edcaa4b572c81b0ba2eda26c4d11f2a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

edcaa4b572c81b0ba2eda26c4d11f2a2_JaffaCakes118
Size

2.0MB
MD5

edcaa4b572c81b0ba2eda26c4d11f2a2
SHA1

4a2ea6012738c38b446b0d6cfe41a12ec5416b12
SHA256

02737d749e4e7a5e245be9ac431b6fa57656c5ef8293191277fe4e239d5a3bec
SHA512

403df01cfd91ab458803270d4df6c3a80a75ef1029833fe9b622447e935a15d9f59f95cf3d16efcf7b5b6ef5db1fd34c710eea6284159632330407cb4e36ac69
SSDEEP

49152:zyowMHO7fs6nkYmnN1aUXXAMmk06XD3qPier+SCWP9:zy7Gc1kYe1aUXQXkxbqP1T59

Score

3^/10

Malware Config

Signatures

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/browsewm.dll
unpack001/corpol.dll
unpack001/cryptdlg.dll
unpack001/csseqchk.dll
unpack001/digest.dll
unpack001/dw15.exe
unpack001/html32.cnv
unpack001/ie4uinit.exe
unpack001/iexplore.exe
unpack001/msconv97.dll
unpack001/msencode.dll
unpack001/msieftp.dll
unpack001/msxml3.dll
unpack001/msxml3a.dll
unpack001/msxml3r.dll
unpack001/plugin.ocx
unpack001/proctexe.ocx
unpack001/tdc.ocx
unpack001/url.dll
unpack001/vgx.dll

Files

edcaa4b572c81b0ba2eda26c4d11f2a2_JaffaCakes118
.cab
browsewm.dll
.dll regsvr32 windows:5 windows x86 arch:x86

6de91a6a0c367ccc96c94bd07cf1d481

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
_ftol
_purecall
malloc
realloc
memmove
_except_handler3
_initterm
_adjust_fdiv
_HUGE

kernel32

LoadResource
GlobalFree
GlobalHandle
GlobalSize
GlobalReAlloc
VirtualAlloc
VirtualFree
InterlockedIncrement
HeapFree
GetProcessHeap
InterlockedDecrement
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
lstrlenW
MultiByteToWideChar
lstrlenA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetLastError
HeapDestroy
lstrcatW
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
FreeLibrary

user32

DestroyWindow
PtInRect
UnionRect
ShowWindow
IsWindow
ReleaseDC
GetDC
GetParent
wsprintfW
SetFocus
InvalidateRect

gdi32

LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
SaveDC
SetWindowOrgEx
RestoreDC
GetDeviceCaps

advapi32

RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CreateOleAdviseHolder
CoCreateInstance

oleaut32

SetErrorInfo
VariantInit
VariantClear
VariantCopy
SysAllocStringLen
VariantChangeTypeEx
OleCreatePropertyFrame
VarI4FromStr
LoadTypeLi
RegisterTypeLi
SysFreeString
LoadRegTypeLi
SysAllocString
SysStringLen

shlwapi

StrCpyW
StrCpyNW
PathAppendW
ord314
StrCmpIW
ord56
ord40
ord121
ord120
ord315
ord55
ord126
ord123
ord347
ord66
ord105
ord125
ord102
ord141
ord48
ord80
ord37
ord130
ord128

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
corpol.dll
.dll regsvr32 windows:5 windows x86 arch:x86

4b6276fbc3934e18d10f8e5b46018252

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
EnterCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetVersionExA
DisableThreadLibraryCalls
LeaveCriticalSection
LocalAlloc
LocalFree

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc

msvcrt

wcslen

Exports

Exports

CORLockDownProvider
CORPolicyProvider
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
GetUnsignedPermissions

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cryptdlg.dll
.dll regsvr32 windows:5 windows x86 arch:x86

60fa2c8c29d653d01cbdf114cd1215fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetLastError
lstrlenW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetCurrentProcess
GetComputerNameA
InitializeCriticalSection
DeleteCriticalSection
WinExec
SetProcessWorkingSetSize
GetProcAddress
GetCommandLineA
EnterCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
LeaveCriticalSection
GetVersion
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
GetCPInfo
lstrlenA
lstrcpyW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
SetStdHandle
FlushFileBuffers
LoadLibraryW
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
lstrcatA
lstrcatW
FormatMessageA
LocalAlloc
WideCharToMultiByte
GetVersionExA
SetLastError
MultiByteToWideChar
LocalFree
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryA
lstrcmpiA
GetACP
FileTimeToSystemTime
GetOEMCP
GetFileType
GetStartupInfoA
CloseHandle

user32

GetWindowLongA
GetParent
SetFocus
CreateWindowExW
LoadBitmapA
MessageBoxA
wsprintfA
MessageBeep
GetWindowRect
LoadStringA
GetDlgItemTextA
SetDlgItemTextA
DialogBoxIndirectParamW
LoadCursorA
LoadImageA
EnableWindow
WinHelpA
SendMessageW
SetCursor
GetDC
SendMessageA
SendDlgItemMessageA
ReleaseDC
DialogBoxParamA
DialogBoxParamW
EndDialog
GetDlgItem
GetSysColor
SetWindowLongA
DialogBoxIndirectParamA
ShowWindow

gdi32

GetTextExtentPointA
SelectObject
DeleteObject
GetTextMetricsA
GetTextExtentPointW
GetTextMetricsW

comctl32

PropertySheetW
PropertySheetA
InitCommonControlsEx
ImageList_Create
ImageList_Add

advapi32

RegCloseKey
RegQueryValueExA
CryptGenKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
CryptGetUserKey
GetUserNameA

shell32

ShellExecuteA

wintrust

WintrustRemoveActionID
WinVerifyTrust
WTHelperCertIsSelfSigned
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperGetProvPrivateDataFromChain
WintrustAddActionID

Exports

Exports

CertConfigureTrustA
CertConfigureTrustW
CertModifyCertificatesToTrust
CertSelectCertificateA
CertSelectCertificateW
CertTrustCertPolicy
CertTrustCleanup
CertTrustFinalPolicy
CertTrustInit
CertViewPropertiesA
CertViewPropertiesW
DecodeAttrSequence
DecodeRecipientID
DllRegisterServer
DllUnregisterServer
EncodeAttrSequence
EncodeRecipientID
FormatPKIXEmailProtection
FormatVerisignExtension
GetFriendlyNameOfCertA
GetFriendlyNameOfCertW

