PR[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PR.rar
Size

1.4MB
MD5

196c9f15735d80c6b489442532449d8b
SHA1

6c9eef423afd8d88f725810cd943f312fbc4b4a4
SHA256

efbddf415de6f89ba8a953fdf440a58e2de2f393be2b1ceb5f6cf686ec849fa9
SHA512

b85cdf69be90d1b0033aa7d6a8d1a0b3bf4cdc5e8490caa944370fcbe192e26d2610f3fcabebfa2fbc4827afc7e52d97c332ee64d5bd07565ad4e7c0eabaf488
SSDEEP

24576:3oF+1yF41YZbI8aC7jf12Ik4czncml1kBfdv+GevloC/Qyp/ECjNs:U+1pYiC7TIf4cf1kBVv5+lwypljS

Score

10^/10

Malware Config

Signatures

Nirsoft 3 IoCs

resource	yara_rule
static1/unpack001/PR/LastActivityView.exe	Nirsoft
static1/unpack001/PR/USBDeview.exe	Nirsoft
static1/unpack003/JumpListsView.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PR/Everything.exe

Files

PR.rar
.rar
PR/Everything.exe
.exe windows:4 windows x64 arch:x64

56c81702dac9b101e49bc55d39a0b86d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_GetImageInfo
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx

ws2_32

WSAStartup
socket
setsockopt
WSAAsyncSelect
connect
recv
send
closesocket
WSACleanup
listen
bind
ntohs
getsockname
accept
inet_addr
gethostbyname
htons
htonl
getpeername
WSAGetLastError
shutdown

shlwapi

PathIsRootW
PathRemoveFileSpecW

imm32

ImmGetVirtualKey

kernel32

FlushFileBuffers
FileTimeToSystemTime
GetSystemTime
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
SetFilePointer
GetSystemDefaultLangID
LoadLibraryA
CreateMutexW
SetLastError
Sleep
CopyFileW
SetStdHandle
DeleteFileW
CreateFileW
MoveFileW
MoveFileExW
CreateDirectoryW
GetFileAttributesW
GlobalUnlock
GlobalLock
GetComputerNameW
GetVolumeInformationW
SetErrorMode
GetDiskFreeSpaceW
lstrcpynW
lstrlenW
GetFullPathNameW
GetFileSize
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetDriveTypeW
GlobalAlloc
SetThreadPriority
CreateEventW
GetProcAddress
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
LocalFileTimeToFileTime
SystemTimeToFileTime
QueryPerformanceFrequency
GlobalFree
GetSystemInfo
GetVersionExA
ExpandEnvironmentStringsW
__C_specific_handler
MulDiv
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
QueryDosDeviceW
MultiByteToWideChar
AllocConsole
SetConsoleScreenBufferSize
FreeConsole
GetStdHandle
GetFileType
SetConsoleTextAttribute
WriteFile
CreateThread
GetFileInformationByHandle
FindClose
InitializeCriticalSection
DeleteCriticalSection
GetLocaleInfoW
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
ResetEvent
DeviceIoControl
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetStartupInfoW
ExitProcess
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineW
GetCurrentThreadId
GetModuleHandleW
ReadFile
GetLastError
CloseHandle
WideCharToMultiByte
FileTimeToLocalFileTime
QueryPerformanceCounter
OpenProcess

