c19126778774caa78f7b7d54649ee692

Sharing

Copy URL Twitter E-mail

General

Target

c19126778774caa78f7b7d54649ee692
Size

29.8MB
MD5

c19126778774caa78f7b7d54649ee692
SHA1

28f9bdada931a3c9a8625b5e0dca96c04964100f
SHA256

3519d32ec0ad5f6ad5f3194194377f3071f58a40cc14370b6e9984f7c9f1a56d
SHA512

cc3c43d76d00eaa3fd25af5d8917f40db50f1a3bfae8899fa752b97025bd42409049f16a66765d70dbfb8be72e7ee7eba311b3fe97abdcef4263a9e7f34de285
SSDEEP

786432:JBHwzZVd9NUlPToSRZReaX0Wg9R0TWkeKDtoZPUHZhSFYj3H:JwVDNUPTN3Rec5Qy6fKX

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sdm-v25-rozbalene/libiconv-2.dll
unpack001/sdm-v25-rozbalene/libintl-2.dll
unpack001/sdm-v25-rozbalene/sdmlauncher.exe
unpack009/sdesktop/install/binaries/InfoExtr.exe
unpack009/sdesktop/install/binaries/Logging.exe
unpack009/sdesktop/install/binaries/instfull.exe
unpack001/sdm-v25-rozbalene/setup.exe
unpack001/sdm-v25-rozbalene/tar.exe

Files

c19126778774caa78f7b7d54649ee692
.zip
jre-1_5_0_17-windows-i586-p.exe
.exe windows:4 windows x86 arch:x86

c6059ebe18aedd5a82a7e59cff62c545

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/06/2006, 00:00

Not After

15/07/2009, 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sun Microsystems,O=Sun Microsystems\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
FormatMessageA
GetLastError
LocalFree
CloseHandle
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
DeleteFileA
GetVersionExA
GetWindowsDirectoryA
GetEnvironmentVariableA
FreeLibrary
lstrcpyA
ExitProcess
GetTempPathA
GetCommandLineA
lstrcpynA
lstrcmpiA
GetTickCount
GetCurrentProcessId
GetSystemInfo
SetFilePointer
lstrlenA
lstrcmpA
lstrcatA
GetStartupInfoA
GetProcAddress
GetShortPathNameA
GetUserDefaultLangID
CreateDirectoryA
LoadLibraryA
GetThreadLocale
GetModuleHandleA

user32

GetDesktopWindow
MessageBoxA
wsprintfA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegEnumKeyA

version

VerQueryValueA
GetFileVersionInfoA

wininet

HttpOpenRequestA
InternetOpenA
InternetReadFile
InternetConnectA
InternetCrackUrlA
InternetErrorDlg
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle

msvcrt

_strcmpi
_stricmp
_controlfp
_strdup
asctime
_local_unwind2
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memcpy
localtime
strcpy
memset
_except_handler3
strlen
strstr
strcmp
strncat
strncmp
atoi
__p___argv
__p___argc
strncpy
malloc
free
isspace
iswspace
__CxxFrameHandler
_EH_prolog
time
strcat
sscanf
sprintf