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
csseqchk.dll
.dll regsvr32 windows:4 windows x86 arch:x86

af6b76dae03387d755b77ac79920368d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
FreeLibrary
GetProcAddress
IsDBCSLeadByte
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
lstrcatA
lstrlenA
MultiByteToWideChar
lstrcpyA
lstrlenW
EnterCriticalSection
lstrcpynA
lstrcmpiA
HeapAlloc
TerminateProcess
IsBadWritePtr
RtlUnwind
HeapFree
LeaveCriticalSection
HeapReAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStringTypeW
SetUnhandledExceptionFilter
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetACP
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ISCCheckSequence
ISCCreateObject
ISCDecodeCommand
ISCDecodeCommandEx
ISCDestroyObject
ISCGetContext
ISCGetCurrentState
ISCMacroSequenceCheck
ISCSetCurrentState

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
digest.dll
.dll windows:5 windows x86 arch:x86

50cedbfa5d035f62eaab9d872dc880b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
GetUserNameA

kernel32

WideCharToMultiByte
InterlockedExchange
lstrcmpiA
GetProcAddress
LoadLibraryA
lstrcpyA
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
DeleteCriticalSection
CreateMutexA
InitializeCriticalSection
LocalAlloc
LocalFree
GetLastError
UnmapViewOfFile
VirtualAlloc
MapViewOfFileEx
CreateFileMappingA
GetTickCount
WaitForSingleObject
ReleaseMutex
MultiByteToWideChar
GetCurrentThreadId
TlsSetValue
GetCommandLineA
ExitProcess
GetModuleHandleA
TlsFree
SetLastError
TlsGetValue
TlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
RaiseException
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
VirtualQuery
FreeLibrary

user32

wsprintfA
SetFocus
ShowWindow
LoadStringA
SetForegroundWindow
SetWindowLongA
CheckDlgButton
SetWindowTextA
SendMessageA
EndDialog
IsDlgButtonChecked
GetWindowTextA
GetDlgItem
GetWindowLongA
DialogBoxParamA
GetActiveWindow

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
ApplyControlToken
CompleteAuthToken
DeleteSecurityContext
DllInstall
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
FreeContextBuffer
FreeCredentialsHandle
ImpersonateSecurityContext
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
MakeSignature
QueryContextAttributesA
QueryContextAttributesW
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
VerifySignature

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dw15.exe
.exe windows:4 windows x86 arch:x86

eb56ff0b12ba8fed58c88a68553edb5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExA
DeregisterEventSource
ReportEventA
RegisterEventSourceW
RegEnumValueA
GetUserNameA

comctl32

ord17

gdi32

CreateFontA
DeleteDC
RestoreDC
DeleteObject
GetTextFaceA
SelectObject
GetTextMetricsA
GetDeviceCaps
SetMapMode
SaveDC
Polyline
CreatePen
ExtTextOutW
GetTextExtentPoint32W
SetTextAlign
SetBkMode
SetTextColor
CreateFontIndirectA
GetObjectA

kernel32

GetModuleHandleA
MultiByteToWideChar
GetCommandLineA
GetCommandLineW
MapViewOfFile
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetStartupInfoA
CloseHandle
CreateThread
Sleep
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
LoadLibraryA
SetUnhandledExceptionFilter
MulDiv
WideCharToMultiByte
IsBadReadPtr
GetModuleFileNameA
GetSystemDefaultLangID
GetProcAddress
GetUserDefaultLangID
GetACP
GetSystemDefaultLCID
GetVersionExA
FreeLibrary
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
lstrcpyA
GetLastError
GetProfileStringA
SetEvent
CreateSemaphoreA
CreateProcessW
ExpandEnvironmentStringsW
CreateFileMappingA
GetFileSize
CreateFileA
DeleteFileA
DeleteFileW
GetTickCount
SetEnvironmentVariableA
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
GetFileAttributesA
CreateDirectoryA
WriteFile
SetFilePointer
CreateFileW
GetTempPathA
GetTempPathW
GetFileAttributesW
CreateDirectoryW
LockResource
LoadResource
FindResourceExA
GetSystemDirectoryA
SetEndOfFile
ExpandEnvironmentStringsA
IsDBCSLeadByte
CreateProcessA
SuspendThread
GetSystemTime
GetComputerNameA
CreateMutexA
TlsAlloc
TlsFree
TlsSetValue
VirtualFree
TlsGetValue
UnmapViewOfFile
SetLastError
HeapAlloc
GetLocaleInfoA
IsValidCodePage
VirtualAlloc
TerminateThread
GetCurrentThreadId
GetThreadContext
GetThreadSelectorEntry
ResumeThread
HeapFree
GetStringTypeA
GetStringTypeW
RtlUnwind
LCMapStringA
LCMapStringW

oleaut32

SysFreeString
SystemTimeToVariantTime
VariantTimeToDosDateTime
SysStringLen
SysAllocString

shell32

ShellExecuteExA
ExtractIconExA

user32

SetWindowLongA
DestroyWindow
MessageBoxA
DrawIconEx
EnableWindow
CheckDlgButton
GetSysColor
IsDlgButtonChecked
LoadIconA
DrawFocusRect
SetWindowTextW
GetWindow
LoadCursorA
DestroyIcon
GetWindowPlacement
IsIconic
wsprintfW
LoadStringW
GetWindowThreadProcessId
EnumWindows
CharPrevA
CallWindowProcA
CallWindowProcW
IsWindowUnicode
SystemParametersInfoA
GetClientRect
SendDlgItemMessageA
SetFocus
EndDialog
GetDlgItem
ShowWindow
SetCursor
InvalidateRect
DialogBoxParamW
DialogBoxParamA
CreateDialogParamW
CreateDialogParamA
SetWindowTextA
GetDC
MapWindowPoints
GetSysColorBrush
FillRect
ReleaseDC
GetSystemMetrics
SetForegroundWindow
GetWindowLongA
GetWindowRect
SetWindowPos
RegisterClassExA
CreateWindowExA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DefWindowProcA
KillTimer
wsprintfA
SendMessageA
PostMessageA
SetScrollInfo
GetScrollInfo
SetDlgItemTextA
SetTimer