user32

EmptyClipboard
CopyRect
GetParent
GetWindowTextW
GetWindowTextLengthW
IsZoomed
GetWindowPlacement
IsIconic
BringWindowToTop
SetFocus
SetForegroundWindow
SetActiveWindow
ShowWindow
GetLastActivePopup
GetKeyState
ScreenToClient
ClientToScreen
CheckDlgButton
CreateDialogIndirectParamW
SetMenuItemInfoW
CreatePopupMenu
GetMenuItemCount
DialogBoxIndirectParamW
RegisterClassExW
GetClassInfoExW
DrawTextW
MsgWaitForMultipleObjects
SetTimer
UnregisterHotKey
RegisterHotKey
KillTimer
DestroyMenu
TrackPopupMenu
SetMenuDefaultItem
CreateMenu
GetCursorPos
RegisterWindowMessageA
GetClientRect
GetMessagePos
RedrawWindow
RegisterClipboardFormatW
SetMenu
UpdateWindow
ReleaseCapture
GetCapture
GetAsyncKeyState
IsClipboardFormatAvailable
CallWindowProcW
SetCapture
EqualRect
GetMenuItemInfoW
GetForegroundWindow
ChangeClipboardChain
DrawEdge
DrawFrameControl
GetSubMenu
GetMenu
IsWindowVisible
SetClipboardViewer
GetDoubleClickTime
PtInRect
LoadIconW
SetClipboardData
SetDlgItemInt
GetMenuState
RemoveMenu
GetMenuItemID
GetMenuDefaultItem
EnableMenuItem
ScrollWindowEx
SetScrollInfo
OffsetRect
InvalidateRgn
MessageBeep
SetCursorPos
GetDlgItemInt
GetDlgCtrlID
SendDlgItemMessageW
GetDesktopWindow
ValidateRect
SetWindowTextW
SetWindowLongW
MessageBoxW
InvalidateRect
DeleteMenu
GetWindowLongW
AdjustWindowRect
GetDlgItem
GetWindowRect
MapWindowPoints
GetMonitorInfoW
SystemParametersInfoW
IntersectRect
GetDC
ReleaseDC
MessageBoxA
SetWindowsHookExW
PeekMessageW
WaitMessage
UnhookWindowsHookEx
CallNextHookEx
GetClassNameW
SendMessageW
PostQuitMessage
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
LoadImageW
GetWindowThreadProcessId
GetKeyboardLayoutNameA
SendMessageTimeoutW
DefWindowProcW
DestroyWindow
LoadCursorW
SetCursor
DestroyIcon
PostMessageW
EndDialog
FindWindowW
SetWindowPos
SetDlgItemTextW
BeginPaint
EndPaint
GetSysColor
PostThreadMessageW
GetWindowLongPtrW
IsDlgButtonChecked
SetWindowLongPtrW
OpenClipboard
GetClipboardData
CloseClipboard
FillRect
AppendMenuW
CreateWindowExW
IsWindowEnabled
GetFocus
GetNextDlgTabItem
GetScrollInfo
EnableWindow
InsertMenuW

gdi32

PatBlt
SetTextColor
SetBkColor
SelectObject
CreatePatternBrush
CreateBitmapIndirect
SetBkMode
GetTextExtentPoint32W
GetTextExtentExPointW
RectVisible
ExcludeClipRect
GetCurrentObject
TextOutW
CreateRectRgn
CreateSolidBrush
GetNearestColor
CreateFontIndirectW
GetObjectW
DeleteDC
StretchDIBits
GetDIBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
GetTextAlign
GdiFlush
CreateDIBSection
SetStretchBltMode
SelectClipRgn
GetStockObject
StretchBlt
SetTextAlign
CombineRgn
EnumFontFamiliesExW
GetTextMetricsW
SetBrushOrgEx
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
ChooseColorW

advapi32

RegisterServiceCtrlHandlerW
DeleteService
CloseServiceHandle
ControlService
OpenServiceW
SetServiceStatus
QueryServiceConfigW
RegQueryValueExA
RegOpenKeyA
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegDeleteKeyW
GetUserNameW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CreateServiceW
StartServiceW
OpenSCManagerW
StartServiceCtrlDispatcherW

shell32

SHGetFileInfoW
SHGetPathFromIDListW
SHGetDesktopFolder
ord16
SHGetSpecialFolderLocation
DragQueryFileW
SHBrowseForFolderW
ShellExecuteExW
SHFileOperationW
Shell_NotifyIconW
ord73
DragFinish
DragQueryPoint
DragAcceptFiles
SHChangeNotify

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
OleInitialize
CoTaskMemAlloc
RevokeDragDrop
DoDragDrop
RegisterDragDrop
ReleaseStgMedium
OleDuplicateData
OleUninitialize
CoUninitialize

oleaut32

SysAllocString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PR/Everything.ini
PR/LastActivityView.cfg
PR/LastActivityView.exe
.exe windows:4 windows x86 arch:x86