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdm-v25-rozbalene/128mb.sdf
.xml
sdm-v25-rozbalene/256mb.sdf
.xml
sdm-v25-rozbalene/attack-drop.sdf
.xml
sdm-v25-rozbalene/common.tar
.tar .js polyglot
common/Cisco_logo.gif
.gif
common/appsupport.js
.js
common/blank.gif
.gif
common/blank.html
common/cisco-logo-clear.gif
.gif
common/com/cisco/nm/util/sgz/Loader.class
common/common.js
.js
common/common.sgz
common/error.html
.html .js polyglot
common/home_ui.html
.js
common/ieloader.cab
.cab
com/cisco/nm/util/sgz/CachingInputStream.class
com/cisco/nm/util/sgz/DeflatedJarEntry.class
com/cisco/nm/util/sgz/Env.class
com/cisco/nm/util/sgz/EnvIf.class
com/cisco/nm/util/sgz/Httpd$1.class
com/cisco/nm/util/sgz/Httpd.class
com/cisco/nm/util/sgz/IEClassLoader.class
com/cisco/nm/util/sgz/JarEntry.class
com/cisco/nm/util/sgz/Loader.class
com/cisco/nm/util/sgz/LoaderThread.class
com/cisco/nm/util/sgz/SgzApplet.class
com/cisco/nm/util/sgz/SgzReader$1.class
com/cisco/nm/util/sgz/SgzReader.class
com/cisco/nm/util/sgz/StoredJarEntry.class
com/cisco/nm/util/sgz/Verifier.class
com/cisco/nm/util/sgz/publickey.t
com/cisco/nm/util/sgz/security/Any_RSA_PKCS1Signature.class
com/cisco/nm/util/sgz/security/ArrayUtil.class
com/cisco/nm/util/sgz/security/BI.class
com/cisco/nm/util/sgz/security/BaseRSAPublicKey.class
com/cisco/nm/util/sgz/security/BlockMessageDigest.class
com/cisco/nm/util/sgz/security/CryptixRSAPublicKey.class
com/cisco/nm/util/sgz/security/Hex.class
com/cisco/nm/util/sgz/security/MD5.class
com/cisco/nm/util/sgz/security/RIPEMD160.class
com/cisco/nm/util/sgz/security/RIPEMD160_RSA_PKCS1Signature.class
com/cisco/nm/util/sgz/security/RSAAlgorithm.class
com/cisco/nm/util/sgz/security/RSAFactors.class
com/cisco/nm/util/sgz/security/RSAKey.class
com/cisco/nm/util/sgz/security/RawRSAPublicKey.class
com/cisco/nm/util/sgz/security/Signature.class
org/apache/tools/bzip2/BZip2Constants.class
org/apache/tools/bzip2/CBZip2InputStream.class
org/apache/tools/bzip2/CRC.class
common/jploader.jar
.jar
common/launchTask.html
.js
common/launcher.html
.js
common/localized_msgs1.js
.js
common/localized_msgs3.js
.js
common/localized_msgs6.js
.js
common/localized_msgs_popup.js
.js
common/moreinfo.html
common/myhome_ui.html
.js
common/runAPP.shtml
.js
common/spacer.gif
.gif
common/version.txt
sdm-v25-rozbalene/dg_sdm.tar
.tar .js polyglot
miscvpn/vpnguide/Main_VPN_Guide.html
.html .js polyglot
miscvpn/vpnguide/VPN_Guid_bkgd.jpg
.jpg
miscvpn/vpnguide/VPN_Guide.html
.html .js polyglot
miscvpn/vpnguide/VPNequipment4aT.gif
.gif
miscvpn/vpnguide/VPNequipment4bT.gif
.gif
miscvpn/vpnguide/VPNwizard32.gif
.gif
miscvpn/vpnguide/blank.html
.html
miscvpn/vpnguide/links/DMVPN_HubandSpoke_DMVPNHub_WorkSheet.htm
.html
miscvpn/vpnguide/links/DMVPN_HubandSpoke_Instructions.htm
.html
miscvpn/vpnguide/links/Easy_VPN_Instructions.htm
.html
miscvpn/vpnguide/links/Easy_VPN_WorkSheet.htm
.html
miscvpn/vpnguide/links/FullyMeshed_DMVPN_Hub_WorkSheet.htm
.html
miscvpn/vpnguide/links/FullyMeshed_DMVPN_Spoke_WorkSheet.htm
.html
miscvpn/vpnguide/links/Fully_Meshed_DMVPNSpoke_WorkSheet.htm
.html
miscvpn/vpnguide/links/Fully_Meshed_Server_Instructions.htm
.html
miscvpn/vpnguide/links/GRE_over_IPSec_Instructions.htm
.html
miscvpn/vpnguide/links/GRE_over_IPSec_WorkSheet.htm
.html
miscvpn/vpnguide/links/Site_to_SiteVPN_Instructions.html
.html
miscvpn/vpnguide/links/Site_to_SiteVPN_WorkSheet.html
.html
miscvpn/vpnguide/links/WebVPN_WorkSheet.htm
.html
miscvpn/vpnguide/nonIPtraffic3t.gif
.gif
miscvpn/vpnguide/resources.js
.js
sdm-v25-rozbalene/es.tar
.tar
es/es.sgz
es/es_splash.jpg
.jpg
es/loading.gif
.gif
es/version.txt
sdm-v25-rozbalene/extract.bat
sdm-v25-rozbalene/help.htm
.html
sdm-v25-rozbalene/home.shtml
.js
sdm-v25-rozbalene/home.tar
.tar .js polyglot
html/MW1.html
html/MW2.html
.js
html/Pkg1_Signed.cab
.cab
MiniWebSvr$1.class
MiniWebSvr$Httpd.class
MiniWebSvr.class
netscape/javascript/JSException.class
netscape/javascript/JSObject.class
netscape/javascript/JSProxy.class
netscape/javascript/adapters/JSTargetAdapter.class
netscape/javascript/adapters/PropertyChangeAdapter.class
html/Pkg1_Signed.jar
.jar
html/appsui.js
.js
html/blank.html
html/common.js
.js
html/error.html
.html .js polyglot
html/home_aux.shtml
.js
html/home_engine.shtml
.js
html/home_ui.shtml
.js
html/images/Cisco_logo.gif
.gif
html/images/Cisco_logo_2.gif
.gif
html/images/logo.gif
.gif
html/images/spacer.gif
.gif
html/images/warning.gif
.gif
html/launchIPS.shtml
html/localized_msgs1.js
.js
html/localized_msgs2.js
.js
html/localized_msgs3.js
.js
html/localized_msgs4.js
.js
html/localized_msgs5.js
.js
html/localized_msgs_popup.js
.js
html/moreinfo.html
html/mws.shtml
.js
html/myhome_ui.html
.js
sdm-v25-rozbalene/libiconv-2.dll
.dll windows:4 windows x86 arch:x86