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

wininet

InternetSetOptionA
InternetWriteFile
HttpSendRequestExA
InternetCanonicalizeUrlA
InternetReadFileExA
HttpEndRequestA
InternetOpenA
InternetSetStatusCallback
InternetAutodial
InternetGetConnectedState
InternetQueryOptionA
HttpQueryInfoA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dwintl.dll
.dll windows:4 windows x86 arch:x86

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a7:99:90:6f:d1:37:40:b6:14:97:ad:bb:88:f7:92
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

07/04/2000, 00:00

Not After

27/04/2001, 23:59

Subject

CN=Microsoft Corporation (Europe),OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Sandyford Industrial Estate,ST=Dublin,C=IE

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
html32.cnv
.dll windows:4 windows x86 arch:x86

66602ced85b05b270607fc7bb7cf7256

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

WriteFmtUserTypeStg
ProgIDFromCLSID
WriteClassStg
ReadClassStm
WriteClassStm
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameA
GlobalFree
lstrcpynA
GetProcAddress
FreeLibrary
LoadLibraryExA
GetLocaleInfoA
GetACP
MultiByteToWideChar
lstrlenA
lstrcpyA
lstrlenW
WideCharToMultiByte
GetSystemDefaultLangID
GetCommandLineA
HeapAlloc
FlushFileBuffers
RtlUnwind
WriteFile
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetOEMCP
GetCPInfo
FreeEnvironmentStringsA
CloseHandle
SetStdHandle
SetFilePointer
GetLastError
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapFree
HeapCreate
SetHandleCount
GetVersion
GetModuleHandleA
ExitProcess

user32

CharLowerA
GetKeyState
CharPrevA
LoadStringA
wvsprintfA
IsCharUpperA
wsprintfA
GetWindowRect
GetDC
ReleaseDC
SendDlgItemMessageA
MoveWindow
SendMessageA
RegisterClipboardFormatA
GetDlgItemTextA
EndDialog
CharUpperA

gdi32

GetDeviceCaps
EnumFontsA
DeleteMetaFile
GetTextExtentPoint32A
SetMapMode
CreateMetaFileA
SetWindowExtEx
CloseMetaFile
TextOutA
SelectObject
GetStockObject
GetMetaFileBitsEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

AbortForeignToRtf
AbortRtfToForeign
CchFetchLpszError
CchFetchMainStream
ConvertForeignToRtf
ConvertRtfToForeign
DllMain
FFetchSzzClasses
FFileRecognized32
FPrivateRetryMemError
FRegisterConverter
ForeignToRtf32
GetReadNames
GetWriteNames
InitConverter32
IsFormatCorrect32
RegisterApp
RtfToForeign32
UninitConverter
_AbortProcessing

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RTFOUT_P
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie4uinit.exe
.exe windows:5 windows x86 arch:x86

793d3b5ec4be99630617f1557d61d3ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

kernel32

GetFileAttributesA
lstrcpyA
MultiByteToWideChar
CopyFileA
SetFileAttributesA
CreateDirectoryA
GetDriveTypeA
lstrcmpiA
GetWindowsDirectoryA
GetLastError
GetModuleFileNameA
LoadLibraryExA
GlobalMemoryStatus
lstrcatA
ExitProcess
GetStartupInfoA
SetErrorMode
GetVersionExA
GetModuleHandleA
GetCommandLineA
LocalFree
lstrcpynA
LocalAlloc
IsDBCSLeadByte
CloseHandle
WriteFile
CreateFileA
SetCurrentDirectoryA
SetFilePointer
lstrcmpA
ReadFile
GetFileSize
GetPrivateProfileStringA
FindFirstFileA
FindClose
lstrlenA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsA

user32

wsprintfA
LoadStringA
CharNextA
MessageBoxA
CharPrevA
CharUpperA
CharLowerA

shell32

ord179
ShellExecuteA
SHChangeNotify
SHFileOperationA

ole32

OleUninitialize
CoCreateInstance
OleInitialize

advpack

RunSetupCommand
ExecuteCab
RegRestoreAll
DelNode
GetVersionFromFile

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iereset.inf
iexplore.exe
.exe windows:5 windows x86 arch:x86

c86861d7304082407097f39f4401cd08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3

kernel32

GetCommandLineA
GetStartupInfoA
lstrlenW
MultiByteToWideChar
CreateEventA
GetCurrentThreadId
lstrcatA
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
UnmapViewOfFile
CloseHandle
ReleaseMutex
SetEvent
WaitForSingleObject
CreateProcessA
lstrcpynA
GetCurrentProcessId
DuplicateHandle
GetCurrentProcess
CreateMutexA
MapViewOfFile
CreateFileMappingA
SetUnhandledExceptionFilter
LocalFree
LocalAlloc
GetModuleHandleA
ExitThread
SetErrorMode

user32

SendMessageA
PeekMessageA
MsgWaitForMultipleObjects
DestroyWindow
TranslateMessage
DispatchMessageA
LoadStringA
DefWindowProcA
RegisterClassA
CreateMenu
CreateWindowExA
ShowWindow
GetForegroundWindow
GetClassNameA
GetShellWindow
wsprintfA

shlwapi

ord241
ord276
ord437
ord376
ord80
ord185
SHRegGetBoolUSValueA
StrCpyNW
wnsprintfA
SHGetValueA
PathFindFileNameA
StrStrIA
ord243

shdocvw

ord101

Exports

Exports

DllGetLCID

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msconv97.dll
.dll windows:4 windows x86 arch:x86

008f169b96fed91f928db68c2bb9a05f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