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

Actual PE Digest

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PR/USBDeview.cfg
PR/USBDeview.exe
.exe windows:4 windows x64 arch:x64

eba05b579d3ab843c7be0a272e2d6b93

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ed:8e:aa:83:28:62:54:38:50:a1:26:c9:ca:40:8e:7a:ca:7b:23:8e:e4:a1:51:f8:ab:39:1a:6b:be:c5:aa:a5
Signer

Actual PE Digest

ed:8e:aa:83:28:62:54:38:50:a1:26:c9:ca:40:8e:7a:ca:7b:23:8e:e4:a1:51:f8:ab:39:1a:6b:be:c5:aa:a5

Digest Algorithm

sha256

PE Digest Matches

true

20:ed:07:9a:27:8a:9e:50:76:6c:9b:af:00:8c:a4:1a:ea:54:37:1f
Signer

Actual PE Digest

20:ed:07:9a:27:8a:9e:50:76:6c:9b:af:00:8c:a4:1a:ea:54:37:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\USBDeview\x64\Release\USBDeview.pdb

Imports

msvcrt

__getmainargs
_acmdln
exit
_cexit
_initterm
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__setusermatherr
_commode
_fmode
__set_app_type
_exit
__dllonexit
_mbsrchr
atol
_mbschr
_snprintf
qsort
_strlwr
_mbsicmp
memmove
_strnicmp
modf
_strcmpi
memcmp
_memicmp
strchr
strrchr
strcmp
malloc
strtoul
free
srand
rand
abs
_strupr
_itoa
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
strlen
memcpy
atoi
_stricmp
_purecall
strcpy
memset
strcat
strncat
sprintf

comctl32

ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
ord6
ImageList_AddMasked

ws2_32

WSAStartup
WSAGetLastError
htonl
inet_addr
connect
WSAAsyncGetHostByName
WSAAsyncSelect
send
closesocket
WSASetLastError
socket
bind
htons
WSACleanup

kernel32

WideCharToMultiByte
WritePrivateProfileStringA
GetStartupInfoA
GetModuleHandleA
DeviceIoControl
GetCurrentThreadId
OpenProcess
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
ExpandEnvironmentStringsA
CreateProcessA
Sleep
SetErrorMode
GetStdHandle
GetPrivateProfileIntA
GetLastError
GetPrivateProfileStringA
CompareFileTime
GetComputerNameA
WinExec
FreeLibrary
SystemTimeToFileTime
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
GetDriveTypeA
GetDiskFreeSpaceExA
GetLogicalDrives
GetWindowsDirectoryA
CloseHandle
DeleteFileA
CreateThread
CreateFileA
GetTickCount
WriteFile
ReadFile
FlushFileBuffers
LoadLibraryExA
GetFileSize
GlobalAlloc
GlobalLock
GetTimeFormatA
GlobalUnlock
GetFileAttributesA
GetVersionExA
FileTimeToLocalFileTime
FormatMessageA
GetTempPathA
GetModuleFileNameA
SystemTimeToTzSpecificLocalTime
LocalFree
GetDateFormatA
GetTempFileNameA
EnumResourceNamesA

user32

GetDlgCtrlID
GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
DrawTextExA
IsDialogMessageA
KillTimer
TranslateMessage
GetKeyState
GetMessageA
DispatchMessageA
SetTimer
PostQuitMessage
GetSysColorBrush
ShowWindow
LoadCursorA
ChildWindowFromPoint
ReleaseDC
GetDC
SetCursor
EndDialog
GetDlgItemInt
GetDlgItem
CreateWindowExA
EndPaint
InvalidateRect
SetDlgItemInt
BeginPaint
GetWindow
SetDlgItemTextA
GetClientRect
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
LoadImageA
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
GetMenu
OpenClipboard
CheckMenuItem
EmptyClipboard
EnableMenuItem
GetParent
GetMenuItemCount
GetSubMenu
GetMenuStringA
GetClassNameA
SetClipboardData
CloseClipboard
EnableWindow
MapWindowPoints
GetCursorPos
GetSysColor
MoveWindow
LoadMenuA
LoadStringA
ModifyMenuA
DialogBoxParamA
TrackPopupMenu
DestroyMenu
CreateDialogParamA
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadIconA
RegisterWindowMessageA

