetachstate
pthread_exit
pthread_cancel
pthread_attr_destroy
pthread_setcancelstate
pthread_setcanceltype
pthread_create

packet

PacketSetMinToCopy
PacketSetLoopbackBehavior

kernel32

GetConsoleOutputCP
WriteConsoleA
HeapSize
FlushFileBuffers
SetStdHandle
CreateFileA
ReadFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
WriteConsoleW
RtlUnwind
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThreadId
SetLastError
TlsFree
GetSystemDirectoryA
FormatMessageA
GetLastError
FreeLibrary
GetProcAddress
CloseHandle
Sleep
LoadLibraryA
TlsSetValue
TlsAlloc
SetEndOfFile
SetConsoleCtrlHandler
HeapFree
HeapAlloc
GetModuleHandleA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue

user32

MessageBoxA

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
LogonUserA
ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PubwinSafe-v56/Server_V5.6/libeay32.dll
.dll windows:4 windows x86 arch:x86

75e4a91d721ddc0f2a64314ac46cea9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

listen
WSACleanup
getservbyname
ntohs
WSACancelBlockingCall
htonl
closesocket
inet_ntoa
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
WSAStartup
htons
gethostbyname
bind
getsockopt
ntohl
accept

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDCA

advapi32

RegQueryValueExA

msvcrt

__mb_cur_max
strcmp
getenv
_stat
_fileno
_chmod
realloc
free
malloc
time
sprintf
localtime
_errno
fclose
fprintf
strchr
fflush
fputs
signal
_iob
fopen
_setjmp3
longjmp
_pctype
_adjust_fdiv
_isctype
strstr
fread
fwrite
_setmode
ftell
fseek
fgets
_ftol
_assert
atoi
strncpy
strncmp
bsearch
qsort
_close
_getch
_except_handler3
strerror
memmove
gmtime
strtoul
tolower
sscanf
_initterm
_write
_lseek
_read

kernel32

GetStdHandle
FreeLibrary
LoadLibraryA
GetProcAddress
GetCurrentThread
GetCurrentThreadId
DisableThreadLibraryCalls
GetLastError
SetLastError
CloseHandle
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
GetTickCount
QueryPerformanceCounter
GetThreadTimes
FlushConsoleInputBuffer