d040ed8826779de816a60fe2d876ac73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CreateMutexA
FindAtomA
GetACP
GetAtomNameA
InterlockedIncrement
ReleaseMutex
Sleep
WaitForSingleObject

msvcrt

__dllonexit
_errno
abort
fflush
free
malloc
memset
qsort
sprintf
strcmp
strlen
strtoul

Exports

Exports

libiconv_close
aliases2_lookup
aliases_lookup
libiconv
_libiconv_version
libiconv_open
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 848KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 160B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 272B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sdm-v25-rozbalene/libintl-2.dll
.dll windows:4 windows x86 arch:x86

f6d52eeb6c18a9dc5d054a1ae29c095f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libiconv-2

libiconv
libiconv_close
libiconv_open

kernel32

AddAtomA
CreateMutexA
FindAtomA
GetACP
GetAtomNameA
GetFullPathNameA
GetShortPathNameA
GetThreadLocale
InterlockedIncrement
ReleaseMutex
Sleep
WaitForSingleObject

msvcrt

_access
_close
_fstat
_getcwd
_open
_read
_strdup
__dllonexit
__mb_cur_max
__p__pgmptr
_errno
_isctype
_pctype
_putenv
_stricmp
abort
calloc
fclose
feof
fflush
fgets
fopen
free
getenv
malloc
memcpy
memset
qsort
realloc
sprintf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strrchr
strstr
strtoul
tolower

Exports

Exports

_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_language
_nl_find_msg
_nl_free_domain_conv
_nl_init_domain_conv
_nl_load_domain
_nl_locale_name
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
gettext_putenv
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_textdomain
locale_charset
ngettext
textdomain