OleInitialize
StgOpenStorage
StgCreateDocfile
OleUninitialize
OleBuildVersion

kernel32

GlobalLock
GlobalReAlloc
IsDBCSLeadByte
GlobalUnlock
GetProcAddress
GlobalFree
GlobalHandle
LocalAlloc
GlobalAlloc
LocalFree
LocalLock
LocalUnlock
LocalReAlloc
LocalSize
GlobalSize
GetFileSize
CloseHandle
FlushFileBuffers
SetFilePointer
DeleteFileA
MoveFileA
LoadResource
GetCurrentProcess
LoadLibraryA
SizeofResource
FindResourceA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrlenW
GetLastError
IsValidCodePage
GetOEMCP
CreateFileA
ReadFile
WriteFile
SetEndOfFile
GetModuleFileNameA
GetTempFileNameA
GetACP
GetWindowsDirectoryA
lstrcatA
GetFileAttributesA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
HeapFree
SetStdHandle
LockResource
FreeResource
lstrcpyA
lstrlenA
FreeLibrary
GetPrivateProfileIntA
GetLocalTime
GetTempPathA
GetCPInfo
GetStartupInfoA
GetStdHandle
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
ExitProcess
GetVersion
GetModuleHandleA
GetCommandLineA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings

user32

GetLastActivePopup
MessageBoxA
LoadStringA
IsCharAlphaA
wvsprintfA
EnableWindow
IsWindowEnabled
EnumThreadWindows
SetFocus
GetFocus
DialogBoxParamA
ReleaseDC
GetDC
OemToCharA
wsprintfA
CharUpperA
CharLowerA

gdi32

DeleteMetaFile
GetObjectType
DeleteEnhMetaFile
GetEnhMetaFileBits
SetMetaFileBitsEx
SetEnhMetaFileBits
GetMetaFileBitsEx

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

ByteToRtfHex
CbFetchLpbFromHpd
CbHplFoo
CbIntToPpch
CbLongToPpchR
CbOfH
CbReadFn
CbReadStm
CbStFromXst
CbSzz
CbULongToPpch
CbUnsToPpch
CbWriteFn
CbWriteLpbToHpd
CbWriteStm
CchFetchLpszFromHpd
CchFetchSzIszRtf
CchFormatDisplayPathSz
CchStripSz
ChLowerFromCopg
ChUpperFromCopg
CloseRtfGroup
CopyLpvFooPsd
CpgFromFsCpg
CtOfDbcsLpch
DeleteFromHpl
DelimRtfGroup
DirSet
DisableWindows
DllMain
EnableWindows
FApplyGrpprlPsdToLpv
FBltFn
FChIsLowerFromCopg
FChIsUpperFromCopg
FCloseAllFiles
FCloseAndDeleteFn
FCloseAndRenameFn
FCloseFn
FCloseHpd
FCloseStorage
FCloseStream
FCmpFn
FDeleteFn
FEnsureHpl
FEnsureOleAvail
FExpandHpl
FExportFilterCore
FFhFromFn
FFilespecFromDirSz
FFindFile
FFullPath
FGetDir
FHandlerInstalled
FImportFilterCore
FInitConvIO
FInitDll
FInitFilters
FInitHeaps
FInsertInHplCore
FIsDestIszRtf
FIsDocfileFn
FIsOpenFn
FIsSymbolIszRtf
FIsTrueLpsz
FNeHpl
FNeedsStarIdx
FOpenRootStorage
FOpenRootStorageXsz
FOpenStorage
FOpenStorageXsz
FOpenStream
FOpenStreamXsz
FReadFnPhpl
FReadFnPhq
FReallocH
FReallocHq
FRegisterClsid
FRegisterConverterClasses
FRegisterOleFileType
FRegisterPrefs
FRenameFn
FRequestFile
FSearchFntName
FSpaceOn
FStrIEq
FWriteLpszToHpd
FcCurrFn
FcMaxFn
FcMaxStm
FcSeekFn
FcSeekStm
FcSetMaxStm
FcTruncateFn
FceCheckFormat
FceForeignToRtf
FceRtfToForeign
FeGetError
FetchCoreDllVersion
FhFromFn
FillLpFromHpl
FillLrgw
FltFromDtGrt
FltFromExtension
FnOpen
FnOpenFh
FnOpenMemory
FnOpenStm
FnOpenStmPstg
FnOutCur
FnSetOutFn
FreeFdt
FreeH
FreeHpl
FreeHq
FreeLpv
FreeLpvFooPsd
GetCbFcPch
GetDateTimePdt
GetDateTimePul
GetRWNames
GetszFmrgszRtfFntName
GrtFromDtTerminal
HAllocCbCore
HpInHpl
HpdOpenConverterKey
HpdOpenProc
HplAllocProc
HplCloneHplProc
HqAllocLcbCore
HqCloneHq
HxBltHxLpsz
HxCloneHx
HxLoadRes
ICmpLpsz
ICmpLpszCch
ICmpLpxsz
ICmpLpxszCch
ICmpLrgb
ICmpiLpsz
ICmpiLpszCch
IFromPch
IMacFromHpl
IchFindMemberLpsz
IdDialogBox
IdMessageBoxExpandRcid
IdMessageBoxRcid
IdMessageBoxSz
IdMessageBoxSzRcid
InitExceptions
IszRtfFromIdx
IszRtfFromPch
IszRtfFromSz
LcbFetchLpvFooPsd
LcbFillRtfBuffer
LcbOfHq
LcbWriteLpvFooPsd
LpInHpl
LpbFromRgbHex
LpchBltLpszCch
LpchBltLpszHx
LpchFindChCch
LpchFindLastLpszCh
LpchFindLastLpszSbch
LpchFindLpsz
LpchFindLpszCh
LpchFindLpszNc
LpchFindLpszSbch
LpchMacBltLpsz
LpszFromLong
LpszFromLpxsz
LpszFromUlong
LpszGetFmrgszRtfFntName
LpszInSzz
LpszLowerLpsz
LpszUpperLpsz
LpvAllocLcbCore
LpvLockHq
LpxchBltLpxsz
LpxchBltLpxszCch
LpxchFindLpxszNc
LpxszFromLpsz
MsoCpgFromChs
MsoFsFromWch
MsoMultiByteToWideChar
MsoWideCharToMultiByte
MsoXchToLower
MsoXchToLowerLid
MsoXchToUpper
MsoXchToUpperLid
NCalculateExportPercentComplete
NCalculateImportPercentComplete
NFetchFromHpd
NFetchPercentComplete
OpenRtfDest
OpenRtfGroup
OutB
OutBHex
OutBytes
OutEscLpsz
OutEscLrgb
OutExtBHex
OutFnFcLcbHex
OutInt
OutIszRtf
OutIszRtfInt
OutIszRtfLong
OutIszRtfUns
OutL68k
OutLong
OutLpsz
OutLx86
OutNl
OutRgb
OutRgbHex
OutRtfUc
OutRtfXch
OutW68k
OutWx86
PauseExceptions
PchFromIszRtf
PchSkipSpacesPch
PjbNextExc
PopExc
PutPInHpl
PvLockH
PxchFindXch
ResumeExceptions
RgbHexFromLpb
SendExportPercentComplete
SendImportPercentComplete
SetExportPercentOptions
SetFilterOption
SetImportPercentOptions
SetPercentComplete
SetSpace
ShrinkHpl
ShutdownProc
StFromXst
StdFlushMemory
StgRootFromFn
StmFromFn
SwapLpvFooPsd
SyncFn
SzAllocFromPxch
SzFromXsz
SzzFromSoz
ThrowExcFce
UTF8ToUnicode
UchFromPchHex
UchFromPchHexCore
UnensureOleAvail
UnicodeToUTF8
UninitConvIO
UninitDlgs
UninitFilters
UninitHeaps
UnloadResHx
UnlockH
UnlockHq
UsrAltFromUsrXchIdct
UsrBaseFromCpg
UsrFromXch
WriteHplFn
WriteHqFn
XchLowerXch
XchUpperXch
XszAllocFromPch
XszLowerXsz
XszUpperXsz

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msencode.dll
.dll windows:4 windows x86 arch:x86

9669d66738d88db15b741b67c7ebc79d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
GetLastError
MultiByteToWideChar
GetACP
WideCharToMultiByte
DisableThreadLibraryCalls
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
IsValidCodePage
GetModuleFileNameA
GetCPInfo
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
HeapAlloc
HeapFree
LoadLibraryA
FlushFileBuffers
SetStdHandle
SetFilePointer
CloseHandle

Exports

Exports

CceDetectInputCode
CceGetAvailableEncodings
CceIsAvailableEncoding
CceStreamMultiByteToUnicode
CceStreamUnicodeToMultiByte
CceStringMultiByteToUnicode
CceStringUnicodeToMultiByte
DllMain
FetchMsEncodeDllVersion

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msieftp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d6851583de422d68b7d7b3915be4a031

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

SetBkColor
SetTextColor

user32

CheckDlgButton
ShowWindow
GetDlgItem
SetFocus
EnableWindow
UpdateWindow
EndDialog
EnableMenuItem
IsDlgButtonChecked
SetMenuDefaultItem
GetCursorPos
GetAsyncKeyState
SetCursor
DestroyIcon
LoadStringA
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenuItemID
GetMenuItemCount
GetClientRect
InflateRect
GetSystemMetrics
FindWindowExA
GetWindowRect
GetDesktopWindow
GetParent
GetSysColor
GetSysColorBrush
CharNextA
GetSubMenu

kernel32

RaiseException
GetLastError
GlobalSize
GlobalLock
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
WriteFile
GetCurrentThreadId
GetVersionExA
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
lstrlenA
lstrcatA
FreeLibrary
lstrcpyA
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InterlockedExchange
DisableThreadLibraryCalls
GlobalAlloc
GetSystemTime
lstrcmpA
lstrcmpiA
lstrcpynA
LocalFree
LocalAlloc
FindClose
FileTimeToLocalFileTime
CloseHandle
SetFileTime
CreateThread
Sleep
GetUserDefaultLCID
SystemTimeToFileTime
GetTickCount
GlobalUnlock
WaitForSingleObject
IsBadReadPtr
GlobalFree
ExitThread
WaitForMultipleObjects
CompareFileTime
SetEvent
FormatMessageA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime

ole32

CoCreateInstance
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
CoUninitialize
OleInitialize
StgCreateDocfile
OleUninitialize
GetHGlobalFromStream
CreateBindCtx
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
VariantInit
SafeArrayCreateVector
SetErrorInfo
SysFreeString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi

urlmon

FaultInIEFeature
CopyStgMedium
CreateURLMoniker

shlwapi

StrCmpIW
StrChrA
StrStrIW
ord341
PathFindFileNameW
StrCatBuffW
StrCpyNW
SHGetValueW
SHSetValueW
wnsprintfW
ord143
ord95
ord136
ord122
ord124
ord140
ord87
ord59
StrCmpW
ord121
ord24
ord80
ord309
ord83
SHDeleteValueW
ord334
ord340
ord107
PathIsRootW
ord333
ord141
ord94
PathFileExistsW
ord50
ord216
ord218
ord169
ord132
StrCatBuffA
SHRegGetBoolUSValueW
ord335
ord215
ord425
ord217
ord346
ord172
ord102
ord65
PathAppendW
ord394
ord52
ord57
ord338
PathIsDirectoryW
SHOpenRegStream2W
ord125
StrFormatByteSizeA
StrFormatByteSizeW
ord339
PathRemoveFileSpecW
ord66
ord176
ord336
ord426
ord428
ord106
AssocCreate
PathFindExtensionA
StrChrW
UrlCombineW
ord355
PathFindExtensionW
ord51
ord219
ord342
SHGetThreadRef
ord72
ord68
ord40
ord313
ord103
wnsprintfA
ord278
StrCmpNA
StrStrIA
ord302
ord71
SHRegisterValidateTemplate
StrDupW
ord444
ord437
ord174
ord234
ord337
StrToIntW
ord382
UrlEscapeW
UrlUnescapeW
ord354
ord292
StrCmpNIW
SHStrDupW
PathIsUNCW
ord375
PathGetDriveNumberW
ord2
StrChrIW

shdocvw

ord218
ord146
SHGetIDispatchForFolder

shell32

ExtractIconA
SHGetDesktopFolder
ord67
ord18
ord17
ord16
ord73
SHAddToRecentDocs
SHGetSpecialFolderLocation
ord155
ord26
ord174
ord25
ExtractAssociatedIconExW
ord195
ord196
ord152
ord89
ord27

comctl32

ord329
ord336
ord236
ord334
ord328
InitCommonControlsEx
PropertySheetW
ord388
ord324
ord320
ord339
ord386
ord325
ord321
ord323
ord332
ord322
ord234
ord385

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msxml.inf
msxml3.dll
.dll regsvr32 windows:5 windows x86 arch:x86

a6051622e5096ff03b078fb5fc817f88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoTaskMemAlloc
GetHGlobalFromStream
CoCreateFreeThreadedMarshaler
CLSIDFromProgID
CoTaskMemFree
StringFromCLSID
CreateBindCtx
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

shlwapi

ord117
ord56
ord136
ord60
ord116
PathFindExtensionW
UrlCanonicalizeW
ord2
PathFindFileNameW
ord260
ord217
UrlCombineA
UrlCanonicalizeA
UrlUnescapeA
PathCreateFromUrlA
StrChrA
StrCmpNIA
ord151
StrStrA
StrToIntA
ord153
ord342
StrRChrA
ord15
ord44
ord28
ord311
ord310
PathIsURLW
ord125
ord128
StrCmpIW
StrCpyW
StrCatW
ord158
ord156
ord68
ord66
ord43
ord38
ord25
ord26
StrToIntW
StrCmpNIW
ord45
StrCmpNW
ord51
ord83
StrCmpW
ord115
UrlUnescapeW
PathSearchAndQualifyW
UrlCreateFromPathW
PathCreateFromUrlW
UrlIsW
UrlGetLocationW
ord52

kernel32

ResumeThread
FlushFileBuffers
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
RtlUnwind
GetCommandLineA
SetThreadPriority
lstrcatW
SetFilePointer
ReadFile
CreateFileA
IsBadStringPtrW
RtlMoveMemory
GetLocaleInfoA
GetSystemTimeAsFileTime
IsBadStringPtrA
LocalFileTimeToFileTime
IsBadReadPtr
IsBadWritePtr
CreateThread
FormatMessageW
GlobalAlloc
GlobalFree
CreateEventA
LocalAlloc
LocalFree
GetSystemTime
SleepEx
lstrcmpiA
GetDateFormatA
GetTimeFormatA
GlobalLock
GlobalUnlock
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
FreeLibrary
GetVersionExW
lstrcatA
MultiByteToWideChar
lstrcmpA
ExpandEnvironmentStringsA
GetModuleFileNameA
lstrcpynA
TlsSetValue
TlsGetValue
InterlockedDecrement
InterlockedIncrement
lstrlenW
HeapFree
HeapSize
HeapAlloc
HeapReAlloc
VirtualFree
VirtualAlloc
GetProcessHeap
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
CloseHandle
GetModuleHandleA
GetVersionExA
TlsAlloc
TlsFree
InterlockedExchange
Sleep
WaitForSingleObject
GetExitCodeThread
VirtualQuery
GetThreadContext
SetEndOfFile
SuspendThread
SetEvent
ResetEvent
DebugBreak
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetTickCount
ReleaseSemaphore
DeleteCriticalSection
CreateSemaphoreA
InitializeCriticalSection
HeapDestroy
GetLastError
HeapCreate
GetSystemInfo
SetLastError
RaiseException
WideCharToMultiByte
LoadResource
SizeofResource
LockResource
FindResourceA
LoadLibraryExA
FormatMessageA
FileTimeToSystemTime
SystemTimeToFileTime
GetThreadLocale

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 852KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msxml3a.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msxml3r.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

cd4a7119bd444d6a5dd0229a1d64d4b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
VariantChangeType
SetErrorInfo
SysAllocStringLen
VariantCopy
LHashValOfNameSys
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysFreeString
VariantClear
VariantInit

ole32

CreateOleAdviseHolder
CoTaskMemAlloc
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
EnumChildWindows
SetPropA
RemovePropA
GetPropA
DialogBoxParamA
LoadStringA
MessageBoxA
EndDialog
GetSystemMetrics
SetWindowPos
SetDlgItemTextA
GetClientRect
RegisterWindowMessageA
DefWindowProcA
MapWindowPoints
GetFocus
GetClipboardFormatNameA
GetKeyState
PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
DestroyWindow
CreateWindowExA
SendMessageA
wsprintfA
DrawEdge
GetWindowLongA
LoadImageA
DrawIconEx
GetParent
IsWindow
PostMessageA
GetDC
ReleaseDC
LoadCursorA
RegisterClassA
GetWindowRect
UnregisterClassA
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ShowWindow
GetActiveWindow
SetParent
EndPaint
BeginPaint
SetFocus
IsWindowVisible
PtInRect
CharNextA
SetWindowLongA

gdi32

CreateDCA
SetViewportOrgEx
DeleteObject
OffsetWindowOrgEx
SetWindowOrgEx
GetDeviceCaps
CreateRectRgnIndirect
DeleteDC
LPtoDP
SetMapMode
GetMapMode

advapi32

RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueA
RegCreateKeyExA

kernel32

CreateFileA
SetFilePointer
ReadFile
CloseHandle
GlobalAlloc
lstrcmpA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GlobalFree
CreateEventA
GetModuleHandleA
GlobalUnlock
GetEnvironmentVariableA
SetEnvironmentVariableA
lstrlenW
WideCharToMultiByte
lstrlenA
LocalAlloc
MulDiv
lstrcpyA
lstrcmpiA
LocalFree
HeapFree
HeapAlloc
lstrcatA
CreateDirectoryA
DeleteCriticalSection
InitializeCriticalSection
GlobalLock
lstrcpynA
FindClose
GetLastError
FindNextFileA
FindFirstFileA
TlsAlloc
TlsSetValue
GlobalAddAtomA
TlsGetValue
GetCurrentThreadId
TlsFree
SetEvent
GetShortPathNameA
GetFileSize
DisableThreadLibraryCalls
GetProcessHeap
RtlUnwind
GetVersion
GetModuleFileNameA
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
GetLocaleInfoA
LoadLibraryExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ord17

shlwapi

SHDeleteKeyA

wininet

InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetCanonicalizeUrlA

urlmon

HlinkSimpleNavigateToString
URLDownloadA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FindPluginA
FindPluginByExtA

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
proctexe.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

13beee8eac6e8ea23e629767e315c040

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

atl

ord30
ord23
ord32
ord15
ord22
ord18
ord21
ord16

dxtrans

?DXOverArrayMMX@@YGXPAVDXPMSAMPLE@@PBV1@K@Z
?DXDitherArray@@YGXPBUDXDITHERDESC@@@Z

urlmon

URLOpenBlockingStreamA
URLOpenBlockingStreamW

kernel32

GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
TlsSetValue
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
VirtualProtect
GetSystemInfo
VirtualQuery
TlsAlloc
TlsGetValue
SetLastError
TlsFree
GetModuleHandleA
GetProcAddress
ExitProcess
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
CloseHandle
GetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
GetVersionExA
RtlUnwind
GetCommandLineA
WriteFile

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance

oleaut32

SysFreeString
LoadRegTypeLi
SetErrorInfo
VariantClear
VariantInit
SysAllocString

shlwapi

ord51
ord128
ord125
UrlCombineW

Exports

Exports

DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
removbak.inf
tdc.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

19078ac3231c83b9aed229ab57aedc8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

qsort
_initterm
memmove
_adjust_fdiv
_ltow
free
realloc
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall

atl

ord15
ord23
ord22
ord18
ord21
ord16
ord24
ord31
ord30
ord26
ord27
ord32

wininet

InternetGetConnectedState

urlmon

CreateURLMoniker
CoInternetCreateSecurityManager
RegisterBindStatusCallback
CoInternetParseUrl

ole32

CoTaskMemAlloc
WriteClassStm
OleSaveToStream
CoTaskMemFree
CreateOleAdviseHolder
CreateBindCtx
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CoCreateInstance
CoTaskMemRealloc
OleLoadFromStream

oleaut32

SysAllocString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
VariantCopy
LoadRegTypeLi
SetErrorInfo
OleCreatePropertyFrame
VariantChangeTypeEx
SystemTimeToVariantTime
VarBstrFromBool
UnRegisterTypeLi
SysFreeString

shlwapi

StrCmpNIW
StrCmpIW

user32

BeginPaint
SetWindowLongA
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
CallWindowProcA
GetParent
EndPaint
RegisterClassExA
wsprintfA
UnionRect
PtInRect
ShowWindow
InvalidateRect
IsWindow
DestroyWindow
SetFocus
DefWindowProcA
CreateWindowExA
GetClientRect
GetClassInfoExA
LoadCursorA
IntersectRect

gdi32

RestoreDC
SetWindowOrgEx
SaveDC
DeleteDC
SetViewportOrgEx
SetMapMode
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect

kernel32

HeapAlloc
GetCurrentProcess
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetProcessHeap
HeapFree
GetUserDefaultLCID
GetACP
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
FlushInstructionCache

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
url.dll
.dll windows:5 windows x86 arch:x86

05dd99e2314a77ed4a4a1359abae9951

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memmove

gdi32

GetStockObject
GetObjectA
CreateFontIndirectA
SetBkColor
SetTextColor
SelectObject
ExtTextOutA
DeleteEnhMetaFile
DeleteObject
DeleteMetaFile

kernel32

GlobalAddAtomA
lstrcmpiA
lstrcmpA
lstrcatA
IsBadWritePtr
IsBadStringPtrA
SetLastError
GetModuleHandleA
FreeLibrary
CloseHandle
CreateProcessA
IsDBCSLeadByte
GetFileAttributesA
SetThreadPriority
GlobalDeleteAtom
TerminateThread
WaitForSingleObject
SetFilePointer
ReadFile
SetFileTime
GetFileTime
CreateFileA
GetShortPathNameA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
lstrlenW
GlobalReAlloc
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFree
LocalFree
lstrcpynA
lstrlenA
lstrcpyA
GetVersion
DisableThreadLibraryCalls
GetProfileStringA
LoadLibraryA
GetProcAddress
CreateThread
CompareStringA
GetLastError
SearchPathA
RaiseException
InterlockedExchange

user32

GetWindowTextLengthA
GetDlgItem
FindWindowA
ChildWindowFromPoint
ScreenToClient
CharNextA
LoadStringA
CharUpperA
CharPrevA
EnableWindow
SystemParametersInfoA
SetDlgItemTextW
SetWindowTextA
PostMessageA
GetWindowTextA
MessageBoxA
SetFocus
GetDlgCtrlID
GetParent
SendMessageA
SetWindowLongA
GetWindowLongA
SetDlgItemTextA
SendDlgItemMessageA
DestroyIcon
wsprintfA
RegisterClipboardFormatA
IsWindow
MessageBeep
DialogBoxParamA
CharLowerA
IsWindowEnabled
EndDialog
LoadCursorA
SetCursor
CheckDlgButton
UpdateWindow
GetFocus
GetSysColor
DrawFocusRect
GetWindowRect
GetDlgItemTextA
SetWindowPos
MoveWindow
IsDlgButtonChecked
GetClientRect
GetSystemMetrics
ShowWindow

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA

shlwapi

PathRemoveFileSpecA
PathCompactPathA
PathBuildRootA
PathFindExtensionA
PathRemoveExtensionA
StrStrA
StrCmpNA
PathIsRelativeA
StrToIntA
PathRemoveBlanksA
PathRemoveArgsA
PathUnquoteSpacesA
PathFindFileNameA
PathFileExistsA
ord1
StrChrA
PathAppendA
StrCpyW
ord297
ord431
ord107
ord417
SHGetValueA
SHDeleteValueA
SHDeleteOrphanKeyA
SHSetValueA
PathQuoteSpacesA
PathFindOnPathA

comctl32

CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ord336
ord328
ord334
ord339
DestroyPropertySheetPage
ord329

shell32

SHAddToRecentDocs
ord162
ord155
ord43
ord72
ord75
ord71
ord51
ord183
ord63
ShellExecuteExA
DragQueryFileA
ExtractIconA
ord62
SHGetFileInfoA
SHChangeNotify
ord196
ord102
ShellExecuteA
ord195

Exports

Exports

AddMIMEFileTypesPS
AutodialHookCallback
DllCanUnloadNow
DllGetClassObject
FileProtocolHandler
FileProtocolHandlerA
InetIsOffline
MIMEAssociationDialogA
MIMEAssociationDialogW
MailToProtocolHandler
MailToProtocolHandlerA
NewsProtocolHandler
NewsProtocolHandlerA
OpenURL
OpenURLA
TelnetProtocolHandler
TelnetProtocolHandlerA
TranslateURLA
TranslateURLW
URLAssociationDialogA
URLAssociationDialogW

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vgx.dll
.dll regsvr32 windows:5 windows x86 arch:x86

