cdfa930112533dfd0f15a951e038d461

Sharing

Copy URL Twitter E-mail

General

Target

cdfa930112533dfd0f15a951e038d461
Size

2.9MB
MD5

cdfa930112533dfd0f15a951e038d461
SHA1

5f510c9e6dbb6791c136ca94ca5a1e0746f7326e
SHA256

a8c50ac0075174a9bb6f403a7eb1872c13b276a031441d8a655fd7d9e7fa6fe5
SHA512

f1ec6de39cb04f601e599937e4134bc69bb53e5cdaa116197782fef13d021ee89175b3b7e3887009e6de404133c3c3c4fa8a5c6f2840b9bb3b7bfc8aaed7d063
SSDEEP

49152:rZJjBXrgILsCI4AqnXGtLMXv7ow+XULx33w3uuKpf+Th/apB4hk2D+/yXe+a+SY2:DjBbRvXMMX7jLxnhxWTh2uZ/8Xye

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/Banner.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/XML.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Codecs/irSndFile.irc
unpack001/Codecs/irVorbis.irc
unpack001/Codecs/irWMA.irc
unpack001/Codecs/libsndfile.dll
unpack001/MegaMindWriter.exe
unpack001/UpdateApp.exe
unpack001/cdrkit/cygwin1.dll
unpack001/cdrkit/icedax.exe
unpack001/cdrkit/readom.exe
unpack001/cdrkit/wodim.exe
unpack001/irShell.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

cdfa930112533dfd0f15a951e038d461
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:eb:63:3d:d2:ae:f0:f1:05:41:2c:09:d2:c3:b1:4e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/03/2011, 00:00

Not After

29/03/2012, 23:59

Subject

CN=Prospera Software\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Prospera Software\, Inc.,L=Suwanee,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:c9:71:eb:59:1a:53:fc:fd:a0:6a:a3:e5:e7:47:0c:60:c1:d2:e7
Signer

Actual PE Digest

a0:c9:71:eb:59:1a:53:fc:fd:a0:6a:a3:e5:e7:47:0c:60:c1:d2:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Banner.dll
.dll windows:4 windows x86 arch:x86

7a3709b093081d5614be1eaa2fe7fe76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CloseHandle
Sleep
CreateThread
GetCurrentThreadId
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

user32

DestroyWindow
SetWindowLongA
GetWindowLongA
SetWindowTextA
SetDlgItemTextA
DispatchMessageA
PeekMessageA
WaitMessage
IsWindow
CreateDialogParamA
ShowWindow
AttachThreadInput
IsWindowVisible
wsprintfA
PostMessageA

Exports

Exports

destroy
getWindow
show

Sections

.text
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MobilewitchAcPro.exe
.exe windows:1 windows x86 arch:x86

Code Sign

63:7c:1c:a8:5b:d9:cf:df:39:1b:ea:85:b2:70:78:dd
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

14/12/2010, 00:00

Not After

13/12/2012, 23:59

Subject

CN=SimplyGen,O=SimplyGen,POSTALCODE=43662,STREET=Zarhin 10,L=Raanana,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d0:7a:1f:fe:e5:16:1f:3c:54:87:ab:fa:4b:a3:c9:85:79:68:9e:97
Signer

Actual PE Digest

d0:7a:1f:fe:e5:16:1f:3c:54:87:ab:fa:4b:a3:c9:85:79:68:9e:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/XML.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/irSndFile.irc
.dll windows:4 windows x86 arch:x86

4c20d009f18ee5baa83127a9e9d9a7f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Christian Kindahl\Desktop\Active Projects\InfraRecorder\Binary32\Codecs\irSndFile.pdb

Imports

kernel32

lstrcatW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
FreeLibrary
lstrlenW
MultiByteToWideChar
AreFileApisANSI
WideCharToMultiByte
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
VirtualAlloc
WriteFile
LoadLibraryA
InitializeCriticalSection
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers

Exports

Exports

irc_capabilities
irc_decode_exit
irc_decode_init
irc_decode_process
irc_encode_config
irc_encode_exit
irc_encode_flush
irc_encode_init
irc_encode_process
irc_set_callback
irc_string

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/irVorbis.irc
.dll windows:4 windows x86 arch:x86

9ae399a101ababa6f0ff54a4a85b3ab9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Christian Kindahl\Desktop\Active Projects\InfraRecorder\Binary32\Codecs\irVorbis.pdb

Imports

kernel32

GetCurrentProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
CloseHandle
GetLastError
SetFilePointer
ReadFile
WriteFile
FlushInstructionCache
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapDestroy
HeapCreate
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetStdHandle

user32

GetActiveWindow
EnableWindow
MessageBoxW
GetDlgItem
SetDlgItemTextW
IsDlgButtonChecked
GetDlgItemTextW
CheckDlgButton
CallWindowProcW
DestroyWindow
DefWindowProcW
SendMessageW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetWindowLongW
SetWindowLongW
UnregisterClassA

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW

Exports

Exports

irc_capabilities
irc_decode_exit
irc_decode_init
irc_decode_process
irc_encode_config
irc_encode_exit
irc_encode_flush
irc_encode_init
irc_encode_process
irc_set_callback
irc_string

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 988KB - Virtual size: 1003KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/irWMA.irc
.dll windows:4 windows x86 arch:x86

9f2f89fb3603c619a0ba057f0845468b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Christian Kindahl\Desktop\Active Projects\InfraRecorder\Binary32\Codecs\irWMA.pdb

Imports

kernel32

GetCurrentProcess
GetCurrentThreadId
GetProcAddress
LoadLibraryW
FreeLibrary
CloseHandle
InterlockedIncrement
GetFileType
GetLastError
CreateFileW
ReadFile
SetFilePointer
GetFileSize
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
FlushInstructionCache
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
RtlUnwind
HeapReAlloc
GetCommandLineA
HeapDestroy
HeapCreate
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
Sleep
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LCMapStringA
LCMapStringW

user32

SetWindowLongW
GetWindowLongW
SetWindowPos
GetActiveWindow
GetDlgItem
CallWindowProcW
DestroyWindow
DefWindowProcW
SendMessageW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
UnregisterClassA

ole32

CoInitialize
CoUninitialize

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW

Exports

Exports

irc_capabilities
irc_decode_exit
irc_decode_init
irc_decode_process
irc_encode_config
irc_encode_exit
irc_encode_flush
irc_encode_init
irc_encode_process
irc_set_callback
irc_string

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/libsndfile.dll
.dll windows:4 windows x86 arch:x86

eb7015eeaaff6bad1fb7a59238c027d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CreateFileA
FindAtomA
FlushFileBuffers
FormatMessageA
GetAtomNameA
GetFileSize
GetFileType
GetLastError
GetStdHandle
LocalFree
ReadFile
SetEndOfFile
SetFilePointer
WriteFile

msvcrt

_stat
__dllonexit
__mb_cur_max
_assert
_errno
_get_osfhandle
_iob
_isctype
_pctype
_snprintf
_vsnprintf
abort
calloc
fflush
floor
fmod
fprintf
free
frexp
gmtime
malloc
memcpy
memset
printf
putchar
puts
sscanf
strlen
strncat
strncpy
strrchr
strstr
strtol
time
tolower

Exports

Exports

sf_close
sf_command
sf_error
sf_error_number
sf_error_str
sf_format_check
sf_get_string
sf_open
sf_open_fd
sf_open_virtual
sf_perror
sf_read_double
sf_read_float
sf_read_int
sf_read_raw
sf_read_short
sf_readf_double
sf_readf_float
sf_readf_int
sf_readf_short
sf_seek
sf_set_string
sf_strerror
sf_write_double
sf_write_float
sf_write_int
sf_write_raw
sf_write_short
sf_write_sync
sf_writef_double
sf_writef_float
sf_writef_int
sf_writef_short

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MegaMindWriter.chm
.chm
MegaMindWriter.exe
.exe windows:5 windows x86 arch:x86

38a27b0dd57a5c25ab8b3b91a143c948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandW
mciSendStringW

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetLocalTime
LocalUnlock
LocalLock
MulDiv
GetVolumeInformationW
lstrcpynA
lstrlenA
GetCurrentProcessId
LockResource
GlobalSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetTempPathW
CompareFileTime
ExpandEnvironmentStringsA
LoadLibraryA
SetFilePointer
GetFileTime
GetFileSize
GetFileAttributesW
DeleteFileW
GetTempFileNameW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
GetTimeZoneInformation
GetConsoleCP
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
InterlockedDecrement
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
HeapReAlloc
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetStringTypeA
GetStringTypeW
InterlockedIncrement
GetLogicalDrives
GetDriveTypeW
GetTickCount
AreFileApisANSI
WideCharToMultiByte
CreateFileW
DeviceIoControl
ResetEvent
GetProcAddress
GetDiskFreeSpaceExW
CreatePipe
DuplicateHandle
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CreateEventW
WriteFile
WaitForMultipleObjects
PeekNamedPipe
ReadFile
TerminateProcess
SetEvent
TerminateThread
CreateProcessW
GetLastError
DosDateTimeToFileTime
FileTimeToSystemTime
GetDateFormatW
FindFirstFileW
FindNextFileW
FindClose
lstrcmpW
GetConsoleMode
lstrcpyW
SetLastError
CreateThread
WaitForSingleObject
Sleep
CloseHandle
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcpynW
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryW
FreeLibrary
GetModuleFileNameW
lstrcatW
CompareStringW
SetEnvironmentVariableA
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount

user32

MessageBeep
LoadStringA
PostQuitMessage
CreatePopupMenu
IsDialogMessageW
TranslateAcceleratorW
GetCapture
GetMessagePos
DrawEdge
RemoveMenu
UnregisterClassA
SetRectEmpty
SetCursor
IsMenu
GetMenuItemCount
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
wsprintfW
GetFocus
OpenClipboard
IsZoomed
IsIconic
SetMenu
GetMenu
IsWindowVisible
GetWindowThreadProcessId
ModifyMenuW
PtInRect
ReleaseCapture
SetCapture
LoadStringW
LoadAcceleratorsW
RegisterClassExW
CharNextW
LoadCursorW
GetClassInfoExW
wvsprintfW
FrameRect
ClientToScreen
GetWindowLongA
SetWindowLongA
CallWindowProcA
FindWindowExW
CheckMenuItem
EnableMenuItem
RegisterClipboardFormatW
SendDlgItemMessageW
SetWindowsHookExW
GetClassNameW
CallNextHookEx
WindowFromPoint
GetKeyState
GetWindowDC
LoadMenuW
InflateRect
OffsetRect
DrawFrameControl
DrawStateW
DestroyMenu
GetSubMenu
EndPaint
BeginPaint
RedrawWindow
GetCursorPos
TrackPopupMenuEx
SetMenuDefaultItem
CharLowerW
UnhookWindowsHookEx
RegisterWindowMessageW
IsWindowUnicode
GetMenuItemInfoW
SetMenuItemInfoW
PostMessageW
SetFocus
GetSysColor
DrawTextW
DrawFocusRect
GetSysColorBrush
FillRect
TrackMouseEvent
InvalidateRect
MoveWindow
LoadIconW
LoadBitmapW
CreateWindowExW
GetSystemMetrics
KillTimer
SetTimer
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
CallWindowProcW
DestroyWindow
DefWindowProcW
InsertMenuW
IsWindowEnabled
GetSystemMenu
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
GetActiveWindow
EnableWindow
CreateDialogParamW
DialogBoxParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
ShowWindow
SetWindowTextW
LoadImageW
DestroyIcon
SetWindowLongW
GetDC
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
MessageBoxW
GetDlgItem
GetParent
SetDlgItemTextW
ReleaseDC
GetWindowLongW
SendMessageW
EndDialog
UpdateWindow
AppendMenuW

gdi32

GetTextExtentPoint32W
ExcludeClipRect
CreateDIBSection
SetBrushOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
CreateSolidBrush
ExtTextOutW
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
SetTextColor
SelectObject
DeleteDC
GetTextMetricsW
DeleteObject
GetDeviceCaps
BitBlt
SetBkMode
GetObjectW
GetStockObject
CreateFontIndirectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExA
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
DragQueryPoint
DragFinish
ord18
ord17
ord16
ord155
SHGetSpecialFolderLocation
DragQueryFileW
SHGetDesktopFolder
SHGetMalloc
ord4
ord2
SHGetFolderPathW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
ord25

ole32

RegisterDragDrop
RevokeDragDrop
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
CoLockObjectExternal
DoDragDrop

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_AddMasked
ImageList_Add
ImageList_Draw
InitCommonControlsEx
CreateStatusWindowW
ImageList_GetImageCount

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 780KB - Virtual size: 780KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UpdateApp.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\UpdateApp\UpdateApp\obj\Release\UpdateApp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdrkit/cygwin1.dll
.dll windows:4 windows x86 arch:x86

544fbaecbcb09031c56aaa5d7cadf2dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AccessCheck
AddAccessAllowedAce
AddAccessDeniedAce
AddAce
AllocateLocallyUniqueId
CopySid
CreateProcessAsUserW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
DuplicateTokenEx
EqualPrefixSid
EqualSid
FindFirstFreeAce
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityInfo
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetUserNameA
ImpersonateLoggedOnUser
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
LogonUserW
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LsaClose
LsaEnumerateAccountRights
LsaFreeMemory
LsaNtStatusToWinError
LsaOpenPolicy
LsaRetrievePrivateData
LsaStorePrivateData
MakeSelfRelativeSD
OpenProcessToken
PrivilegeCheck
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExW
RegEnumValueW
RegGetKeySecurity
RegLoadKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegisterEventSourceA
ReportEventA
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetTokenInformation

kernel32

AllocConsole
CancelIo
ClearCommBreak
ClearCommError
CloseHandle
CompareFileTime
CompareStringW
ConnectNamedPipe
CreateFileA
CreateFileW
CreateNamedPipeA
CreatePipe
CreateProcessW
CreateTapePartition
CreateThread
DebugBreak
DeleteCriticalSection
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetBinaryTypeW
GetCPInfo
GetCommModemStatus
GetCommState
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileType
GetHandleInformation
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDrives
GetMailslotInfo
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetNamedPipeHandleStateA
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTapeParameters
GetTapePosition
GetTapeStatus
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersionExA
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsBadStringPtrA
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MapViewOfFileEx
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
PrepareTape
PurgeComm
QueryDosDeviceA
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
RtlUnwind
ScrollConsoleScreenBufferA
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFilePointer
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessWorkingSetSize
SetStdHandle
SetSystemTime
SetTapeParameters
SetTapePosition
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransmitCommChar
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeA
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleOutputW
WriteConsoleW
WriteFile
WriteProcessMemory
WriteTapemark

ntdll

NtAdjustPrivilegesToken
NtClose
NtCreateDirectoryObject
NtCreateEvent
NtCreateFile
NtCreateMailslotFile
NtCreateMutant
NtCreateSection
NtCreateSemaphore
NtCreateToken
NtFsControlFile
NtLockVirtualMemory
NtMapViewOfSection
NtNotifyChangeDirectoryFile
NtOpenDirectoryObject
NtOpenEvent
NtOpenFile
NtOpenMutant
NtOpenSection
NtOpenSemaphore
NtQueryAttributesFile
NtQueryDirectoryFile
NtQueryDirectoryObject
NtQueryEaFile
NtQueryEvent
NtQueryFullAttributesFile
NtQueryInformationFile
NtQueryInformationProcess
NtQueryObject
NtQuerySecurityObject
NtQuerySystemInformation
NtQuerySystemTime
NtQueryVirtualMemory
NtQueryVolumeInformationFile
NtReadFile
NtSetEaFile
NtSetInformationFile
NtSetSecurityObject
NtUnlockVirtualMemory
NtUnmapViewOfSection
NtWriteFile
RtlAcquirePebLock
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCompareUnicodeString
RtlConvertSidToUnicodeString
RtlCopyUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlDowncaseUnicodeString
RtlEqualUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlIsDosDeviceName_U
RtlNtStatusToDosError
RtlPrefixUnicodeString
RtlReleasePebLock
RtlSecondsSince1970ToTime
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString

Exports

Exports

_Exit
__argv
__argz_add
__argz_add_sep
__argz_append
__argz_count
__argz_create
__argz_create_sep
__argz_delete
__argz_extract
__argz_insert
__argz_next
__argz_replace
__argz_stringify
__assert
__assert_func
__assertfail
__check_rhosts_file
__ctype_ptr__
__cygwin_environ
__cygwin_user_data
__dn_comp
__dn_expand
__dn_skipname
__envz_add
__envz_entry
__envz_get
__envz_merge
__envz_remove
__envz_strip
__eprintf
__errno
__f_atan2
__f_atan2f
__f_exp
__f_expf
__f_frexp
__f_frexpf
__f_ldexp
__f_ldexpf
__f_log
__f_log10
__f_log10f
__f_logf
__f_pow
__f_powf
__f_tan
__f_tanf
__fpclassifyd
__fpclassifyf
__getdelim
__getline
__getreent
__infinity
__isinfd
__isinff
__isnand
__isnanf
__main
__mb_cur_max
__mempcpy
__opendir_with_d_ino
__progname
__rcmd_errstr
__res_close
__res_init
__res_mkquery
__res_nclose
__res_ninit
__res_nmkquery
__res_nquery
__res_nquerydomain
__res_nsearch
__res_nsend
__res_query
__res_querydomain
__res_search
__res_send
__res_state
__signbitd
__signbitf
__signgam
__srget
__srget_r
__swbuf
__swbuf_r
__wrap__ZdaPv
__wrap__ZdaPvRKSt9nothrow_t
__wrap__ZdlPv
__wrap__ZdlPvRKSt9nothrow_t
__wrap__Znaj
__wrap__ZnajRKSt9nothrow_t
__wrap__Znwj
__wrap__ZnwjRKSt9nothrow_t
__xdrrec_getrec
__xdrrec_setnonblock
_abort
_abs
_access
_acl
_acl32
_aclcheck
_aclcheck32
_aclfrommode
_aclfrommode32
_aclfrompbits
_aclfrompbits32
_aclfromtext
_aclfromtext32
_aclsort
_aclsort32
_acltomode
_acltomode32
_acltopbits
_acltopbits32
_acltotext
_acltotext32
_acos
_acosf
_acosh
_acoshf
_alarm
_alloca
_alphasort
_asctime
_asctime_r
_asin
_asinf
_asinh
_asinhf
_asprintf
_asprintf_r
_atan
_atan2
_atan2f
_atanf
_atanh
_atanhf
_atexit
_atof
_atoff
_atoi
_atol
_bcmp
_bcopy
_bsearch
_bzero
_cabs
_cabsf
_calloc
_cbrt
_cbrtf
_ceil
_ceilf
_chdir
_check_for_executable
_chmod
_chown
_chown32
_chroot
_clearerr
_clock
_close
_closedir
_copysign
_copysignf
_cos
_cosf
_cosh
_coshf
_creat
_ctime
_ctime_r
_ctype_
_cuserid
_cwait
_daylight
_difftime
_dirfd
_div
_dll_crt0@0
_drand48
_drem
_dremf
_dup
_dup2
_ecvt
_ecvtbuf
_ecvtf
_endgrent
_endmntent
_endpwent
_endutent
_erand48
_erf
_erfc
_erfcf
_erff
_execl
_execle
_execlp
_execv
_execve
_execvp
_exit
_exp
_expf
_expm1
_expm1f
_f_atan2
_f_atan2f
_f_exp
_f_expf
_f_frexp
_f_frexpf
_f_ldexp
_f_ldexpf
_f_llrint
_f_llrintf
_f_llrintl
_f_log
_f_log10
_f_log10f
_f_logf
_f_lrint
_f_lrintf
_f_lrintl
_f_pow
_f_powf
_f_rint
_f_rintf
_f_rintl
_f_tan
_f_tanf
_fabs
_fabsf
_facl
_facl32
_fchdir
_fchmod
_fchown
_fchown32
_fclose
_fcloseall
_fcloseall_r
_fcntl
_fcntl64
_fcvt
_fcvtbuf
_fcvtf
_fdopen
_fdopen64
_feof
_ferror
_fflush
_ffs
_fgetc
_fgetpos
_fgetpos64
_fgets
_fileno
_finite
_finitef
_fiprintf
_floor
_floorf
_fmod
_fmodf
_fnmatch
_fopen
_fopen64
_fork
_fprintf
_fputc
_fputs
_fread
_free
_freopen
_freopen64
_frexp
_frexpf
_fscanf
_fscanf_r
_fseek
_fseeko
_fseeko64
_fsetpos
_fsetpos64
_fstat
_fstat64
_fstatfs
_fsync
_ftell
_ftello
_ftello64
_ftime
_ftok
_ftruncate
_ftruncate64
_fwrite
_gamma
_gamma_r
_gammaf
_gammaf_r
_gcvt
_gcvtf
_get_osfhandle
_getc
_getc_unlocked
_getchar
_getchar_unlocked
_getcwd
_getdomainname
_getdtablesize
_getegid
_getegid32
_getenv
_geteuid
_geteuid32
_getgid
_getgid32
_getgrent
_getgrent32
_getgrgid
_getgrgid32
_getgrnam
_getgrnam32
_getgroups
_getgroups32
_gethostname
_getlogin
_getmntent
_getmode
_getpagesize
_getpass
_getpgrp
_getpid
_getppid
_getpwduid
_getpwent
_getpwnam
_getpwuid
_getpwuid32
_getpwuid_r32
_getrlimit
_getrusage
_gets
_gettimeofday
_getuid
_getuid32
_getutent
_getutid
_getw
_getwd
_gmtime
_gmtime_r
_htonl
_htons
_hypot
_hypotf
_ilogb
_ilogbf
_impure_ptr
_index
_infinity
_infinityf
_initgroups32
_ioctl
_iprintf
_isalnum
_isalpha
_isascii
_isatty
_iscntrl
_isdigit
_isgraph
_isinf
_isinff
_islower
_isnan
_isnanf
_isprint
_ispunct
_isspace
_isupper
_isxdigit
_j0
_j0f
_j1
_j1f
_jn
_jnf
_jrand48
_kill
_labs
_lacl
_lchown
_lchown32
_lcong48
_ldexp
_ldexpf
_ldiv
_lgamma
_lgamma_r
_lgammaf
_lgammaf_r
_link
_localeconv
_localtime
_localtime_r
_log
_log10
_log10f
_log1p
_log1pf
_logb
_logbf
_logf
_longjmp
_lrand48
_lseek
_lseek64
_lstat
_lstat64
_malloc
_matherr
_mblen
_mbstowcs
_mbtowc
_memccpy
_memchr
_memcmp
_memcpy
_memmove
_memset
_mkdir
_mknod
_mknod32
_mkstemp
_mktemp
_mktime
_mmap64
_modf
_modff
_mount
_nan
_nanf
_nanosleep
_nextafter
_nextafterf
_nice
_nl_langinfo
_nrand48
_ntohl
_ntohs
_open
_open64
_openlog
_pathconf
_pclose
_perror
_pipe
_poll
_popen
_pow
_powf
_printf
_pthread_cleanup_pop
_pthread_cleanup_push
_putc
_putc_unlocked
_putchar
_putchar_unlocked
_putenv
_puts
_pututline
_putw
_qsort
_raise
_rand
_read
_readdir
_readlink
_readv
_realloc
_remainder
_remainderf
_remove
_rename
_rewind
_rewinddir
_rindex
_rmdir
_sbrk
_scalb
_scalbf
_scalbn
_scalbnf
_scandir
_scanf

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/38
Size: 512B - Virtual size: 16B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cygheap
Size: - Virtual size: 832KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cdrkit/icedax.exe
.exe windows:4 windows x86 arch:x86

70da197fd394af6771de182e559b9a8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__assert
__errno
__getreent
__main
_ctype_
_exit
_fdopen64
_fopen64
_fseeko64
_fstat64
_getegid32
_geteuid32
_getgid32
_getpwuid32
_getuid32
_impure_ptr
_lseek64
_mmap64
_open64
_setegid32
_seteuid32
_setgid32
_setreuid32
_setuid32
_stat64
abort
alarm
atexit
atoi
calloc
close
connect
cygwin_internal
dlclose
dll_crt0__FP11per_process
dlopen
dlsym
dup
dup2
execlp
exit
fclose
fflush
fgets
fileno
fork
fprintf
fputc
fputs
free
fwrite
getc
getenv
gethostbyname
gethostname
getpagesize
getppid
getpwnam
getservbyname
gettimeofday
ioctl
kill
localtime
malloc
memchr
memcpy
memmove
memset
perror
pipe
printf
putchar
puts
qsort
rcmd
read
realloc
rewind
scanf
setbuf
setmode
setsockopt
shmat
shmctl
shmget
signal
sleep
snprintf
socket
socketpair
sprintf
sscanf
strcasecmp
strcat
strchr
strcmp
strcpy
strdup
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtod
strtol
strtoul
time
toupper
usleep
valloc
vfprintf
vsnprintf
wait
write

kernel32

CloseHandle
CreateEventA
CreateFileA
DeviceIoControl
GetCurrentProcess
GetCurrentThread
GetDriveTypeA
GetLastError
GetModuleHandleA
GetVersionExA
ResetEvent
SetPriorityClass
SetThreadPriority
WaitForSingleObject

winmm

waveOutClose
waveOutGetErrorTextA
waveOutReset
waveOutWrite

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cdrkit/readom.exe
.exe windows:4 windows x86 arch:x86

2f8472a3c89981c12446446fded188e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_ctype_
_exit
_fdopen64
_fopen64
_fseeko64
_fstat64
_geteuid32
_getpwuid32
_getuid32
_impure_ptr
_open64
_seteuid32
_setreuid32
_setuid32
abort
atexit
atoi
calloc
close
cygwin_internal
dlclose
dll_crt0__FP11per_process
dlopen
dlsym
drand48
dup2
execlp
exit
fclose
fflush
fgets
fileno
fork
fprintf
fputc
fputs
fread
free
fwrite
getc
getenv
getpwnam
getservbyname
gettimeofday
malloc
memcpy
memmove
memset
perror
printf
putchar
puts
rcmd
read
realloc
rewind
setbuf
setmode
setsockopt
signal
sleep
snprintf
socketpair
sscanf
strchr
strcpy
strdup
strerror
strlen
strncpy
strrchr
strstr
strtol
toupper
usleep
valloc
vfprintf
vprintf
vsnprintf
wait
write

kernel32

CloseHandle
CreateEventA
CreateFileA
DeviceIoControl
GetDriveTypeA
GetLastError
GetModuleHandleA
GetVersionExA
ResetEvent
WaitForSingleObject

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cdrkit/wodim.exe
.exe windows:4 windows x86 arch:x86

d45de0cc4c53f0b4be4bfc98a1bf1975

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_ctype_
_exit
_fcntl64
_fdopen64
_fopen64
_fseeko64
_fstat64
_geteuid32
_getpwuid32
_getuid32
_impure_ptr
_lseek64
_mmap64
_open64
_seteuid32
_setreuid32
_setuid32
_stat64
abort
atexit
atoi
calloc
close
cygwin_internal
dlclose
dll_crt0__FP11per_process
dlopen
dlsym
dup2
execlp
exit
fclose
fflush
fgets
fileno
fork
fprintf
fputc
fputs
fread
free
fwrite
getc
getenv
getpagesize
getpid
getpwnam
getrlimit
getservbyname
gettimeofday
isatty
kill
malloc
memcpy
memmove
memset
pause
perror
printf
putchar
puts
rcmd
read
realloc
rewind
select
setbuf
setmode
setpriority
setrlimit
setsockopt
signal
sleep
snprintf
socketpair
sscanf
strchr
strcmp
strcpy
strdup
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtol
sysconf
toupper
usleep
valloc
vfprintf
vsnprintf
wait
write

kernel32

CloseHandle
CreateEventA
CreateFileA
DeviceIoControl
GetCurrentProcess
GetCurrentThread
GetDriveTypeA
GetLastError
GetModuleHandleA
GetVersionExA
ResetEvent
SetPriorityClass
SetThreadPriority
WaitForSingleObject

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
irShell.dll
.dll regsvr32 windows:5 windows x86 arch:x86

edfac1ad72d04e6d4e73e478b89d8e72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExW
lstrcmpiW
GetProcAddress
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpW
GlobalUnlock
GlobalLock
lstrcpynA
lstrcpynW
WideCharToMultiByte
lstrcpyW
lstrcatW
AreFileApisANSI
CreateFileW
CloseHandle
SetFilePointer
GetFileSize
GetFileAttributesW
SetFileAttributesW
ReadFile
FindResourceW
DeleteFileW
RemoveDirectoryW
MoveFileW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileTime
FileTimeToSystemTime
GetFileAttributesExW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
GetDiskFreeSpaceExW
GetTempFileNameW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
SizeofResource
LoadResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
GetThreadLocale
WriteFile
SetThreadLocale
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount

user32

CreatePopupMenu
LoadBitmapW
GetMenuItemInfoW
SetMenuItemBitmaps
InsertMenuW
GetMenuItemCount
MessageBoxW
CharNextW

gdi32

DeleteObject

advapi32

RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

shell32

DragQueryFileW
ShellExecuteW
SHGetFolderPathW

ole32

ReleaseStgMedium
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

35:eb:63:3d:d2:ae:f0:f1:05:41:2c:09:d2:c3:b1:4eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a0:c9:71:eb:59:1a:53:fc:fd:a0:6a:a3:e5:e7:47:0c:60:c1:d2:e7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 104KB

.rsrc Size: 89KB - Virtual size: 88KB

7a3709b093081d5614be1eaa2fe7fe76

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 862B

.rdata Size: 1024B - Virtual size: 792B

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 224B

Code Sign

63:7c:1c:a8:5b:d9:cf:df:39:1b:ea:85:b2:70:78:ddCertificate

Extended Key Usages

Key Usages

d0:7a:1f:fe:e5:16:1f:3c:54:87:ab:fa:4b:a3:c9:85:79:68:9e:97Signer

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 36KB

DATA Size: 1024B - Virtual size: 588B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

35:eb:63:3d:d2:ae:f0:f1:05:41:2c:09:d2:c3:b1:4e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a0:c9:71:eb:59:1a:53:fc:fd:a0:6a:a3:e5:e7:47:0c:60:c1:d2:e7
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 104KB

.rsrc
Size: 89KB - Virtual size: 88KB

.text
Size: 1024B - Virtual size: 862B

.rdata
Size: 1024B - Virtual size: 792B

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 224B

63:7c:1c:a8:5b:d9:cf:df:39:1b:ea:85:b2:70:78:dd
Certificate

d0:7a:1f:fe:e5:16:1f:3c:54:87:ab:fa:4b:a3:c9:85:79:68:9e:97
Signer

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 588B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 5KB