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 384B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sdm-v25-rozbalene/sdm-updates.xml
.xml
sdm-v25-rozbalene/sdm.tar
.tar .js polyglot
sdm/goSDM.shtml
.js
sdm/loading.gif
.gif
sdm/rsdm_splash.jpg
.jpg
sdm/sdm.sgz
sdm/version.txt
sdm-v25-rozbalene/sdmconfig-1701.cfg
sdm-v25-rozbalene/sdmconfig-1710.cfg
sdm-v25-rozbalene/sdmconfig-1711-1712.cfg
sdm-v25-rozbalene/sdmconfig-1721.cfg
sdm-v25-rozbalene/sdmconfig-1751-1760.cfg
sdm-v25-rozbalene/sdmconfig-180x.cfg
sdm-v25-rozbalene/sdmconfig-1811-1812.cfg
sdm-v25-rozbalene/sdmconfig-18xx.cfg
sdm-v25-rozbalene/sdmconfig-26xx.cfg
sdm-v25-rozbalene/sdmconfig-2801.cfg
sdm-v25-rozbalene/sdmconfig-2811.cfg
sdm-v25-rozbalene/sdmconfig-28xx.cfg
sdm-v25-rozbalene/sdmconfig-36xx-37xx.cfg
sdm-v25-rozbalene/sdmconfig-38xx.cfg
sdm-v25-rozbalene/sdmconfig-83x.cfg
sdm-v25-rozbalene/sdmconfig-8xx.cfg
sdm-v25-rozbalene/sdmconfig-sb10x.cfg
sdm-v25-rozbalene/sdmlauncher.exe
.exe windows:4 windows x86 arch:x86

910fbb62bd060feb681ae0d7b6de89b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
HeapFree
GetStartupInfoA
TerminateProcess
RaiseException
SetStdHandle
HeapAlloc
RtlUnwind
ExitProcess
GetACP
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
HeapSize
GetTickCount
HeapReAlloc
GetTimeZoneInformation
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SizeofResource
GetEnvironmentStrings
GetProcessVersion
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetVolumeInformationA
GetFullPathNameA
FindFirstFileA
FindClose
UnlockFile
SetEndOfFile
SetFilePointer
LockFile
FlushFileBuffers
CreateFileA
WriteFile
ReadFile
GetOEMCP
GetCurrentProcess
DuplicateHandle
GetEnvironmentStringsW
SetHandleCount
GetCPInfo
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateProcessA
GetThreadLocale
LCMapStringA
GetLastError
GetProfileStringA
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FormatMessageA
LocalFree
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
LCMapStringW
SetUnhandledExceptionFilter
GetStdHandle
HeapDestroy
CompareStringA
Sleep

user32

CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
CharUpperA
InvalidateRect
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetClassNameA
GetDesktopWindow
LoadCursorA
SetTimer
KillTimer
WaitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
LoadStringA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
GetSysColorBrush
CharNextA
CopyRect
GetTopWindow
IsChild
GetCapture
wsprintfA
GetClassInfoA
PtInRect
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ScreenToClient
RegisterClassA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
WinHelpA
DestroyMenu
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode

gdi32

DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetMapMode
SetViewportOrgEx
SetBkMode
GetStockObject
SelectObject
SaveDC
RestoreDC
GetObjectA
SetBkColor
DeleteDC
GetClipBox
SetTextColor
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

comctl32

ord17

oledlg

ord8

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

wsock32

WSAGetLastError
closesocket
connect
sendto
recvfrom
socket
inet_ntoa
WSAAsyncSelect
send
recv
gethostbyname
WSACleanup
htonl
htons
bind
ioctlsocket
accept
WSASetLastError
WSAStartup

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdm-v25-rozbalene/securedesktop-ios-3.1.1.45-k9.pkg
.zip
sdesktop/data.xml
.xml
sdesktop/globals.js
.js
sdesktop/install/binaries/InfoExtr.exe
.exe windows:4 windows x86 arch:x86

f62f493925dfcdb70f7825e6d8bb9d5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertFindCertificateInStore
CertGetNameStringA
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CryptQueryObject
CryptMsgGetAndVerifySigner
CryptMsgVerifyCountersignatureEncoded
CryptMsgClose
CryptMsgGetParam

commonmfc

?GetInstance@EventLogger@@SAPBV1@XZ
?AddEvent@EventLogger@@QBAXGPBDZZ
??1CFileVersion@@QAE@XZ
??0CFileVersion@@QAE@XZ
ord9
ord29
?Open@CFileVersion@@QAEHPBD@Z
?QueryValue@CFileVersion@@QAE?AVCString@@PBDK@Z

msvcp60

?close@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
?is_open@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QBE_NXZ
?flush@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z
??0Init@ios_base@std@@QAE@XZ
??_D?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?endl@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??0_Winit@std@@QAE@XZ

mfc42

ord924
ord823
ord537
ord5856
ord941
ord800
ord535
ord2763
ord2820
ord3811

msvcrt

?terminate@@YAXXZ
__p__fmode
__p__commode
_adjust_fdiv
_controlfp
__set_app_type
__setusermatherr
_except_handler3
_acmdln
exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
free
_initterm
__getmainargs
_mbscmp
_XcptFilter
_cexit
_c_exit
_exit
__CxxFrameHandler
_CxxThrowException

kernel32

GetVolumeInformationA
Process32Next
Process32First
GetVersionExA
CreateToolhelp32Snapshot
MultiByteToWideChar
GetLastError
GlobalFree
GlobalAlloc
GetCurrentProcess
CloseHandle
GetStartupInfoA
GetCurrentThread
GetCurrentDirectoryA
GetModuleHandleA
lstrlenA

user32

MessageBoxA

advapi32

OpenThreadToken
FreeSid
EqualSid
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdesktop/install/binaries/Logging.exe
.exe windows:4 windows x86 arch:x86

a09882c9596ec1cd7929a4ade959eef4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

commonmfc

??0CMessage@@QAE@PAVCWnd@@@Z
?OnOK@CMessage@@MAEXXZ
?DoDataExchange@CMessage@@MAEXPAVCDataExchange@@@Z
?GetMessageMap@CMessage@@MBEPBUAFX_MSGMAP@@XZ
??1CButtonST@@UAE@XZ
??1CHyperLink@@UAE@XZ
??1CMCCheckBox@@UAE@XZ
?OnCancel@CMessage@@MAEXXZ
?OnInitDialog@CMessage@@MAEHXZ
?OnCommand@CMessage@@MAEHIJ@Z

system

SetTraceLevel
GetTraceLevel

mfc42

ord2512
ord5731
ord2554
ord1089
ord5199
ord4486
ord3922
ord3346
ord2396
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5300
ord2982
ord3147
ord3259
ord5714
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord4465
ord825
ord815
ord3571
ord3626
ord5265
ord4998
ord6375
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4274
ord5280
ord3798
ord4837
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord3663
ord641
ord2414
ord616
ord801
ord2514
ord858
ord800
ord6883
ord4160
ord6199
ord540
ord1168
ord941
ord537
ord6215
ord6052
ord561
ord4353
ord1576

msvcrt

__setusermatherr
__p__commode
__p__fmode
_initterm
__getmainargs
_adjust_fdiv
exit
_except_handler3
_onexit
__dllonexit
__CxxFrameHandler
_cexit
_XcptFilter
_exit
_acmdln
_c_exit
__set_app_type
_setmbcp
_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
CloseHandle
CreateMutexA
GetLastError

user32

PostQuitMessage
SendMessageA
EnableWindow

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdesktop/install/binaries/cache.jar
.jar
sdesktop/install/binaries/cachedlg.zip
.zip
sdesktop/install/binaries/cleaner.cab
.cab
sdesktop/install/binaries/detectvm.class
sdesktop/install/binaries/inst.exe
.exe windows:4 windows x86 arch:x86

753dc1eae7eb77ea661e30385dbdfdcd

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:5f:25
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

23/05/2005, 04:26

Not After

24/06/2007, 16:22

Subject

CN=Cisco Systems\, Inc.,OU=Security Appliance Engineering,O=Cisco Systems\, Inc.,L=Franklin,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
__set_app_type
_adjust_fdiv
__setusermatherr
_except_handler3
__p__commode
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
fopen
fwrite
fclose
strchr
strstr
strrchr
strncpy
_lseek
_close
_write
_read
_open
free
malloc
sprintf
_mbsrchr
_controlfp

kernel32

GetStartupInfoA
FindResourceA
LoadResource
SizeofResource
LockResource
GlobalAlloc
CreateDirectoryA
GlobalFree
GetVersion
GetModuleHandleA
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
SetFileAttributesA
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTempPathA
CreateFileA
WriteFile
GetFileAttributesA
CloseHandle
GetSystemDirectoryA
CreateProcessA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdesktop/install/binaries/instfull.exe
.exe windows:4 windows x86 arch:x86

60a7ee0d99d64376248ddea21b8fae0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_cexit
exit
__set_app_type
_controlfp
_except_handler3
_exit
_c_exit
fopen
fwrite
fclose
strchr
strrchr
strncpy
sprintf
_lseek
_close
_write
_read
_open
free
malloc
__p__commode
__p__fmode

kernel32

GetStartupInfoA
GetTempPathA
FindResourceA
LoadResource
SizeofResource
LockResource
GetModuleHandleA
GlobalAlloc
GetFileAttributesA
CreateDirectoryA
GlobalFree
DeleteFileA
CreateProcessA
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdesktop/install/binaries/instjava.cab
.cab
sdesktop/install/binaries/instjava.jar
.jar
sdesktop/install/binaries/instweb.cab
.cab
sdesktop/install/binaries/java.htm
.html
sdesktop/install/binaries/java2.htm
.html .js polyglot
sdesktop/install/binaries/main.js
.js
sdesktop/install/binaries/ocx.htm
.html
sdesktop/install/binaries/setup.cab
.cab
sdesktop/install/binaries/update.txt
sdesktop/install/empty.htm
.html
sdesktop/install/help/ccml/index.htm
.html
sdesktop/install/help/ccml/yes.gif
.gif
sdesktop/install/help/ccw/index.htm
.html
sdesktop/install/help/ccw/taskbar.gif
.gif
sdesktop/install/help/ccw/yes.gif
.gif
sdesktop/install/help/sd/index.htm
.html
sdesktop/install/help/sd/switch.gif
.gif
sdesktop/install/help/sd/taskbar.gif
.gif
sdesktop/install/help/sd/virtual.gif
.gif
sdesktop/install/help/sd/yes.gif
.gif
sdesktop/install/images/alert.gif
.gif
sdesktop/install/images/buttons.gif
.gif
sdesktop/install/images/loading.gif
.gif
sdesktop/install/images/title.gif
.gif
sdesktop/install/result.htm
.html .js polyglot
sdesktop/install/secret.xml
.xml
sdesktop/install/start.htm
.html .js polyglot
sdesktop/manager/crc32.exe
.exe windows:4 windows x86 arch:x86

94c9b26d0a02a580044750cc7690195a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:5f:25
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

23/05/2005, 04:26

Not After

24/06/2007, 16:22

Subject

CN=Cisco Systems\, Inc.,OU=Security Appliance Engineering,O=Cisco Systems\, Inc.,L=Franklin,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
HeapFree
RaiseException
HeapSize
GetACP
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapAlloc
HeapReAlloc
VirtualFree
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
VirtualQuery
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
SetStdHandle
CloseHandle
GetModuleFileNameA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GlobalAlloc
GetProfileStringA
GetProcessHeap
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
SetErrorMode
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
GetLastError
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
TlsAlloc
DeleteCriticalSection
GlobalLock
InitializeCriticalSection
LocalAlloc
MultiByteToWideChar
LocalFree
lstrcpynA
VirtualAlloc
lstrlenA
GlobalUnlock
InterlockedIncrement
MulDiv
SetLastError
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalFree
LockResource
FindResourceA
LoadResource
IsBadWritePtr
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate

user32

ScreenToClient
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
ShowWindow
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
LoadStringA
DestroyMenu
InvalidateRect
GetTopWindow
GetCapture
WinHelpA
wsprintfA
CopyRect
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
GetClassInfoA
RegisterClassA
OffsetRect
RegisterWindowMessageA
RemovePropA
ExcludeUpdateRgn
ShowCaret
DefDlgProcA
IsWindowUnicode
CharNextA
InflateRect
UnregisterClassA
DrawFocusRect
HideCaret

gdi32

GetClipBox
SetBkColor
GetObjectA
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
CreateBitmap
SetTextColor
PatBlt