83a0f1e4523818c5f7edbd9b44dabbe6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegEnumValueW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegSetValueExW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExW
RegQueryValueExW

atl

ord18
ord30
ord32
ord15
ord16
ord21
ord22
ord23

gdi32

GetNearestPaletteIndex
GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
ModifyWorldTransform
ExtCreateRegion
GetNearestColor
SetStretchBltMode
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
SetBrushOrgEx
GetClipRgn
GetBkColor
CreatePenIndirect
DPtoLP
CreateDIBPatternBrushPt
SetBitmapBits
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
SetBkMode
SetDIBits
CreateBrushIndirect
ExtEscape
GetPixel
SetDIBColorTable
EnumFontFamiliesExW
GetRegionData
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
PolyPolyline
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
GetDCOrgEx
GetDIBits
CreateDIBSection
GdiFlush
PatBlt
GetTextColor
BitBlt
GetPaletteEntries
GetTextExtentPointA
ExtTextOutW
GetTextExtentPoint32W
GetTextExtentPoint32A
GetCharWidthW
MoveToEx
ExtTextOutA
GetTextFaceW
GetKerningPairsA
GetCharABCWidthsA
GetGlyphOutlineW
GetGlyphOutlineA
GetCharWidthA
SetTextColor
SetBkColor
SelectClipRgn
IntersectClipRect
GetBitmapBits
CreateFontIndirectA
CreateCompatibleBitmap
EnumFontFamiliesExA
GetTextCharsetInfo
GetTextMetricsA
CreateBitmap
CreateCompatibleDC
DeleteDC
GetCurrentObject
GetWindowExtEx
GetViewportExtEx
SelectPalette
GetSystemPaletteUse
GetSystemPaletteEntries
CreateHalftonePalette
CreatePalette
StretchDIBits
GetStockObject
GetObjectA
CreateFontA
SelectObject
GetTextFaceA
DeleteObject
GetTextCharset
GetTextAlign
SetTextAlign
GetObjectType
Escape
GetDeviceCaps
RestoreDC
SaveDC
LPtoDP
OffsetViewportOrgEx
RealizePalette
GetCharacterPlacementA
GetCharacterPlacementW
GetObjectW
CreateFontIndirectW
GetTextMetricsW
EnumFontFamiliesA

kernel32

OutputDebugStringA
DisableThreadLibraryCalls
SearchPathA
HeapAlloc
InterlockedExchange
GetCurrentThreadId
RaiseException
Sleep
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
HeapReAlloc
HeapFree
VirtualAlloc
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
LocalAlloc
LocalFree
GetFileTime
SearchPathW
CreateSemaphoreA
lstrcpyW
lstrcatW
LoadLibraryW
lstrcpyA
lstrcatA
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
SetEndOfFile
SetFilePointer
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
VirtualFree
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
HeapCreate
GetSystemDirectoryW
GetWindowsDirectoryA
HeapDestroy
MultiByteToWideChar
GetSystemDefaultLangID
SetErrorMode
WriteFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetOEMCP
GetLocaleInfoA
IsValidLocale
GetModuleHandleA
GetProcAddress
GetSystemDefaultLCID
TlsSetValue
GetTempFileNameA
GetTempFileNameW
GetTempPathW
GetTempPathA
LoadLibraryA
CreateFileW
CreateFileA
DeleteFileA
DeleteFileW
GetUserDefaultLCID
CompareStringW
CompareStringA
WideCharToMultiByte
GetACP
FreeLibrary
IsDBCSLeadByte
GetVersionExA
FindResourceA
SizeofResource
LoadResource
LockResource
FreeResource
IsValidCodePage
GlobalReAlloc
GlobalFree
GlobalAlloc
GetStringTypeExW
GetTickCount
TlsGetValue
GetFileSize
ReadFile
GetLastError
SetLastError
MulDiv
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
TlsAlloc
TlsFree
DeleteCriticalSection
InitializeCriticalSection

msvcrt

_statusfp
_clearfp
_ecvt
wcschr
ceil
wcscpy
wcscmp
_wtoi
__CxxFrameHandler
_except_handler3
_adjust_fdiv
_initterm
_controlfp
strncmp
__dllonexit
_onexit
??2@YAPAXI@Z
realloc
malloc
free
setlocale
_ftol
_vsnwprintf
_purecall
memmove
iswspace

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoGetMalloc
CreateBindCtx

oleaut32

LoadTypeLibEx
VariantChangeTypeEx
VariantInit
SysAllocStringLen
VariantClear
SysFreeString
SysAllocString
LoadRegTypeLi

urlmon

RegisterBindStatusCallback
CreateURLMoniker

user32

LoadBitmapW
LoadBitmapA
wsprintfW
SystemParametersInfoA
wsprintfA
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
CreateIconIndirect
GetIconInfo
ClientToScreen
wvsprintfA
GetDCEx
GetWindowLongA
GetClassLongA
EqualRect
GetKeyboardLayoutList
OffsetRect
CharPrevA
DrawEdge
FillRect
GetDC
ReleaseDC
UnionRect
GetQueueStatus
PeekMessageA
SetRect
GetSysColor

Exports

Exports

$DllMain$_gdiplus
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsoAssertSzProcVar
_MsoFFeature@8
_MsoFInitOffice@20
_MsoFSetFeature@12

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bootdat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6de91a6a0c367ccc96c94bd07cf1d481

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

winmm

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 7KB

4b6276fbc3934e18d10f8e5b46018252

Headers

File Characteristics

Imports

kernel32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 428B

.edata Size: 512B - Virtual size: 226B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 520B

60fa2c8c29d653d01cbdf114cd1215fe

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

advapi32

shell32

wintrust

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 11KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 4KB

af6b76dae03387d755b77ac79920368d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

50cedbfa5d035f62eaab9d872dc880b3

Headers

File Characteristics

Imports

ntdll

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 428B

.edata
Size: 512B - Virtual size: 226B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 58KB - Virtual size: 57KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 11KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 140KB - Virtual size: 138KB

.data
Size: 4KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 2KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

37:a7:99:90:6f:d1:37:40:b6:14:97:ad:bb:88:f7:92
Certificate

.text
Size: 4KB - Virtual size: 149B

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 228KB - Virtual size: 224KB

RTFOUT_P
Size: 4KB - Virtual size: 1KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 92KB - Virtual size: 97KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 24KB - Virtual size: 23KB