gdi32

GetTextExtentPoint32A
SelectObject
GetStockObject
SetBkColor
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor
GetDeviceCaps

comdlg32

FindTextA
GetSaveFileNameA
ChooseFontA

advapi32

CloseServiceHandle
QueryServiceStatus
RegCreateKeyA
StartServiceA
ChangeServiceConfigA
ControlService
OpenSCManagerA
OpenServiceA
RegLoadKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
RegCloseKey

shell32

ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PR/browserdownloadsview-x64.zip
.zip
BrowserDownloadsView.chm
.chm
BrowserDownloadsView.exe
.exe windows:4 windows x64 arch:x64

1ae3ae5ddfc4378d6fe55e27ce846a3c

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:3e:c0:61:5a:8b:58:4a:54:e5:0e:36:94:61:7a:7d:04:5c:35:c3:c2:e3:f1:6f:73:d8:2f:14:ed:d1:6f:19
Signer

Actual PE Digest

c1:3e:c0:61:5a:8b:58:4a:54:e5:0e:36:94:61:7a:7d:04:5c:35:c3:c2:e3:f1:6f:73:d8:2f:14:ed:d1:6f:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\BrowserDownloadsView\x64\Release\BrowserDownloadsView.pdb

Imports

msvcrt

_c_exit
_exit
_cexit
wcsncat
exit
_endthreadex
strftime
_gmtime64
strcmp
_beginthreadex
realloc
_msize
calloc
_XcptFilter
_wcslwr
strlen
qsort
_wcsnicmp
memmove
free
_wcsicmp
modf
wcschr
memcmp
wcstoul
sprintf
strchr
__C_specific_handler
_onexit
__dllonexit
atoi
wcscmp
malloc
swscanf
_memicmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
_itow
_wtoi
_purecall
wcslen
wcscpy
memset
wcscat
_snwprintf
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_stricmp
_wcsupr
wcsrchr
_strcmpi

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentThreadId
HeapAlloc
DeleteCriticalSection
SetEndOfFile
HeapSize
InitializeCriticalSection
FormatMessageA
HeapCompact
FlushFileBuffers
CreateMutexW
GetProcessHeap
GetSystemInfo
UnlockFileEx
CreateFileA
OutputDebugStringA
LockFileEx
EnterCriticalSection
QueryPerformanceCounter
GetDiskFreeSpaceW
CopyFileW
GetStartupInfoW
GetFileAttributesExW
HeapReAlloc
OutputDebugStringW
DeleteFileA
GetDiskFreeSpaceA
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetTickCount
GlobalLock
GlobalAlloc
GlobalUnlock
lstrcpyW
GetLocaleInfoW
GetFileSize
GetTempPathW
LocalFileTimeToFileTime
SizeofResource
GetLastError
FindFirstFileW
FormatMessageW
SetFilePointer
GetVersionExW
FindNextFileW
GetTimeFormatW
FindClose
GetFileAttributesW
WriteFile
FindResourceW
TzSpecificLocalTimeToSystemTime
ReadFile
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
CreateFileW
CloseHandle
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
WideCharToMultiByte
MultiByteToWideChar
GetNumberFormatW
GetDateFormatW
lstrlenW
LockResource
GetTempFileNameW
LocalFree
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeLibrary
GetStdHandle
GetCurrentDirectoryW
GlobalFree
DeleteFileW
SetErrorMode
CreateProcessW
Sleep
ResumeThread
CreateThread
ExpandEnvironmentStringsW
ExitProcess
GetCurrentProcessId
ReadProcessMemory
OpenProcess
EnumResourceTypesW
GetVersionExA
HeapFree
HeapDestroy
LeaveCriticalSection
WaitForSingleObject
GetFileAttributesA
CreateFileMappingA
HeapCreate
UnlockFile
HeapValidate
FlushViewOfFile
GetFullPathNameW
GetTempPathA
LockFile
GetFullPathNameA
GetSystemTime
WaitForSingleObjectEx
AreFileApisANSI