comdlg32

GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

comctl32

ord17

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdesktop/manager/css/main.css
sdesktop/manager/css/officexp.css
sdesktop/manager/css/xtree.css
sdesktop/manager/empty.htm
.html
sdesktop/manager/images/backg.gif
.gif
sdesktop/manager/images/blank.png
.png
sdesktop/manager/images/favorite.gif
.gif
sdesktop/manager/images/file.png
.png
sdesktop/manager/images/folderi.png
.png
sdesktop/manager/images/i.png
.png
sdesktop/manager/images/l.png
.png
sdesktop/manager/images/lminus.png
.png
sdesktop/manager/images/lplus.png
.png
sdesktop/manager/images/message.gif
.gif
sdesktop/manager/images/openfi.png
.png
sdesktop/manager/images/save2.gif
.gif
sdesktop/manager/images/savetext.gif
.gif
sdesktop/manager/images/statusok.gif
.gif
sdesktop/manager/images/t.png
.png
sdesktop/manager/images/tminus.png
.png
sdesktop/manager/images/tplus.png
.png
sdesktop/manager/images/treedesk.gif
.gif
sdesktop/manager/images/treedown.gif
.gif
sdesktop/manager/images/treehost.gif
.gif
sdesktop/manager/images/treeinte.gif
.gif
sdesktop/manager/images/treeksl.gif
.gif
sdesktop/manager/images/treeloca.gif
.gif
sdesktop/manager/images/treemacl.gif
.gif
sdesktop/manager/images/treemult.gif
.gif
sdesktop/manager/images/treepock.gif
.gif
sdesktop/manager/images/treesett.gif
.gif
sdesktop/manager/images/treewelc.gif
.gif
sdesktop/manager/images/treewind.gif
.gif
sdesktop/manager/images/warning.gif
.gif
sdesktop/manager/js/ieemu.js
.js
sdesktop/manager/js/main.js
.js
sdesktop/manager/js/template.js
.js
sdesktop/manager/js/xparse.js
.js
sdesktop/manager/js/xtree.js
.js
sdesktop/manager/main.htm
.html
sdesktop/manager/template.xml
.xml
sdesktop/manager/xlat.txt
sdesktop/pkginfo.dat
sdm-v25-rozbalene/setup.exe
.exe windows:4 windows x86 arch:x86

b9d2a93cf19ca49f2a88ab66d2e71f6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
VerInstallFileA

kernel32

LoadResource
FindResourceA
GetModuleHandleA
SetErrorMode
CreateDirectoryA
GetModuleFileNameA
CreateFileA
InterlockedIncrement
InterlockedDecrement
QueryPerformanceFrequency
CreateEventA
CloseHandle
WriteFile
Sleep
ReadFile
FreeLibrary
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
lstrcmpA
FindFirstFileA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
CreateThread
GetWindowsDirectoryA
GetTickCount
GetFileAttributesA
GetTempFileNameA
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
SetEvent
LockResource
GetDriveTypeA
OpenEventA
CreateProcessA
CopyFileA
GetShortPathNameA
GetCurrentThreadId
HeapAlloc
GetSystemInfo
HeapCreate
GetFileSize
lstrcpynA
lstrcatA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
HeapDestroy
GetSystemDefaultLangID
MoveFileA
FindResourceExA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SizeofResource
GetVersion
GetStartupInfoA
ExitProcess
GetCommandLineA
DebugBreak
HeapReAlloc
HeapFree
VirtualQuery
VirtualProtect
SearchPathA
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
GetCurrentProcess
GetCurrentThread
RtlUnwind
lstrcpyA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExA
CompareStringW
CompareStringA
WideCharToMultiByte
lstrlenA
GetLastError
SetLastError
lstrcmpiA
GetPrivateProfileIntA
GetPrivateProfileStringA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
IsBadReadPtr

user32

MoveWindow
KillTimer
DestroyWindow
GetWindowTextA
SetTimer
SetWindowRgn
GetDesktopWindow
DialogBoxIndirectParamA
SetActiveWindow
LoadStringA
SetWindowTextA
GetDlgItem
SendMessageA
SetDlgItemTextA
LoadIconA
GetWindowRect
SystemParametersInfoA
SetWindowPos
wsprintfA
MsgWaitForMultipleObjects
PeekMessageA
CharLowerBuffA
MessageBoxA
EndDialog
CharNextA
CharUpperA
PostThreadMessageA
CreateDialogIndirectParamA
SetForegroundWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetDC
ReleaseDC
ShowWindow
ScreenToClient

gdi32

GetTextExtentPoint32A
LPtoDP
DeleteObject
CreateFontIndirectA
GetObjectA

advapi32

RegCreateKeyExA
GetTokenInformation
AllocateAndInitializeSid
OpenThreadToken
EqualSid
FreeSid
RegCloseKey
RegOpenKeyExA
RegSetValueExA
OpenProcessToken
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
StringFromCLSID
CoTaskMemFree
StringFromGUID2
GetRunningObjectTable
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysFreeString
VariantCopy
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear

lz32

LZOpenFileA
LZCopy
LZClose

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdm-v25-rozbalene/sslclient-win-1.1.4.176.pkg
.zip .js polyglot
sdm-v25-rozbalene/tar.exe
.exe windows:4 windows x86 arch:x86

777f495333cad1d9c2a5ac48b009fcad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

libintl-2

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

advapi32

GetUserNameA

kernel32

AddAtomA
BackupWrite
CloseHandle
CopyFileA
CreateFileA
CreateNamedPipeA
ExitProcess
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
GetAtomNameA
GetBinaryTypeA
GetFileAttributesA
GetFileInformationByHandle
GetFileType
GetFullPathNameA
GetLastError
GetProcAddress
GetShortPathNameA
GetSystemInfo
GetSystemTimeAsFileTime
LoadLibraryA
MoveFileA
MultiByteToWideChar
SetEndOfFile
SetFileTime
SetUnhandledExceptionFilter
lstrcpyA

msvcrt

_chdir
_chmod
_close
_creat
_dup
_execl
_execlp
_getcwd
_open
_read
_rmdir
_strdup
_umask
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__p__pgmptr
__set_app_type
_access
_assert
_cexit
_chmod
_errno
_fileno
_get_osfhandle
_iob
_isctype
_lseeki64
_mkdir
_onexit
_open_osfhandle
_pctype
_pipe
_setmode
_stricmp
_strnicmp
_unlink
abort
atexit
atoi
atol
calloc
exit
fclose
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
free
fscanf
fwrite
getc
getenv
gmtime
localtime
malloc
mbstowcs
memcpy
memset
printf
putc
realloc
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
system
time
tolower
toupper
vfprintf

ole32

CoCreateInstance
CoUninitialize
OleInitialize

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sdm-v25-rozbalene/topleft.gif
.gif
sdm-v25-rozbalene/updateengine.jar
.jar
sdm-v25-rozbalene/wlanui.tar
.tar .js polyglot

Sharing

General

Malware Config

Signatures

Files

c6059ebe18aedd5a82a7e59cff62c545

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ffCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

wininet

msvcrt

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 16.2MB - Virtual size: 16.2MB

d040ed8826779de816a60fe2d876ac73

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 848KB - Virtual size: 847KB

.data Size: 512B - Virtual size: 496B

.rdata Size: 1024B - Virtual size: 876B

.bss Size: - Virtual size: 160B

.edata Size: 512B - Virtual size: 272B

.idata Size: 1024B - Virtual size: 648B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

f6d52eeb6c18a9dc5d054a1ae29c095f

Headers

File Characteristics

Imports

libiconv-2

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 1024B - Virtual size: 876B

.bss Size: - Virtual size: 384B

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

910fbb62bd060feb681ae0d7b6de89b0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 16.2MB - Virtual size: 16.2MB

.text
Size: 848KB - Virtual size: 847KB

.data
Size: 512B - Virtual size: 496B

.rdata
Size: 1024B - Virtual size: 876B

.bss
Size: - Virtual size: 160B

.edata
Size: 512B - Virtual size: 272B

.idata
Size: 1024B - Virtual size: 648B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 1024B - Virtual size: 876B

.bss
Size: - Virtual size: 384B

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 392B

.rsrc
Size: 8KB - Virtual size: 5KB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3f:5f:25
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 65KB

.rsrc
Size: 80KB - Virtual size: 80KB