Win7-1226-09[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Win7-1226-09.zip
Size

6.9MB
MD5

2c61a0b0811e37da1dd67e3515833c0d
SHA1

2eb1d4de12c36bb6d795ebe3f029b1c23d69212e
SHA256

e4a3168530284db1c75023f92ed9360d26e8e706704c93c951b8d0f62f787b93
SHA512

276c0793ae4065eac0b130e8c48d4c777d0446e003aa693cac6d38cd72778acc8eab2e41f9359ed531927614377ea1b7d2da2cd1ef60a06762f28a96284378bf
SSDEEP

98304:nd0anq2r8RNv6c6Kr9Rrjr6ZbMY8gGGzJ/MrIIeRmeOdHpnJCG/AHWBdQfD3EmNr:ndtnf8RNCJKv/VGhMsZLmno2EbEKUrA

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Win7-1226-09/Win7-1226-09/Driver/Domino.exe
unpack001/Win7-1226-09/Win7-1226-09/Driver/StillCap.exe
unpack001/Win7-1226-09/Win7-1226-09/Driver/VM301Snap.exe
unpack001/Win7-1226-09/Win7-1226-09/Driver/VM31bPrp.Ax
unpack001/Win7-1226-09/Win7-1226-09/Driver/VM31bSTI.dll
unpack001/Win7-1226-09/Win7-1226-09/Driver/VM31bTWN.DS
unpack001/Win7-1226-09/Win7-1226-09/Driver/VM31bTXP.DS
unpack001/Win7-1226-09/Win7-1226-09/Driver/VM31bx64.sys
unpack001/Win7-1226-09/Win7-1226-09/Driver/VMCap.exe
unpack001/Win7-1226-09/Win7-1226-09/Driver/amcap.exe
unpack001/Win7-1226-09/Win7-1226-09/Driver/usbVM31b.sys
unpack002/DotNetInstaller.exe
unpack002/IKernel.dll
unpack002/IScript.dll
unpack002/IUser.dll
unpack002/ctor.dll
unpack002/objectps.dll

Files

Win7-1226-09.zip
.zip
Win7-1226-09/Win7-1226-09/AutoRun.inf
Win7-1226-09/Win7-1226-09/Driver/Domino.exe
.exe windows:4 windows x86 arch:x86

62239210a546eea9eff75aae6793eb8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLastError
CreateMutexA
UnmapViewOfFile
MapViewOfFile
Sleep
CreateFileMappingA
GetSystemTime
SetFilePointer
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP

user32

DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RegisterDeviceNotificationA
UnregisterDeviceNotification
RegisterClassExA
CreateWindowExA
PostQuitMessage
DefWindowProcA

ole32

CoUninitialize
CreateBindCtx
CoGetMalloc
CoCreateInstance
CoInitialize
MkParseDisplayName

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/StillCap.exe
.exe windows:4 windows x86 arch:x86

974207a4b6619c68711084ebf8d24589

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\VimicroWork\WorkSpace\30xStreasmBase\VM30xCap\VM30xCap\Release\VM30xCap.pdb

Imports

kernel32

GetCurrentProcessId
Sleep
lstrlenA
GetWindowsDirectoryA
DeleteFileA
GetCurrentDirectoryA
lstrcpyA
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetEndOfFile
GetCPInfo
GetOEMCP
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetFileType
SetHandleCount
InterlockedExchange
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
WriteFile
ReadFile
CloseHandle
SetUnhandledExceptionFilter
VirtualQuery
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
GetCommandLineA
GetStartupInfoA
GetFileAttributesA
GetLastError
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
HeapFree
ExitProcess
RtlUnwind
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapAlloc

user32

ReleaseDC
GetDC
GetSystemMetrics
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
ClientToScreen
GetWindowRect
MoveWindow
BringWindowToTop
SetForegroundWindow
BeginPaint
EndPaint
LoadMenuA
DispatchMessageA
GetMessageA
TranslateMessage
SetCursor
DestroyWindow
PostQuitMessage
DefWindowProcA
RegisterClassA
MessageBoxA
CreateWindowExA
SetWindowPos
GetClientRect

gdi32

DeleteDC
StretchDIBits
CreateDCA
GetDeviceCaps
BitBlt
CreateDIBSection
CreateCompatibleDC
SelectObject
SetBkMode
GetStockObject
DeleteObject

comdlg32

GetSaveFileNameA

shell32

ShellExecuteA

ole32

MkParseDisplayName
CreateBindCtx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysStringLen

msvfw32

DrawDibOpen
DrawDibClose
DrawDibDraw

ksproxy.ax

KsSynchronousDeviceControl

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/VM301Snap.exe
.exe windows:4 windows x86 arch:x86

2e71bb852040a96e70c55401d0633457

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemTime
CreateProcessA
SetFilePointer
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
CreateMutexA
GetLastError
CloseHandle
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW

user32

PostQuitMessage
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RegisterDeviceNotificationA
UnregisterDeviceNotification
RegisterClassExA
CreateWindowExA
KillTimer
SetTimer
DefWindowProcA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize
CoUninitialize
MkParseDisplayName
CoGetMalloc
CoCreateInstance
CreateBindCtx

oleaut32

SysFreeString
SysAllocString

ksproxy.ax

KsSynchronousDeviceControl

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/VM31bPrp.Ax
.dll regsvr32 windows:4 windows x86 arch:x86

2be8f7c8b481e0acaed125c2b96383c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17
CreatePropertySheetPageA

ksproxy.ax

KsSynchronousDeviceControl

kernel32

GetCurrentThreadId
LoadLibraryA
MultiByteToWideChar
GetProcAddress
SetErrorMode
lstrlenA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
CreateThread
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
ResetEvent
GetModuleHandleA
CreateSemaphoreA
WideCharToMultiByte
GetACP
FreeLibrary
SetThreadPriority
InterlockedIncrement
GetCurrentThread
WaitForMultipleObjects
GetTickCount
lstrcmpiA
DuplicateHandle
GetCurrentProcess
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
DisableThreadLibraryCalls
GetVersionExA
CreateEventA
WaitForSingleObject
CloseHandle
GetLastError
SetEvent
GetThreadPriority

winmm

timeSetEvent
timeGetTime

user32

PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
wsprintfA
GetQueueStatus
DispatchMessageA
GetWindowRect
LoadStringW
DefWindowProcA
DestroyWindow
GetDesktopWindow
InvalidateRect
MoveWindow
CreateDialogParamA
GetParent
PostMessageA
SetWindowLongA
GetDlgCtrlID
GetWindowLongA
GetDlgItem
SetWindowTextA
SendDlgItemMessageA
CheckRadioButton
EnableWindow
ShowWindow
LoadStringA
SendMessageA

advapi32

RegSetValueA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

ole32

CoInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize

oleaut32

SysFreeString
SysAllocString

msvcrt

_ftol
free
??2@YAPAXI@Z
malloc
??3@YAXPAX@Z
_except_handler3
_CIpow
sprintf
__CxxFrameHandler
_purecall
__dllonexit
_onexit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VFWWDMExtension

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/VM31bSTI.dll
.dll windows:4 windows x86 arch:x86

fb3b85861a25386995475799b63c8a90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
DeleteFileA
GetLastError
ReadFile
CreateFileA
GetWindowsDirectoryA
Sleep
GetVersion
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetEnvironmentStringsW
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
GetStringTypeW
RtlUnwind
GetCommandLineA
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapFree
ExitProcess
TerminateProcess
CreateEventA
SetHandleCount
GetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetStringTypeA
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

GetClientRect

ole32

CoTaskMemFree
CoCreateInstance
CreateBindCtx
MkParseDisplayName
CoInitialize
CoUninitialize

oleaut32

OleCreatePropertyFrame

ksproxy.ax

KsSynchronousDeviceControl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
_DllEntryPoint@12
_DllMain@12

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/VM31bTWN.DS
.dll windows:4 windows x86 arch:x86

87ae6c71a1ed229a04a0852ff9f16a68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_Remove
ImageList_Create
ImageList_Add

sti

StiCreateInstanceW

gdi32

Rectangle
CreatePen
CreateSolidBrush
SetStretchBltMode
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject
StretchDIBits

kernel32

GetLastError
ReadFile
CreateFileA
Sleep
GetWindowsDirectoryA
WaitForSingleObject
SetEvent
WriteFile
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
_lread
GlobalUnlock
GlobalLock
GlobalAlloc
_llseek
_lclose
GlobalFree
GlobalReAlloc
OpenFile
lstrcpynA
_lwrite
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
FindNextFileA
FindFirstFileA
GetFileSize
GlobalHandle
CopyFileA
CreateMutexA
ReleaseMutex
DeleteFileA
UnmapViewOfFile
CloseHandle
OpenFileMappingA
LocalFree
GetCurrentProcessId
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
ResetEvent
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetCurrentThread
WaitForMultipleObjects
GetTickCount
CreateSemaphoreA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetSystemInfo
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentProcess
TerminateProcess
VirtualQuery
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
ExitProcess
GetCommandLineA
HeapAlloc
RtlUnwind
HeapFree
CreateThread
SetConsoleCtrlHandler
VirtualProtect
MapViewOfFile

user32

wvsprintfA
MsgWaitForMultipleObjects
wsprintfA
GetClientRect
PostThreadMessageA
RegisterWindowMessageA
LoadStringA
IsDialogMessageA
KillTimer
SetTimer
ShowWindow
SetPropA
EndDialog
FindWindowA
MessageBoxA
DispatchMessageA
UnregisterClassA
GetQueueStatus
GetPropA
DialogBoxParamA
SetWindowTextA
PeekMessageA
FindWindowExA
FillRect
GetCursorPos
LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
SetFocus
CheckDlgButton
MoveWindow
SetDlgItemTextA
InvalidateRect
GetDC
LoadImageA
DefWindowProcA
GetWindowRect
SetWindowPos
GetSysColor
GetDlgItem
SendMessageA
EnableWindow
CreateDialogParamA
PostMessageA
DestroyWindow

comdlg32

GetFileTitleA
GetSaveFileNameA

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueExA

ole32

CoTaskMemFree
CoInitialize
MkParseDisplayName
CoUninitialize
GetRunningObjectTable
CreateItemMoniker
CreateBindCtx
CoCreateInstance
CoTaskMemAlloc
CoGetMalloc

oleaut32

OleCreatePropertyFrame
SysAllocString
SysFreeString
SysStringLen

winmm

timeSetEvent
timeGetTime

Exports

Exports

DS_Entry

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/VM31bTXP.DS
.dll windows:4 windows x86 arch:x86

87ae6c71a1ed229a04a0852ff9f16a68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_Remove
ImageList_Create
ImageList_Add

sti

StiCreateInstanceW

gdi32

Rectangle
CreatePen
CreateSolidBrush
SetStretchBltMode
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject
StretchDIBits

kernel32

GetLastError
ReadFile
CreateFileA
Sleep
GetWindowsDirectoryA
WaitForSingleObject
SetEvent
WriteFile
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
_lread
GlobalUnlock
GlobalLock
GlobalAlloc
_llseek
_lclose
GlobalFree
GlobalReAlloc
OpenFile
lstrcpynA
_lwrite
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
FindNextFileA
FindFirstFileA
GetFileSize
GlobalHandle
CopyFileA
CreateMutexA
ReleaseMutex
DeleteFileA
UnmapViewOfFile
CloseHandle
OpenFileMappingA
LocalFree
GetCurrentProcessId
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
ResetEvent
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetCurrentThread
WaitForMultipleObjects
GetTickCount
CreateSemaphoreA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetSystemInfo
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentProcess
TerminateProcess
VirtualQuery
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
ExitProcess
GetCommandLineA
HeapAlloc
RtlUnwind
HeapFree
CreateThread
SetConsoleCtrlHandler
VirtualProtect
MapViewOfFile

user32

wvsprintfA
MsgWaitForMultipleObjects
wsprintfA
GetClientRect
PostThreadMessageA
RegisterWindowMessageA
LoadStringA
IsDialogMessageA
KillTimer
SetTimer
ShowWindow
SetPropA
EndDialog
FindWindowA
MessageBoxA
DispatchMessageA
UnregisterClassA
GetQueueStatus
GetPropA
DialogBoxParamA
SetWindowTextA
PeekMessageA
FindWindowExA
FillRect
GetCursorPos
LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
SetFocus
CheckDlgButton
MoveWindow
SetDlgItemTextA
InvalidateRect
GetDC
LoadImageA
DefWindowProcA
GetWindowRect
SetWindowPos
GetSysColor
GetDlgItem
SendMessageA
EnableWindow
CreateDialogParamA
PostMessageA
DestroyWindow

comdlg32

GetFileTitleA
GetSaveFileNameA

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueExA

ole32

CoTaskMemFree
CoInitialize
MkParseDisplayName
CoUninitialize
GetRunningObjectTable
CreateItemMoniker
CreateBindCtx
CoCreateInstance
CoTaskMemAlloc
CoGetMalloc

oleaut32

OleCreatePropertyFrame
SysAllocString
SysFreeString
SysStringLen

winmm

timeSetEvent
timeGetTime

Exports

Exports

DS_Entry

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/VM31bx64.sys
.sys windows:5 windows x64 arch:x64

4dcbb1d06aad24903db576d9aa48d2d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\vimicrowork\workspace\30xstreasmbase\301pl\zc301pl_src_070325\amd64\VM31bx64.pdb

Imports

ntoskrnl.exe

KeInitializeEvent
ExFreePool
ExAllocatePoolWithTag
DbgPrint
ZwCreateKey
RtlInitUnicodeString
ZwClose
ZwQueryValueKey
ZwSetValueKey
IoOpenDeviceRegistryKey
swprintf
KeWaitForSingleObject
ZwWriteFile
ZwCreateFile
ObfDereferenceObject
PsTerminateSystemThread
KeSetEvent
KeClearEvent
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
IofCallDriver
IoBuildSynchronousFsdRequest
KeBugCheckEx
ExInterlockedInsertHeadList
IoBuildDeviceIoControlRequest
KeCancelTimer
ZwReadFile
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeInitializeSemaphore
RtlFreeUnicodeString
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
ExQueueWorkItem
RtlCompareMemory
KeReleaseSemaphore
IoFreeIrp
IoCancelIrp
IoAllocateIrp
KeDelayExecutionThread
ExInterlockedRemoveHeadList
ExInterlockedInsertTailList
KeSetTimer
KeInitializeDpc
KeInitializeTimerEx

stream.sys

StreamClassDeviceNotification
StreamClassStreamNotification
StreamClassQueryMasterClockSync
StreamClassRegisterAdapter

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/VMCap.exe
.exe windows:4 windows x86 arch:x86

7582b624c03881e25af80e13f09afb95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileA
GetWindowsDirectoryA
WriteFile
CopyFileA
GetCurrentDirectoryA
lstrcatA
lstrcpyA
LocalFree
GetModuleHandleA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
SetEvent
GetLastError
GetSystemInfo
VirtualProtect
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LCMapStringW
LCMapStringA
SetFilePointer
MultiByteToWideChar
InitializeCriticalSection
FlushFileBuffers
CloseHandle
DeleteFileA
Sleep
SetStdHandle
VirtualQuery
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
RaiseException
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
ExitProcess
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
WideCharToMultiByte
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
DeleteCriticalSection

user32

TranslateAcceleratorA
TranslateMessage
DispatchMessageA
TrackPopupMenu
GetMessageA
GetClientRect
GetSubMenu
LoadMenuA
EndDialog
BeginPaint
GetWindowRect
SetWindowPos
EndPaint
PostQuitMessage
DefWindowProcA
ClientToScreen
UpdateWindow
DestroyWindow
DialogBoxParamA
CreateWindowExA
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
MessageBoxA
LoadStringA
GetSystemMenu
LoadAcceleratorsA
GetMenu
EnableMenuItem
InvalidateRect
PostMessageA

gdi32

CreateCompatibleBitmap
SelectObject
SetPixel
StretchBlt
DeleteObject
DeleteDC
CreateCompatibleDC

comdlg32

GetSaveFileNameA

ole32

MkParseDisplayName
CreateBindCtx
CoInitialize
CoUninitialize
CoCreateInstance
CoGetMalloc

oleaut32

SysAllocString
SysStringLen
SysFreeString

ksproxy.ax

KsSynchronousDeviceControl

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/amcap.exe
.exe windows:4 windows x86 arch:x86

7bbfa0a1f1b31b83795b700ad59128ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__set_app_type
__p__fmode
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
__p__commode
atof
_ftol
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
atol
sprintf
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit

kernel32

LoadLibraryA
GetStartupInfoA
GetModuleHandleA
CreateFileA
GetFileSize
CloseHandle
GetFullPathNameA
OpenFile
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
MulDiv
lstrcatA
lstrcpyA
GetProfileIntA
GetProfileStringA
WriteProfileStringA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
lstrcpynA
lstrlenA

user32

GetSystemMetrics
GetClientRect
EndPaint
BeginPaint
MoveWindow
wsprintfA
PostQuitMessage
SetWindowPos
GetWindowRect
InvalidateRect
SetTimer
KillTimer
SetFocus
AppendMenuA
RemoveMenu
GetSubMenu
GetMenu
PostMessageA
EnableMenuItem
CreateWindowExA
wvsprintfA
EndDialog
UpdateWindow
EnableWindow
MessageBeep
GetAsyncKeyState
GetDlgItem
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
IsCharAlphaNumericA
IsCharAlphaA
GetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
GetSysColor
LoadStringA
GetWindowLongA
GetWindowTextA
CheckMenuItem
DispatchMessageA
SetWindowTextA
ShowWindow
TranslateMessage
WaitMessage
LoadAcceleratorsA
LoadCursorA
LoadIconA
RegisterClassA
GetDC
ReleaseDC
DialogBoxParamA
MessageBoxA
CreatePopupMenu
PeekMessageA
TranslateAcceleratorA
DefWindowProcA

gdi32

PatBlt
SetBkColor
SetTextColor
ExtTextOutA
GetTextMetricsA
DeleteObject
CreateSolidBrush
CreateFontA
GetStockObject
SelectObject

comdlg32

GetOpenFileNameA

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

winmm

timeGetTime

msacm32

acmMetrics
acmFormatChooseA

olepro32

ord250

oleaut32

SysFreeString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/usbVM31b.sys
.sys windows:5 windows x86 arch:x86

f11e7d57fa7f71bc130680d34f6cf0cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\vimicrowork\workspace\30xstreasmbase\301pl\zc301pl_src_070325\i386\usbVM31b.pdb

Imports

ntoskrnl.exe

ZwCreateKey
RtlInitUnicodeString
ZwClose
ZwQueryValueKey
ZwSetValueKey
IoOpenDeviceRegistryKey
swprintf
wcscat
wcscpy
KeWaitForSingleObject
ZwWriteFile
ZwCreateFile
ObfDereferenceObject
PsTerminateSystemThread
KeSetEvent
KeClearEvent
DbgPrint
KeGetCurrentThread
ObReferenceObjectByHandle
PsCreateSystemThread
IofCallDriver
IoBuildSynchronousFsdRequest
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
ExfInterlockedInsertHeadList
InterlockedIncrement
ZwReadFile
KeInitializeSpinLock
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeInitializeSemaphore
RtlFreeUnicodeString
ExFreePool
KeSetPriorityThread
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
ExQueueWorkItem
KeInitializeEvent
RtlCompareMemory
KeReleaseSemaphore
IoFreeIrp
IoCancelIrp
IoAllocateIrp
KeDelayExecutionThread
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
KeSetTimer
KeInitializeDpc
KeInitializeTimerEx
KeCancelTimer
IoBuildDeviceIoControlRequest
InterlockedDecrement

stream.sys

StreamClassDeviceNotification
StreamClassStreamNotification
StreamClassQueryMasterClockSync
StreamClassRegisterAdapter

hal

KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/Driver/usbvm31b.cat
Win7-1226-09/Win7-1226-09/Driver/usbvm31b.inf
Win7-1226-09/Win7-1226-09/ViewTouch.ico
Win7-1226-09/Win7-1226-09/data1.cab
Win7-1226-09/Win7-1226-09/data1.hdr
Win7-1226-09/Win7-1226-09/data2.cab
Win7-1226-09/Win7-1226-09/engine32.cab
.cab
DotNetInstaller.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IKernel.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5f64620508095e65ea726dd0ea90801d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
Sleep
CreateProcessA
lstrcmpA
CreateFileA
ReadFile
SetFilePointer
SystemTimeToFileTime
GetSystemTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
CompareStringA
CompareStringW
GetVersionExA
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
QueryPerformanceFrequency
CreateEventA
GetFileSize
GetFileTime
LoadLibraryExA
SearchPathA
FreeLibrary
WaitForSingleObject
GetDiskFreeSpaceA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
GetCurrentProcessId
GetVersion
GetPrivateProfileSectionA
GetShortPathNameA
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
SetEvent
LockResource
LoadResource
SizeofResource
FindResourceA
SetFileAttributesA
RemoveDirectoryA
SetFileTime
GetCurrentProcess
WritePrivateProfileStringA
GetSystemDirectoryA
WinExec
MoveFileExA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
OpenEventA
MoveFileA
ResetEvent
CloseHandle
DeleteFileA
GetPrivateProfileIntA
SetEndOfFile
CopyFileA
CreateDirectoryA
GetFileAttributesA
SetLastError
FindFirstFileA
lstrcmpiA
FindClose
FindNextFileA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
WideCharToMultiByte
lstrcpyA
MultiByteToWideChar
lstrlenA
GetLastError
LoadLibraryA
TerminateProcess
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
LCMapStringW
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
GetCommandLineA
ExitThread
TlsSetValue
GetCurrentThreadId
CreateThread
HeapFree
HeapAlloc
RaiseException
RtlUnwind
QueryPerformanceCounter
lstrcpynA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
GetCurrentThread
GetLocalTime
lstrcatA
InterlockedExchange
HeapSize
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
HeapReAlloc

user32

LoadStringA
wsprintfA
CharUpperA
GetDesktopWindow
PostThreadMessageA
PeekMessageA
CharLowerBuffA
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
ExitWindowsEx
MsgWaitForMultipleObjects

advapi32

SetFileSecurityA
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
RegEnumValueA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
GetFileSecurityA
IsValidSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegQueryValueA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
ProgIDFromCLSID
WriteClassStm
OleLoadFromStream
CreateStreamOnHGlobal
StgCreateDocfile
StgOpenStorage
StringFromCLSID
CoLoadLibrary
CoCreateGuid
CLSIDFromString
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
StringFromGUID2
OleSaveToStream

oleaut32

LoadTypeLi
RegisterTypeLi
SafeArrayGetDim
SafeArrayCopy
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringByteLen
SysStringByteLen
SafeArrayCreate
SafeArrayGetElement
SafeArrayDestroy
SafeArrayPutElement
VariantChangeType
LoadRegTypeLi
SysReAllocStringLen
CreateErrorInfo
SetErrorInfo
VariantInit
VariantCopyInd
VariantCopy
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantClear
GetErrorInfo

rpcrt4

UuidFromStringA
UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 528KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISProBE9x.tlb
ISProBENT.tlb
IScript.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6f1e442e99ecd6e234e7486a4f7605c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetShortPathNameA
GetModuleHandleA
lstrlenW
GetModuleFileNameA
lstrcmpiA
HeapDestroy
CloseHandle
UnmapViewOfFile
ReadFile
CreateFileA
MultiByteToWideChar
CreateEventA
GetFileSize
FindClose
FindFirstFileA
GetFileAttributesA
WaitForSingleObject
SetEvent
FreeLibrary
LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
SetEndOfFile
LocalFree
InterlockedIncrement
FormatMessageA
WideCharToMultiByte
SetLastError
QueryPerformanceFrequency
GetLastError
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
WriteFile
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
Sleep
InterlockedExchange
GetCurrentProcessId
GetVersion
GetWindowsDirectoryA
GetLocalTime
CompareStringA
CompareStringW
GetVersionExA
lstrcatA
MapViewOfFile
CreateFileMappingA
VirtualQuery
VirtualProtect
SearchPathA
lstrcpyA
lstrcpynA
ResetEvent
GetTickCount
QueryPerformanceCounter
SystemTimeToFileTime
RaiseException
RtlUnwind
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
HeapFree
HeapAlloc
ExitProcess
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue

user32

PostThreadMessageA
CharLowerBuffA
DispatchMessageA
wsprintfA
LoadStringA
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA

ole32

StringFromCLSID
CoCreateInstance
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitialize
ProgIDFromCLSID
CoTaskMemFree

oleaut32

VariantInit
VariantClear
GetErrorInfo
VariantCopy
SysStringByteLen
SysAllocStringByteLen
DispGetParam
VariantCopyInd
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysAllocStringLen
SafeArrayDestroy
SysFreeString
SysStringLen
SysReAllocStringLen
VariantChangeType
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IUser.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d89d274a7d484299528791b70cefabc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
HeapDestroy
GetTickCount
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
lstrlenW
GetShortPathNameA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
WriteFile
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
TerminateProcess
ExitProcess
HeapAlloc
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
RaiseException
HeapFree
GetCommandLineA
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
WaitForSingleObject
lstrcpynA
InitializeCriticalSection
DisableThreadLibraryCalls
lstrcmpiA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
lstrcatA
LoadLibraryA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GetEnvironmentVariableA
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
SetLastError
lstrlenA
GetFileAttributesA
GetLastError
HeapCreate
CreateFileMappingA
MapViewOfFile
GetFileSize
UnmapViewOfFile
SearchPathA
VirtualProtect
VirtualQuery
ReadFile
GetVersionExA
CompareStringW
CompareStringA
CloseHandle
CreateEventA
QueryPerformanceFrequency
CreateFileA
LocalFree
FormatMessageA
Sleep
InterlockedExchange
GetCurrentProcessId
GetVersion
GetWindowsDirectoryA
GetLocalTime
FindClose
FindFirstFileA

user32

wsprintfA
ScreenToClient
GetWindowRect
CopyRect
OffsetRect
DrawTextA
GetDlgCtrlID
GetDlgItemTextA
GetWindowDC
EnumChildWindows
IntersectRect
GetClassNameA
MessageBeep
BeginPaint
EndPaint
SendMessageA
UpdateWindow
GetWindow
SystemParametersInfoA
MapWindowPoints
CreateDialogIndirectParamA
GetWindowPlacement
ClientToScreen
SetFocus
SetDlgItemTextA
GetParent
InvalidateRect
DialogBoxParamA
GetSystemMenu
RemoveMenu
LoadStringA
AppendMenuA
GetClientRect
GetClassInfoExA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
CallWindowProcA
DefWindowProcA
CreateWindowExA
LoadIconA
ShowWindow
SetWindowRgn
IsIconic
DestroyWindow
GetDesktopWindow
EnableWindow
SetCapture
LoadCursorA
SetCursor
ReleaseCapture
SetWindowTextA
IsWindow
GetDC
ReleaseDC
GetWindowLongA
SetWindowLongA
SetWindowPos
MoveWindow
GetDlgItem
GetSysColor
FillRect
CharLowerBuffA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
BitBlt
DeleteDC
DeleteMetaFile
GetTextExtentPoint32A
GetStockObject
Rectangle
CreateRectRgn
GetDeviceCaps
CreateFontIndirectA
CreateSolidBrush
DeleteObject
SaveDC
SelectObject
SetBkMode
SetTextColor
TextOutA
RestoreDC
EnumFontFamiliesExA

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA

ole32

StringFromCLSID
CoTaskMemFree
ProgIDFromCLSID

oleaut32

GetErrorInfo
CreateErrorInfo
SetErrorInfo
SysReAllocStringLen
SysStringLen
SysAllocStringLen
LoadRegTypeLi
SysAllocString
SysFreeString

winmm

sndPlaySoundA
mciSendCommandA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ctor.dll
.dll regsvr32 windows:4 windows x86 arch:x86

61cdbca8ee8bf07c986e768398ee2479

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CopyFileA
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
SetLastError
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
CompareStringA
CompareStringW
GetShortPathNameA
CreateEventA
HeapDestroy
LoadLibraryA
lstrcatA
DeleteFileA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
GetFileAttributesA
GetTempFileNameA
GetCurrentProcessId
GetSystemDirectoryA
DebugBreak
HeapReAlloc
HeapFree
GetCurrentThread
GetVersion
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryExA
FreeLibrary
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
CreateProcessA
CloseHandle
Sleep
lstrlenA
lstrcpyA
GetModuleFileNameA
GetModuleHandleA
lstrcmpiA
GetProcAddress
GetCurrentProcess

user32

WaitForInputIdle
CharUpperA
MessageBoxA
LoadStringA
PeekMessageA
MsgWaitForMultipleObjects
CharNextA
wsprintfA

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegOpenKeyExA

ole32

GetRunningObjectTable
CreateItemMoniker
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoCreateInstance
CLSIDFromString
CoReleaseMarshalData
ProgIDFromCLSID
CoMarshalInterThreadInterfaceInStream
CoLoadLibrary

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantChangeType
VariantCopy
LoadTypeLi
VariantClear
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LaunchSetup

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iKernel.rgs
objectps.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d00bdfbf9f57dcbb8a80a384e93f5c3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
RtlUnwind

rpcrt4

NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrProxyErrorHandler
NdrClearOutParameters
NdrProxyFreeBuffer
NdrPointerUnmarshall
NdrConvert
NdrProxySendReceive
NdrOleFree
NdrProxyGetBuffer
NdrSimpleStructBufferSize
RpcRaiseException
NdrProxyInitialize
NdrPointerFree
NdrPointerMarshall
NdrStubGetBuffer
NdrPointerBufferSize
NdrSimpleStructUnmarshall
NdrStubInitialize
NdrInterfacePointerMarshall
NdrInterfacePointerBufferSize
NdrInterfacePointerFree
NdrInterfacePointerUnmarshall
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrSimpleStructMarshall

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.orpc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 834B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/layout.bin
Win7-1226-09/Win7-1226-09/setup.exe
.exe windows:4 windows x86 arch:x86

12a7de265887ccf463fc183fd8d4696c

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

01
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

1e:d8:2f
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

06/08/2003, 21:02

Not After

05/08/2004, 21:02

Subject

CN=InstallShield Software Corporation,OU=Research and Development,O=InstallShield Software Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerInstallFileA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
GetVersionExA
DeleteFileA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
GetFileAttributesA
GetTempFileNameA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcpyA
LockResource
LoadResource
FindResourceA
GetModuleHandleA
SetErrorMode
FreeLibrary
RemoveDirectoryA
LeaveCriticalSection
EnterCriticalSection
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
SetEvent
OpenEventA
GetLastError
GetCurrentThreadId
HeapAlloc
GetSystemInfo
HeapCreate
lstrcpynA
lstrcatA
WritePrivateProfileStringA
FindClose
FindFirstFileA
SetFilePointer
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetFileSize
GetSystemDefaultLangID
MoveFileA
FindResourceExA
HeapDestroy
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SizeofResource
GetStartupInfoA
ExitProcess
GetCommandLineA
DebugBreak
HeapReAlloc
HeapFree
VirtualQuery
VirtualProtect
SearchPathA
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
SetLastError
GetCurrentThread
GetVersion
IsBadReadPtr
lstrcmpiA
GetPrivateProfileIntA
GetPrivateProfileStringA
MultiByteToWideChar
ReadFile
Sleep
WriteFile
CloseHandle
CreateEventA
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetModuleFileNameA
CreateDirectoryA
CreateProcessA
GetCurrentProcess

user32

MsgWaitForMultipleObjects
LoadStringA
CharNextA
MessageBoxA
CharLowerBuffA
ScreenToClient
MoveWindow
KillTimer
DestroyWindow
GetWindowTextA
SetTimer
SetWindowRgn
PeekMessageA
SetActiveWindow
ShowWindow
EndDialog
SetWindowTextA
GetDlgItem
SendMessageA
SetDlgItemTextA
LoadIconA
GetWindowRect
SystemParametersInfoA
SetWindowPos
wsprintfA
GetDesktopWindow
CharUpperA
PostThreadMessageA
CreateDialogIndirectParamA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetDC
DialogBoxIndirectParamA
ReleaseDC

gdi32

DeleteObject
GetObjectA
CreateFontIndirectA
LPtoDP
GetTextExtentPoint32A

advapi32

RegEnumKeyExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
OpenThreadToken
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
FreeSid
EqualSid

ole32

CoTaskMemFree
StringFromGUID2
GetRunningObjectTable
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
StringFromCLSID

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
VariantCopy
VariantClear
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen

lz32

LZCopy
LZOpenFileA
LZClose

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win7-1226-09/Win7-1226-09/setup.ibt
Win7-1226-09/Win7-1226-09/setup.ini
Win7-1226-09/Win7-1226-09/setup.inx

Sharing

General

Malware Config

Signatures

Files

62239210a546eea9eff75aae6793eb8a

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 864B

974207a4b6619c68711084ebf8d24589

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

msvfw32

ksproxy.ax

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 10KB

2e71bb852040a96e70c55401d0633457

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ksproxy.ax

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 1KB

2be8f7c8b481e0acaed125c2b96383c3

Headers

File Characteristics

Imports

comctl32

ksproxy.ax

kernel32

winmm

user32

advapi32

ole32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 6KB

.idata Size: 8KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 260B

.rsrc Size: 56KB - Virtual size: 52KB

.reloc Size: 8KB - Virtual size: 6KB

fb3b85861a25386995475799b63c8a90

Headers

File Characteristics

Imports

kernel32

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 864B

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 260B

.rsrc
Size: 56KB - Virtual size: 52KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 9KB

.shared
Size: 4KB - Virtual size: 288B

.rsrc
Size: 4KB - Virtual size: 632B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 68KB - Virtual size: 82KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 68KB - Virtual size: 82KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1.3MB - Virtual size: 1.3MB