user32

SetForegroundWindow
CallWindowProcW
RegisterWindowMessageW
RemoveMenu
IsDialogMessageW
InsertMenuW
RegisterClipboardFormatW
SetWindowPlacement
MonitorFromWindow
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
GetFocus
KillTimer
SetTimer
OpenClipboard
GetSubMenu
InsertMenuItemW
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
CheckMenuRadioItem
EnableWindow
GetMenuStringW
MapWindowPoints
CloseClipboard
GetMenu
MoveWindow
EmptyClipboard
EnableMenuItem
GetClassNameW
TranslateMessage
DispatchMessageW
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
GetKeyState
CreatePopupMenu
LoadIconW
SetMenuItemInfoW
TrackPopupMenu
PostQuitMessage
DrawTextExW
GetMessageW
GetMonitorInfoW

gdi32

SetStretchBltMode
CreateCompatibleBitmap
StretchBlt
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
SetBkColor
GetTextExtentPoint32W
GetStockObject

comdlg32

GetSaveFileNameW
ChooseFontW
FindTextW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash

shell32

Shell_NotifyIconW
SHBindToParent
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW

ole32

DoDragDrop
OleInitialize
OleUninitialize

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt
PR/jumplistsview.zip
.zip
JumpListsView.chm
.chm
JumpListsView.exe
.exe windows:4 windows x86 arch:x86

d0faef4f30a486dd1300a7acd0c85b75

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0
Signer

Actual PE Digest

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0

Digest Algorithm

sha256

PE Digest Matches

true

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f
Signer

Actual PE Digest

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\JumpListsView\Release\JumpListsView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_itow
wcstoul
wcsrchr
malloc
__set_app_type
_controlfp
_except_handler3
_exit
_wcsicmp
wcscmp
wcschr
free
modf
_memicmp
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Add
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
OpenProcess
EnumResourceTypesW
GetTickCount
GetModuleHandleA
GetStartupInfoW
LoadResource
SetErrorMode
DeleteFileW
GetStdHandle
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
MultiByteToWideChar
lstrlenW
lstrcpyW
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
FindClose
GetVersionExW
GetFileSize
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
KillTimer
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
DrawTextExW
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadIconW
DestroyIcon
SetTimer
IsDialogMessageW
TranslateMessage
ChildWindowFromPoint

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
StgOpenStorageEx

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
JumpListsView_AppID.txt
readme.txt
PR/nocheats.bat
PR/z.exe
.exe windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4b:b7:84:d6:57:96:16:65:19:fc:3d:9d:4a:6d:aa:55
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/01/2016, 00:00

Not After

19/01/2018, 23:59

Subject

CN=Goversoft,O=Goversoft,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:3e:2b:6e:8c:63:67:2d:cc:d9:d9:c9:05:10:3d:02:d6:4e:51:10
Signer

Actual PE Digest

93:3e:2b:6e:8c:63:67:2d:cc:d9:d9:c9:05:10:3d:02:d6:4e:51:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 963KB - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56c81702dac9b101e49bc55d39a0b86d

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

shlwapi

imm32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 39KB - Virtual size: 40KB

.pdata Size: 35KB - Virtual size: 34KB

.rsrc Size: 64KB - Virtual size: 63KB

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:baSigner

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 62KB

.rsrc Size: 22KB - Virtual size: 21KB

eba05b579d3ab843c7be0a272e2d6b93

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 39KB - Virtual size: 40KB

.pdata
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 64KB - Virtual size: 63KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 62KB

.rsrc
Size: 22KB - Virtual size: 21KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

ed:8e:aa:83:28:62:54:38:50:a1:26:c9:ca:40:8e:7a:ca:7b:23:8e:e4:a1:51:f8:ab:39:1a:6b:be:c5:aa:a5
Signer

20:ed:07:9a:27:8a:9e:50:76:6c:9b:af:00:8c:a4:1a:ea:54:37:1f
Signer

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 25KB - Virtual size: 24KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c1:3e:c0:61:5a:8b:58:4a:54:e5:0e:36:94:61:7a:7d:04:5c:35:c3:c2:e3:f1:6f:73:d8:2f:14:ed:d1:6f:19
Signer

.text
Size: 367KB - Virtual size: 367KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 27KB - Virtual size: 26KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate