AddEventHandler
Unload
UnsetEventHandler
WhichButtonId
Overview
overview
4Static
static
3de17ee6d5e...70.exe
windows7-x64
3de17ee6d5e...70.exe
windows10-2004-x64
3$PLUGINSDIR/$0.rtf
windows7-x64
4$PLUGINSDIR/$0.rtf
windows10-2004-x64
1$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...lp.dll
windows7-x64
1$PLUGINSDI...lp.dll
windows10-2004-x64
1$PLUGINSDI...ce.dll
windows7-x64
1$PLUGINSDI...ce.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
1$PLUGINSDI...st.dll
windows10-2004-x64
1bin/10.2.2...lp.dll
windows7-x64
1bin/10.2.2...lp.dll
windows10-2004-x64
1Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
de17ee6d5ecba3c5518a3ccbb26dbc70.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
de17ee6d5ecba3c5518a3ccbb26dbc70.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/$0.rtf
Resource
win7-20240215-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/$0.rtf
Resource
win10v2004-20240226-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Install.dll
Resource
win7-20240215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Install.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/LaunchHelp.dll
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/LaunchHelp.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
$PLUGINSDIR/Resource.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
$PLUGINSDIR/Resource.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral15
Sample
$PLUGINSDIR/Uninst.dll
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral16
Sample
$PLUGINSDIR/Uninst.dll
Resource
win10v2004-20240319-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral17
Sample
bin/10.2.215.0/LaunchHelp.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral18
Sample
bin/10.2.215.0/LaunchHelp.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
de17ee6d5ecba3c5518a3ccbb26dbc70
-
Size
606KB
-
MD5
de17ee6d5ecba3c5518a3ccbb26dbc70
-
SHA1
69636e8984c7b059282dff113eaa71ea79da048d
-
SHA256
afc51353d8513f8926a21fd6a096378206c03e552d173a74eae46aa29ed6f9c6
-
SHA512
9745f14c931c01ff660c0b48ab1835904e45099b0038abef405eb528021d75e073de782c4371cf7a02112d15cc6f90b42609b583c8d5de0b6f89bb85dd6aae38
-
SSDEEP
12288:3PiJTnP+/l+rSGN846ZPBqyo1GIirU0fkJnObELni4uS/Bv+fwfg:3aBGIT9Q5qT1GIP0aE0n/F/w4fg
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource de17ee6d5ecba3c5518a3ccbb26dbc70 unpack001/$PLUGINSDIR/ButtonEvent.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/Uninst.dll -
NSIS installer 1 IoCs
resource yara_rule sample nsis_installer_1
Files
-
de17ee6d5ecba3c5518a3ccbb26dbc70.exe windows:4 windows x86 arch:x86
9c523d8653da5455667e3f82274f2f88
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess
user32
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 40KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/$0.rtf
-
$PLUGINSDIR/ButtonEvent.dll.dll windows:4 windows x86 arch:x86
0ece15e7d9bb35972aec701f46192460
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree
user32
PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA
Exports
Exports
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 503B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 220B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/FreePaid_Hotbar.ini
-
$PLUGINSDIR/Install.dll.dll windows:4 windows x86 arch:x86
137af684153d6f5c39d0f95313bac764
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before14/02/2008, 00:00Not After12/05/2010, 23:59SubjectCN=Zango,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Zango,O=Zango,L=Bellevue,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
19:0e:f3:63:a1:f3:d5:01:cb:43:65:6d:f2:31:55:49:47:50:71:07Signer
Actual PE Digest19:0e:f3:63:a1:f3:d5:01:cb:43:65:6d:f2:31:55:49:47:50:71:07Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
e:\080523_013428_build_LABATT\Client_Build_LABATT_10.2.215.0\compile\source_sa\Bin\release\Install.pdb
Imports
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptHashData
RegCreateKeyExA
LookupAccountNameA
ConvertSidToStringSidA
CryptAcquireContextA
rpcrt4
UuidCreate
kernel32
FindFirstFileA
FreeLibrary
GetProcAddress
LocalFree
FormatMessageA
LocalAlloc
LoadLibraryA
CloseHandle
Sleep
TerminateProcess
WaitForSingleObject
OpenProcess
CreateDirectoryA
GetCurrentProcessId
DeleteFileA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
SetEvent
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
WriteFile
SetFilePointer
CreateFileA
OutputDebugStringA
GetLocalTime
GetShortPathNameA
ReadFile
GetFileSize
GetWindowsDirectoryA
GetFileAttributesA
GetTickCount
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
ResumeThread
CreateThread
InterlockedIncrement
InterlockedDecrement
FindNextFileA
GetCurrentProcess
GetModuleHandleA
GetPrivateProfileStringA
LoadLibraryExA
SetLastError
GetComputerNameA
GetDriveTypeA
GetVolumeInformationA
SetErrorMode
GetComputerNameExA
GetSystemDirectoryA
GetOEMCP
GetACP
GetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
DosDateTimeToFileTime
GetProcessHeap
HeapFree
HeapAlloc
WritePrivateProfileStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
FindClose
lstrlenA
GetVersion
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
FlushFileBuffers
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetLocaleInfoA
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
VirtualAlloc
RtlUnwind
GetCommandLineA
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
IsValidCodePage
user32
wsprintfA
SendMessageA
FindWindowA
UnregisterClassA
shell32
SHGetFolderPathA
ole32
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
oleaut32
VariantClear
SysFreeString
VariantInit
SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
shlwapi
PathIsDirectoryA
PathFileExistsA
Exports
Exports
AddHiJackThis
ClearPendingRebootFileOperations
CloseClient
CreateDir
CreateMachineID
DecryptString
EncryptString
Get
GetCVFValue
GetClientInfo
GetClientUmt
GetConfigUrl
GetDid
GetEParamStatus
GetInstallerLoc
GetMessaging
GetPartnerId
GetRepairLoc
GetStringResource
GetTempExe
GetUninstallerLoc
InstallerStop
IsElevated
IsNecessaryButNotSufficient
IsPaidHotbar
KeyExists
KillClient
LoadSettingsFromWeb
Log
LogDataStore
ParseCmdLine
RunAsAdmin
RunAsUser
SendHttpRequest
SendTrackedEvent
Set
SetCVFValue
SetClientUmt
SetConfigUrl
SetDid
SetInstallerLoc
SetLogPath
SetMessaging
SetPartnerId
SetRepairLoc
SetUninstallerLoc
ShowDialog
ShowToaster
ShowURLDialog
StartEvent
StopEvent
VerifySignature
VerifySignatureOnParent
Sections
.text Size: 152KB - Virtual size: 150KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/LaunchHelp.dll.dll windows:4 windows x86 arch:x86
c9b6c22a0a6293ba74c4512a6e614440
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before14/02/2008, 00:00Not After12/05/2010, 23:59SubjectCN=Zango,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Zango,O=Zango,L=Bellevue,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
a9:9e:4b:31:37:62:f1:84:f4:cd:f4:57:cd:44:69:d6:7d:54:1e:54Signer
Actual PE Digesta9:9e:4b:31:37:62:f1:84:f4:cd:f4:57:cd:44:69:d6:7d:54:1e:54Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
e:\080523_013428_build_labatt\client_build_labatt_10.2.215.0\compile\source_sa\bin\release\LaunchHelp.pdb
Imports
kernel32
DisableThreadLibraryCalls
GetModuleHandleA
GetVersionExA
CloseHandle
GetProcAddress
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentProcess
GetModuleHandleExA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
user32
SendMessageA
SetWindowsHookExA
UnhookWindowsHookEx
FindWindowA
RegisterWindowMessageA
CallNextHookEx
advapi32
OpenProcessToken
GetTokenInformation
shell32
ShellExecuteExA
Exports
Exports
GetElevationType
IsElevated
IsVista
IsWow64
MyShellExec
RunElevated
RunNonElevated
Sections
.text Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ve_share Size: 4KB - Virtual size: 804B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Resource.dll.dll regsvr32 windows:4 windows x86 arch:x86
7513d455b3fd91f7843f4f743c9321dc
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before14/02/2008, 00:00Not After12/05/2010, 23:59SubjectCN=Zango,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Zango,O=Zango,L=Bellevue,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
b9:e7:b3:56:af:58:6d:d3:a0:92:b9:08:7a:1e:8e:be:c5:24:ed:edSigner
Actual PE Digestb9:e7:b3:56:af:58:6d:d3:a0:92:b9:08:7a:1e:8e:be:c5:24:ed:edDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
e:\080523_013428_build_LABATT\Client_Build_LABATT_10.2.215.0\compile\source_sa\Bin\hotbar_release\Resource.pdb
Imports
kernel32
CloseHandle
TerminateThread
WaitForSingleObject
CreateThread
GetShortPathNameA
CreateProcessA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
CreateFileA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
DeleteFileA
WriteFile
FreeLibrary
LoadLibraryExA
SetThreadLocale
GetThreadLocale
GetTempFileNameA
GetTempPathA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
RtlUnwind
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
ExitProcess
HeapCreate
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
InterlockedExchange
lstrlenA
lstrcmpiA
lstrlenW
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
user32
GetWindowRect
SetRect
PostThreadMessageA
GetDesktopWindow
SendMessageA
GetParent
GetClassNameA
GetCursor
ReleaseCapture
LoadBitmapA
LoadStringA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
GetClassInfoExA
IsWindow
SetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
GetMenu
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
CharNextA
GetSysColor
LoadIconA
LoadCursorA
RegisterClassA
DestroyWindow
DefWindowProcA
PostMessageA
MoveWindow
GetWindowInfo
GetTitleBarInfo
ShowWindow
SetWindowPos
UnregisterClassA
GetWindowLongA
SetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
GetFocus
gdi32
GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
advapi32
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
shell32
SHGetSpecialFolderPathA
ole32
OleUninitialize
OleInitialize
StringFromGUID2
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
oleaut32
SysAllocString
LoadTypeLi
VarUI4FromStr
RegisterTypeLi
SysFreeString
SysStringLen
VariantInit
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysStringByteLen
OleCreateFontIndirect
UnRegisterTypeLi
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetBitmap
GetCursor
GetIcon
GetMenu
GetStringResource
ShowDialog
ShowURLDialog
Sections
.text Size: 104KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 60KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
4ec328f99bdd944fc98d8a5cf11f7a62
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 494B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Uninst.dll.dll windows:4 windows x86 arch:x86
cf9734c50b1b984c9ea50d4b4971ae76
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\tests\nsis\Plugins\Uninst.pdb
Imports
urlmon
CreateURLMoniker
kernel32
GetThreadLocale
GetEnvironmentVariableW
GetVersion
MultiByteToWideChar
GetEnvironmentVariableA
WideCharToMultiByte
lstrlenW
GetLastError
CompareStringW
CompareStringA
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
RaiseException
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcmpA
FindClose
GetLocaleInfoA
MoveFileExA
DeleteFileA
SetFileAttributesA
FindFirstFileA
lstrcatA
GetSystemTime
CloseHandle
WaitForSingleObject
CreateEventA
GlobalFree
lstrcpynA
GlobalAlloc
DeviceIoControl
CreateFileA
GetACP
SetEnvironmentVariableA
FlushFileBuffers
GetLocaleInfoW
SetStdHandle
GetTimeZoneInformation
SetFilePointer
LCMapStringW
LCMapStringA
GetUserDefaultLCID
InterlockedExchange
GetVersionExA
lstrcpyA
FindNextFileA
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetDateFormatA
GetTimeFormatA
IsBadCodePtr
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
SetEvent
OpenEventA
lstrcpyW
OutputDebugStringA
OutputDebugStringW
lstrcpynW
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
UnhandledExceptionFilter
VirtualAlloc
UnmapViewOfFile
IsBadReadPtr
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetModuleFileNameA
DebugBreak
GetStdHandle
WriteFile
RtlUnwind
IsBadWritePtr
HeapValidate
VirtualProtect
VirtualQuery
GetCommandLineA
ExitProcess
FatalAppExitA
TerminateProcess
GetCurrentProcess
GetModuleHandleA
SetConsoleCtrlHandler
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLastError
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetOEMCP
GetCPInfo
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
user32
EnumWindows
PostMessageA
GetClassNameA
wsprintfA
UnregisterClassA
CharUpperA
CharUpperW
CharLowerA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjects
CharLowerW
advapi32
OpenThreadToken
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
oleaut32
SysFreeString
VarBstrCat
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
shlwapi
StrToIntA
ole32
CoRegisterClassObject
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
Exports
Exports
ClosePartnerWindows
CmdLineParamValue
DelTree
DisplayADialog
DisplayXXXDialog
DoesCmdLineContain
GetSysTime
IsIExplorer7
PartnerIsRunning
UniqueID
WaitForEvent
Sections
.text Size: 164KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/modern-header.bmp
-
bin/10.2.215.0/LaunchHelp.dll.dll windows:4 windows x86 arch:x86
c9b6c22a0a6293ba74c4512a6e614440
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before14/02/2008, 00:00Not After12/05/2010, 23:59SubjectCN=Zango,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Zango,O=Zango,L=Bellevue,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
a9:9e:4b:31:37:62:f1:84:f4:cd:f4:57:cd:44:69:d6:7d:54:1e:54Signer
Actual PE Digesta9:9e:4b:31:37:62:f1:84:f4:cd:f4:57:cd:44:69:d6:7d:54:1e:54Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
e:\080523_013428_build_labatt\client_build_labatt_10.2.215.0\compile\source_sa\bin\release\LaunchHelp.pdb
Imports
kernel32
DisableThreadLibraryCalls
GetModuleHandleA
GetVersionExA
CloseHandle
GetProcAddress
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentProcess
GetModuleHandleExA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
user32
SendMessageA
SetWindowsHookExA
UnhookWindowsHookEx
FindWindowA
RegisterWindowMessageA
CallNextHookEx
advapi32
OpenProcessToken
GetTokenInformation
shell32
ShellExecuteExA
Exports
Exports
GetElevationType
IsElevated
IsVista
IsWow64
MyShellExec
RunElevated
RunNonElevated
Sections
.text Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ve_share Size: 4KB - Virtual size: 804B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