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_new
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_new
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_new
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_type
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_new
ASN1_TIME_free
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_new
ASN1_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2str
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIO_accept
BIO_callback_ctrl
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dump
BIO_dump_indent
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_ghbn_ctrl
BIO_int_ctrl
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_cipher
BIO_set_ex_data
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_free
BN_BLINDING_invert
BN_BLINDING_new
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_fasttest
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_new
BUF_strdup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get_number
CONF_get_section
CONF_get_string
CONF_load
CONF_load_bio
CONF_load_fp
CONF_set_default_method
CRL_DIST_POINTS_free
CRL_DIST_POINTS_new
CRYPTO_add_lock
CRYPTO_dbg_free
CRYPTO_dbg_get_options
CRYPTO_dbg_malloc
CRYPTO_dbg_realloc
CRYPTO_dbg_set_options
CRYPTO_destroy_dynlockid
CRYPTO_dup_ex_data
CRYPTO_free
CRYPTO_free_ex_data
CRYPTO_free_locked
CRYPTO_get_add_lock_callback
CRYPTO_get_dynlock_create_callback
CRYPTO_get_dynlock_destroy_callback
CRYPTO_get_dynlock_lock_callback
CRYPTO_get_dynlock_value
CRYPTO_get_ex_data
CRYPTO_get_ex_new_index
CRYPTO_get_id_callback
CRYPTO_get_lock_name
CRYPTO_get_locked_mem_functions
CRYPTO_get_locking_callback
CRYPTO_get_mem_debug_functions
CRYPTO_get_mem_debug_options
CRYPTO_get_mem_functions
CRYPTO_get_new_dynlockid
CRYPTO_get_new_lockid
CRYPTO_is_mem_check_on
CRYPTO_lock
CRYPTO_malloc
CRYPTO_malloc_locked
CRYPTO_mem_ctrl
CRYPTO_mem_leaks
CRYPTO_mem_leaks_cb
CRYPTO_mem_leaks_fp
CRYPTO_new_ex_data
CRYPTO_num_locks
CRYPTO_pop_info
CRYPTO_push_info_
CRYPTO_realloc
CRYPTO_remalloc
CRYPTO_remove_all_info
CRYPTO_set_add_lock_callback
CRYPTO_set_dynlock_create_callback
CRYPTO_set_dynlock_destroy_callback
CRYPTO_set_dynlock_lock_callback
CRYPTO_set_ex_data
CRYPTO_set_id_callback
CRYPTO_set_locked_mem_functions
CRYPTO_set_locking_callback
CRYPTO_set_mem_debug_functions
CRYPTO_set_mem_debug_options
CRYPTO_set_mem_functions
CRYPTO_thread_id
DH_OpenSSL
DH_check
DH_compute_key
DH_free
DH_generate_key
DH_generate_parameters
DH_get_default_method
DH_get_ex_data
DH_get_ex_new_index
DH_new
DH_new_method
DH_set_default_method
DH_set_ex_data
DH_set_method
DH_size
DHparams_print
DHparams_print_fp
DIRECTORYSTRING_free
DIRECTORYSTRING_new
DISPLAYTEXT_free
DISPLAYTEXT_new
DIST_POINT_NAME_free
DIST_POINT_NAME_new
DIST_POINT_free
DIST_POINT_new
DSA_OpenSSL
DSA_SIG_free
DSA_SIG_new
DSA_do_sign
DSA_do_verify
DSA_dup_DH
DSA_free
DSA_generate_key
DSA_generate_parameters
DSA_get_default_method
DSA_get_ex_data
DSA_get_ex_new_index
DSA_new
DSA_new_method
DSA_print
DSA_print_fp
DSA_set_default_method
DSA_set_ex_data
DSA_set_method
DSA_sign
DSA_sign_setup
DSA_size
DSA_verify
DSAparams_print
DSAparams_print_fp
DSO_METHOD_dl
DSO_METHOD_dlfcn
DSO_METHOD_null
DSO_METHOD_openssl
DSO_METHOD_vms
DSO_METHOD_win32
DSO_bind_func
DSO_bind_var
DSO_ctrl
DSO_flags
DSO_free
DSO_get_default_method
DSO_get_method
DSO_load
DSO_new
DSO_new_method
DSO_set_default_method
DSO_set_method
DSO_up
ERR_add_error_data
ERR_clear_error
ERR_error_string
ERR_error_string_n
ERR_free_strings
ERR_func_error_string
ERR_get_err_state_table
ERR_get_error
ERR_get_error_line
ERR_get_error_line_data
ERR_get_next_error_library
ERR_get_state
ERR_get_string_table
ERR_lib_error_string
ERR_load_ASN1_strings
ERR_load_BIO_strings
ERR_load_BN_strings
ERR_load_BUF_strings
ERR_load_CONF_strings
ERR_load_CRYPTO_strings
ERR_load_DH_strings
ERR_load_DSA_strings
ERR_load_DSO_strings
ERR_load_ERR_strings
ERR_load_EVP_strings
ERR_load_OBJ_strings
ERR_load_PEM_strings
ERR_load_PKCS12_strings
ERR_load_PKCS7_strings
ERR_load_RAND_strings
ERR_load_RSA_strings
ERR_load_X509V3_strings
ERR_load_X509_strings
ERR_load_crypto_strings
ERR_load_strings
ERR_peek_error
ERR_peek_error_line
ERR_peek_error_line_data
ERR_print_errors
ERR_print_errors_fp
ERR_put_error

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PubwinSafe-v56/Server_V5.6/npptools.dll
.dll windows:5 windows x86 arch:x86

d300859e248f72e73ce021a6bab230be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

mfc42u

ord825
ord823

msvcrt

wcslen
wcscmp
wcscpy
_adjust_fdiv
_except_handler3
_stricmp
sprintf
sscanf
strpbrk
_ltoa
_strnicmp
strncpy
_onexit
__dllonexit
__CxxFrameHandler
_initterm
malloc
strrchr
wcschr
wcscat
setlocale
strncmp
memmove
free
_EH_prolog

kernel32

GetLastError
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingW
OpenFile
GetProcAddress
LoadLibraryA
HeapReAlloc
GlobalSize
MultiByteToWideChar
CreateFileA
WriteFile
GetSystemDirectoryA
GetWindowsDirectoryW
LoadLibraryW
GetSystemDirectoryW
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
GetCurrentProcess
ReleaseMutex
CloseHandle
GetProcessHeap
HeapAlloc
CreateMutexW
GetCurrentProcessId
HeapFree
lstrlenA
FreeLibrary
WaitForSingleObject

user32

LoadStringW
SendMessageW
wsprintfW
wsprintfA
EndDialog
LoadStringA
GetWindowRect
SetWindowLongW
DialogBoxParamW
GetFocus
GetDlgItem
GetWindowLongW
UpdateWindow

advapi32

RegSetValueExA
LookupAccountNameW
OpenProcessToken
GetTokenInformation
MakeSelfRelativeSD
RegCreateKeyExW
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
MakeAbsoluteSD
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
EqualSid
DeleteAce
AddAccessAllowedAce
GetLengthSid
InitializeAcl
AddAccessDeniedAce
GetAclInformation
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
AddAce
GetAce

oleaut32

SystemTimeToVariantTime
VariantInit
VariantClear
SysFreeString
SysAllocString

ole32

CoCreateInstance

Exports

Exports

ChangeAppIDAccessACL
ChangeAppIDLaunchACL
ClearEventData
CreateBlob
CreateNPPInterface
DestroyBlob
DestroyNPPBlobTable
DuplicateBlob
FilterNPPBlob
FindOneOf
FindUnknownBlobCategories
FindUnknownBlobTags
GetBoolFromBlob
GetClassIDFromBlob
GetDwordFromBlob
GetMacAddressFromBlob
GetNPPAddressFilterFromBlob
GetNPPBlobFromUI
GetNPPBlobTable
GetNPPEtypeSapFilter
GetNPPMacTypeAsNumber
GetNPPPatternFilterFromBlob
GetNPPTriggerFromBlob
GetNetworkInfoFromBlob
GetStringFromBlob
GetStringsFromBlob
IsRemoteNPP
LockBlob
MarshalBlob
MergeBlob
RaiseNMEvent
ReadBlobFromFile
RegCreateBlobKey
RegOpenBlobKey
ReleaseEventSystem
RemoveFromBlob
SelectNPPBlobFromTable
SendEvent
SetBoolInBlob
SetClassIDInBlob
SetDwordInBlob
SetMacAddressInBlob
SetNPPAddressFilterInBlob
SetNPPEtypeSapFilter
SetNPPPatternFilterInBlob
SetNPPTriggerInBlob
SetNetworkInfoInBlob
SetStringInBlob
SubkeyExists
UnMarshalBlob
UnlockBlob
WriteBlobToFile
WriteCrackedBlobToFile
recursiveDeleteKey
setKeyAndValue

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FINDSHAR
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PubwinSafe-v56/Server_V5.6/setup.ini
PubwinSafe-v56/Server_V5.6/ssleay32.dll
.dll windows:4 windows x86 arch:x86

dc1050b3eab0796d996cc04188855a74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libeay32

ord169
ord52
ord2206
ord857
ord901
ord904
ord1653
ord1654
ord252
ord222
ord2201
ord490
ord905
ord176
ord641
ord281
ord290
ord654
ord181
ord188
ord269
ord268
ord910
ord2411
ord754
ord911
ord493
ord464
ord289
ord354
ord187
ord340
ord342
ord341
ord265
ord275
ord961
ord267
ord89
ord109
ord202
ord313
ord495
ord120
ord151
ord203
ord128
ord31
ord830
ord727
ord285
ord866
ord123
ord201
ord118
ord219
ord498
ord635
ord912
ord909
ord206
ord497
ord282
ord87
ord205
ord486
ord484
ord763
ord577
ord907
ord572
ord216
ord481
ord258
ord1096
ord1097
ord502
ord504
ord503
ord1202
ord1144
ord1081
ord2292
ord1145
ord622
ord627
ord657
ord653
ord623
ord286
ord168
ord85
ord968
ord965
ord964
ord963
ord256
ord167
ord1990
ord2021
ord67
ord66
ord1004
ord65
ord53
ord78
ord98
ord636
ord914
ord316
ord629
ord892
ord626
ord890
ord74
ord248
ord1655
ord575
ord903
ord1025
ord58
ord630
ord628
ord1041
ord1007
ord1005
ord1018
ord246
ord1100
ord679
ord1976
ord1023
ord401
ord93
ord897
ord887
ord891
ord889
ord314
ord315
ord774
ord279
ord283
ord956
ord280
ord400
ord751
ord750
ord399
ord748
ord227
ord37
ord35
ord824
ord822
ord8
ord1091
ord702
ord27
ord32
ord718
ord7
ord716
ord703
ord680
ord86
ord88
ord333
ord1101
ord323
ord293
ord322
ord325
ord329
ord318
ord304
ord292
ord299
ord955
ord2252
ord91
ord247
ord364
ord652
ord1027

msvcrt

free
_initterm
malloc
_adjust_fdiv
strncmp
memmove
qsort
time

kernel32

DisableThreadLibraryCalls
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
ERR_load_SSL_strings
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_get_version_indy
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sessions
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_info_callback_indy
SSL_CTX_set_options_indy
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_SESSION_cmp
SSL_SESSION_free
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id_ctx_indy
SSL_SESSION_get_id_indy
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_hash
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_accept
SSL_add_client_CA
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_free
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_app_data_indy
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_rstate_string
SSL_rstate_string_long
SSL_set_accept_state
SSL_set_app_data_indy
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_ex_data
SSL_set_fd
SSL_set_info_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_shutdown
SSL_set_ssl_method
SSL_set_tmp_dh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
X509_STORE_CTX_get_app_data_indy
X509_get_notAfter_indy
X509_get_notBefore_indy
d2i_SSL_SESSION
i2d_SSL_SESSION

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PubwinSafe-v56/安装说明.txt
PubwinSafe-v56/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 350KB - Virtual size: 350KB

DATA Size: 6KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 27KB - Virtual size: 26KB

.rsrc Size: 523KB - Virtual size: 523KB

5a3482e309887539efc47784f867da33

Headers

File Characteristics

Imports

kernel32

ws2_32

wpcap

packet

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 37KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 6KB

Headers

File Characteristics

Sections

CODE Size: 666KB - Virtual size: 666KB

DATA Size: 10KB - Virtual size: 10KB

BSS Size: - Virtual size: 12KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 53KB - Virtual size: 53KB

.rsrc Size: 118KB - Virtual size: 118KB

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6aCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

30:15:56:21:58:29:df:33:85:ee:07:25:fc:9d:97:88:f9:d4:4d:42Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 17KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

CODE
Size: 350KB - Virtual size: 350KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 523KB - Virtual size: 523KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 37KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 6KB

CODE
Size: 666KB - Virtual size: 666KB

DATA
Size: 10KB - Virtual size: 10KB

BSS
Size: - Virtual size: 12KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 53KB - Virtual size: 53KB

.rsrc
Size: 118KB - Virtual size: 118KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

30:15:56:21:58:29:df:33:85:ee:07:25:fc:9d:97:88:f9:d4:4d:42
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

47:25:d1:e9:09:f4:1b:dd:54:6b:4d:78:82:75:41:1c:4f:d1:3a:9d
Signer

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB