VCDS-PCI-15071-Installer[.]file

Sharing

Copy URL

Twitter E-mail

General

Target

VCDS-PCI-15071-Installer.file
Size

27.2MB
MD5

07b471064f26c23a28ae21cbc5c6ec07
SHA1

8fd8b5a7289e26aaf48397b89e0f6653cd43082c
SHA256

7b82c3211ac2385422370846a2873f6dae0f6441b5a96095fb08754d23ef71f8
SHA512

799181487ea18e4f82ca992b8266a7cedcf24d50eeccd4b589ab4054c10610eb44bc7990cad6d38a97ff42bb2f0b857b71857297a8bbde5f33f6a2d7432f3054
SSDEEP

393216:HWoSq/0R7XDdADriXkOG3aTGbz0SDTjIjSk3iO/r7HH8tQUpgrbs/iVA:H7ps7u/iUr3lMiTjIv3ifbpgPs/iVA

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/$TEMP/VCDSAnleitung.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/StdUtils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/newadvsplash.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/CSVConv.exe
unpack001/TDIGraph.exe
unpack001/VCScope.exe

Files

VCDS-PCI-15071-Installer.file
.exe windows:4 windows x86 arch:x86

e221f4f7d36469d53810a4b5f9fc8966

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:2f:83:d4:e0:7a:f8
Certificate

Issuer

SERIALNUMBER=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

10-01-2013 19:30

Not After

10-01-2016 19:30

Subject

CN=Ross-Tech\, LLC,O=Ross-Tech\, LLC,L=Lansdale,ST=PA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
SetFileAttributesW
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
GetCommandLineW
GetTempPathW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

169a48cc9c51ee5c3252871261341ac9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_snprintf
swscanf
rand
srand
time
??2@YAPAXI@Z
_snwprintf
wcsncpy
??3@YAXPAX@Z
wcschr
_beginthreadex
_wcsicmp
memset

shlwapi

ord176

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

InitializeCriticalSection
GetExitCodeProcess
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GetSystemTime
SystemTimeToFileTime
DeleteCriticalSection
GetFileAttributesW
GetCommandLineW
WaitForSingleObject
CloseHandle
TerminateThread
GetModuleHandleW
GlobalAlloc
lstrcpynW
GlobalFree
Sleep
GetTickCount
GetVersionExW
GetLastError
VerifyVersionInfoW
VerSetConditionMask
LocalFree
LocalAlloc
FreeLibrary
LoadLibraryW
MultiByteToWideChar

user32

AllowSetForegroundWindow
MessageBoxW
MessageBoxA
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
GetWindowThreadProcessId
LoadStringW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Exports

Exports

DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetParameter
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
InvokeShellVerb
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
Time
TrimStr
TrimStrLeft
TrimStrRight
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

7efb019e000b6e0291c32d00fe622590

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
CloseHandle
WaitForSingleObject
GetProcAddress
lstrlenW
CreateThread
GetCurrentThreadId
Sleep
lstrcpyW
lstrcmpiW
GlobalAlloc
GlobalFree
lstrcpynW

user32

DefWindowProcW
DestroyWindow
IsWindowVisible
UnregisterClassW
EnumDisplaySettingsW
SendMessageW
wsprintfW
SystemParametersInfoW
EndPaint
SetWindowPos
LoadCursorW
RegisterClassW
CreateWindowExW
IsWindow
GetMessageW
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongW
GetClientRect
TranslateMessage
DispatchMessageW
PostMessageW
SetWindowRgn
BeginPaint

gdi32

CombineRgn
GetObjectW
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

winmm

timeSetEvent
PlaySoundW
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_wopen
_close
wcstol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

e2ee55bddad4241d619d6a8a38e2d869

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/VCDSAnleitung.pdf
.pdf
- http://www.pci-tuning.de/
- http://vcdswiki.de/
- http://www.vcdspro.de/
- http://vcdsforum.de/
$TEMP/VCDSInstSplash-PCI.jpg
.jpg
AutoScan.txt
CSVConv.exe
.exe windows:4 windows x86 arch:x86

9cc807f2a581e5384b118f6bf7d79d45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
Sleep
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
DeleteFileA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
WritePrivateProfileStringA
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GetVersionExA
FormatMessageA
LocalFree
MulDiv
GlobalUnlock
GlobalFree
FreeResource
CloseHandle
GlobalAddAtomA
GetCurrentProcessId
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetFileType

user32

LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
GetWindowPlacement
GetWindowRect
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextLengthA
GetWindowTextA
GetWindow
SetFocus
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
RegisterClassA
EnableWindow
GetSystemMetrics
AppendMenuA
SendMessageA
GetClientRect
DrawIcon
LoadIconA
IsIconic
GetSystemMenu
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostMessageA
PostQuitMessage
PtInRect

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
CreateBitmap
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
PtVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Code-DRV.dat
Drivers/20204/RT-USB.INF
Drivers/20204/rt-usb.cat
Drivers/20418A/RT-USB.inf
Drivers/20418A/rt-usb.cat
Drivers/20418B/RT-USB.inf
Drivers/20418B/rt-usb.cat
Drivers/20602/RT-USB.inf
Drivers/20602/rt-usb.cat
Drivers/20814/RT-USB.inf
Drivers/20814/rt-usb.cat
Drivers/20817/RT-USB.inf
Drivers/20817/rt-usb.cat
Drivers/21000/RT-USB.inf
Drivers/21000/rt-usb.cat
HC194.bin
HCC194.bin
HN116.bin
HP194.bin
Hinweise.pdf
.pdf
- http://vcdspro.de
- http://www.vcdspro.de
LCode.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:2f:83:d4:e0:7a:f8
Certificate

Issuer

SERIALNUMBER=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

10-01-2013 19:30

Not After

10-01-2016 19:30

Subject

CN=Ross-Tech\, LLC,O=Ross-Tech\, LLC,L=Lansdale,ST=PA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 33KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LCode.ini
Lizenz.rtf
.rtf
MyAutoScan.txt
RT-USB.dll
.dll windows:5 windows x86 arch:x86

20e898b7ba9b5d4dbaf372fb9180c6d7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:9c:8e:19:a2:24:dc:85:9b:d3:48:4b:b6:76:01:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2012 00:00

Not After

04-12-2015 23:59

Subject

CN=Ross-Tech\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Ross-Tech\, LLC,L=Lansdale,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:6d:80:63:a3:6a:15:37:9f:6f:ca:9d:db:11:4a:54:1a:27:82:0b
Signer

Actual PE Digest

36:6d:80:63:a3:6a:15:37:9f:6f:ca:9d:db:11:4a:54:1a:27:82:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\andy.miller\Desktop\Windows Driver Development\v2.10.00.RC2\d2xxdll\Release\FTD2XX.pdb

Imports

setupapi

SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiClassNameFromGuidExA
SetupDiGetClassDescriptionExA
CM_Locate_DevNode_ExA
CM_Reenumerate_DevNode_Ex
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiClassGuidsFromNameExA
SetupDiCreateDeviceInfoListExA
SetupDiGetClassDevsExA
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInfoListDetailA
SetupDiEnumDeviceInfo

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetStdHandle
HeapSize
FlushFileBuffers
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
LocalFree
FormatMessageA
CloseHandle
GetLocaleInfoW
GetLastError
lstrlenA
lstrcpyA
DeviceIoControl
ReleaseMutex
WaitForSingleObject
ReadFile
WriteFile
GetOverlappedResult
CancelIo
lstrcmpiA
lstrcpynA
CreateMutexA
CreateFileA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetCurrentProcess
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
SetEnvironmentVariableA
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
ExitProcess
FatalAppExitA
RaiseException
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
RtlUnwind
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeFormatA

user32

CharNextA
CharPrevA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitiateSystemShutdownExA
RegQueryValueExA

Exports

Exports

FT_Close
FT_ClrDtr
FT_ClrRts
FT_ComPortCancelIdle
FT_ComPortIdle
FT_CreateDeviceInfoList
FT_CyclePort
FT_EEPROM_Program
FT_EEPROM_Read
FT_EE_Program
FT_EE_ProgramEx
FT_EE_Read
FT_EE_ReadConfig
FT_EE_ReadECC
FT_EE_ReadEx
FT_EE_UARead
FT_EE_UASize
FT_EE_UAWrite
FT_EE_WriteConfig
FT_EraseEE
FT_GetBitMode
FT_GetComPortNumber
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetEventStatus
FT_GetLatencyTimer
FT_GetLibraryVersion
FT_GetModemStatus
FT_GetQueueStatus
FT_GetQueueStatusEx
FT_GetStatus
FT_IoCtl
FT_ListDevices
FT_Open
FT_OpenEx
FT_Purge
FT_Read
FT_ReadEE
FT_Reload
FT_Rescan
FT_ResetDevice
FT_ResetPort
FT_RestartInTask
FT_SetBaudRate
FT_SetBitMode
FT_SetBreakOff
FT_SetBreakOn
FT_SetChars
FT_SetDataCharacteristics
FT_SetDeadmanTimeout
FT_SetDivisor
FT_SetDtr
FT_SetEventNotification
FT_SetFlowControl
FT_SetLatencyTimer
FT_SetResetPipeRetryCount
FT_SetRts
FT_SetTimeouts
FT_SetUSBParameters
FT_SetWaitMask
FT_StopInTask
FT_W32_CancelIo
FT_W32_ClearCommBreak
FT_W32_ClearCommError
FT_W32_CloseHandle
FT_W32_CreateFile
FT_W32_EscapeCommFunction
FT_W32_GetCommMask
FT_W32_GetCommModemStatus
FT_W32_GetCommState
FT_W32_GetCommTimeouts
FT_W32_GetLastError
FT_W32_GetOverlappedResult
FT_W32_PurgeComm
FT_W32_ReadFile
FT_W32_SetCommBreak
FT_W32_SetCommMask
FT_W32_SetCommState
FT_W32_SetCommTimeouts
FT_W32_SetupComm
FT_W32_WaitCommEvent
FT_W32_WriteFile
FT_WaitOnMask
FT_Write
FT_WriteEE

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RT-USB.inf
RT-USB.sys
.sys windows:6 windows x86 arch:x86

e17f94d07dee6d93123aa56993d148d5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:9c:8e:19:a2:24:dc:85:9b:d3:48:4b:b6:76:01:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2012 00:00

Not After

04-12-2015 23:59

Subject

CN=Ross-Tech\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Ross-Tech\, LLC,L=Lansdale,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:5a:24:53:27:16:21:29:93:9b:81:4a:33:b6:2c:b7:2c:54:f3:4d
Signer

Actual PE Digest

6a:5a:24:53:27:16:21:29:93:9b:81:4a:33:b6:2c:b7:2c:54:f3:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\andy~1.mil\desktop\window~1\v21000~1.rc2\d2xx\d2xx\objfre_wnet_x86\i386\FTDIBUS.pdb

Imports

ntoskrnl.exe

memcpy
KeSetEvent
InterlockedDecrement
KeInitializeSpinLock
InterlockedIncrement
RtlWriteRegistryValue
RtlQueryRegistryValues
memset
KeInitializeDpc
KeInitializeTimer
KeInitializeMutex
IoAttachDeviceToDeviceStack
RtlFreeUnicodeString
IoDeleteDevice
IoCreateDevice
IofCallDriver
IofCompleteRequest
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
ExFreePool
ExAllocatePoolWithTag
RtlInitUnicodeString
IoGetDeviceProperty
KeCancelTimer
KeReleaseMutex
ObfReferenceObject
IoDetachDevice
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
PoSetPowerState
ObfDereferenceObject
PoStartNextPowerIrp
IoFreeWorkItem
PoCallDriver
IoReleaseCancelSpinLock
PoRequestPowerIrp
InterlockedExchange
IoCancelIrp
IoQueueWorkItem
IoAllocateWorkItem
KeClearEvent
IoFreeIrp
IoAllocateIrp
ObReferenceObjectByHandle
ExEventObjectType
IoFreeMdl
IoBuildPartialMdl
MmUnmapLockedPages
KeSetTimer
IoAllocateMdl
MmMapLockedPagesSpecifyCache
PsTerminateSystemThread
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
ZwClose
PsCreateSystemThread
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
RtlCompareUnicodeString
RtlUnicodeStringToInteger
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
IoOpenDeviceRegistryKey
ObReferenceObjectByPointer
IoGetDeviceObjectPointer
RtlCompareMemory
IoGetDeviceInterfaces
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwOpenKey
ZwEnumerateKey
ZwQueryKey
ZwSetValueKey
RtlStringFromGUID
IoInvalidateDeviceRelations
ZwEnumerateValueKey
swprintf
KeTickCount
KeBugCheckEx
KeInitializeEvent
PsGetVersion
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
ExFreePoolWithTag
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx
USBD_GetUSBDIVersion

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TDIGraph.exe
.exe windows:4 windows x86 arch:x86

efec9971ce694f305bcd00733d2aac26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
HeapFree
HeapAlloc
VirtualAlloc
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
CreateFileA
SetHandleCount
GetFileType
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetThreadLocale
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
GetCurrentProcessId
GetModuleFileNameA
GlobalLock
GlobalUnlock
MulDiv
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
LoadLibraryA
SetLastError
lstrcmpW
GetProcAddress
GetVersionExA
GetModuleHandleA
ReleaseMutex
CreateMutexA
Sleep
GetCurrentDirectoryA
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
GetStdHandle
WideCharToMultiByte

user32

UnregisterClassA
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetWindowThreadProcessId
IsWindowEnabled
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
InvalidateRect
FillRect
GetClientRect
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
CopyRect
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
SetPropA
SetCursor
EnableWindow
LoadIconA
GetSystemMenu
AppendMenuA
SendMessageA
GetWindowRect
SetTimer
IsIconic
GetSystemMetrics
DrawIcon
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
LoadStringA
SetCursorPos
KillTimer
GetLastActivePopup

gdi32

ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
SetWindowExtEx
GetDeviceCaps
CreatePen
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
DeleteObject
SetTextAlign
MoveToEx
LineTo
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
BitBlt
SetPixel
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VCDS.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:9c:8e:19:a2:24:dc:85:9b:d3:48:4b:b6:76:01:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2012 00:00

Not After

04-12-2015 23:59

Subject

CN=Ross-Tech\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Ross-Tech\, LLC,L=Lansdale,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

��@7ީ�%jbw[��ƌ��s��į�Κ��0��j�̝a��V��N�j�V�+�[�T�� qo�NΦ��O�+:p ��Yp�l��OEwa��j�#`�Ld$>�S�X+؏�cgi�΁��&��-ٟ\��xpVY�X[�d�q��P+��(�x�w��>��j�F�B<o�l�Wj��˞J�C��<�>$��k�l�1�š4��5v<>`��l�<�څT�?�� 5X8�\�Q�4~7da��!MP��x�BT��p�,b�= uE��"t�c��o��,BK�(��:��)G�㨉o��R�7c��;'rX�n�'2/I��V-�8B�1r��lf�v�dYܚ3T34r��F��E ��X�w��Y��!�gs�K}�\��|�#2֧ �*w��B��ݴP�r�&:��s�q5��J��T`k=/2Ɛ��d�8�/�:�"�8M��1Lj#Z��єv�,��٬��h$m��x�u�sl�� !��g�N��Z�7�+i��t��D��vb��S�t�J��aBȈTk��օ^) /��F�R`��4�B�L�¹�Z��.�v�J��޴«��N�=�LA8Ԛ,"Q_=�I��7��8T�i͌h��9�Ȑ�|�VwW��7OL�1+�T��U �Rb��Ӿ��1�H'�/�7a�jF��U �Ԝ�'x��ll�o�g�*�$r/��Q�l��9I�'��r��}�'��-RS8�V��L�(�K$NwDE�J�H鮽4A�I��H4��Yv��F��R�4�hqe��qT��+��|��蟌6$}6j��Laق��Y?��#�fڸ#�d� �w��wbq�g��BP��ʫT��(ywx�A��Z�0�hqV{x�$מ|�'V��)�#��SO8�E��J�P��u�i��mk[$��l�~3%�(I�߭��|&Q��x��t`w�0�rű6�L2%5ɕ�U��v��R�h4c��OÒ��V(f��6"ȉ��25l]nL|��"� ��,�^��L��u�9��qI~{��^Z!"��"cz[�.Z��ǝ�W+m��Ձ��8��G��\`3�S>�>r��+�岞��M�0 �M��W�ƺ®�o��Er۞��L��bA��@AK�l�d�z21�9��E'�K{�!wy,Q�O¯7�- ��2|4co��0I�ky��0��M��* �tq޺3|�<}�`ܛ�pU6��AC��]�N��8>��e��l��攓�Hn�'��!��q��U��TK)��E�]��N-��i��(��u�S1�?��@V^��p��}TT��P��l�a�l��ʴ�U�� [ ��k��4�xL�q�׬�R10��d��Z��-6�!� �Hq�[ϧ��QiMn��)�0A��9��%:ޞÓ�`BG��`�6�پ��݀�z!��mU#*�j�S-�w�Tz��N��ɒPT�Tk=W��p��C�C%Ii�@/H>��J2��,�B!��Nxm��Q� �e#Ә*rY!�H��n��*\�D�h��2�u�$ݚ�[<$��(��e;�݉�p��<<߽\��=��K�?NxHp�!��Ԉߴg�9O�U��t�9�=��׃�Y�L>�!�3�O��!��)��M(��7U:�|�Iƞdr�0��8d�,P��a�;��^�5#��B鋴��ۤH�Ro�?��g~hq��xS�!��۪��p��O�瘉��,��؂�N;� иܛYa�t1�R�*v�[�*��o��}��s� ;�#��w �}�=��a��v��=]'�T})܃��e`N� Øer1˻9�� .��r4��VH�N��]6��=��Il�|��"e�a\+/��DP�Ľ�Ff;�'��\A��j�I�þ�ǰ`Zn}Ա��j�� ^�T�h>}��<XȔʵ�!��pN`]��Jk��iΈ�[oGΌ�{9<�KЦ &��_:��"L�b�o[IԶn4�_QJ4³��H�ku6�mX��՘%�դ��5F�� a��3��M�Qb|\7[�6Q;�� 7Ե,�s�U��F��[�밥P%�f�97#��|,i�[��dbP�ӄ�`Z�A�J��oh}6�MC(�c2W�0��c��O&��i�{��_o��t/a��W +6U�e�=�J��w��]��S�3&�m,�^��iz�I��?��Vn*<B�e�]3��+�b�ӡ�fX�CI��?2��0��̢ڎK��+�Mn�?�7�*h �|�n�.Y��2J��f�'��0PK�0Y��29�,�f�b��?�f�[:M��fKӻ?�F��h��F'Bd��9��4�+�H�V��+!�ԯR�4�)��Mϒ� �]��{�N�Q�I��H�[ ��Oɐ��6An&}��/:�^Xh��ȼs*L�9��Y��k�fn�jU/Zk�R�M �`��,��x'%�2�F 4Lk��n��n\� ��ި�"�EΤ��yZ�PWe��āed/ ��r>�}�3��!�L�fd�xv�y�_G¦�U�u��-��1�8��O��k�Yh�ΟZ�p�d�<��ВK��û�6��Y��+k�D�Щ4F{j˦?u_�� ϔ�yB��< �I��,��o�o��g�e�PROE��aBER.��I;?R�B��W�#~��%��*�c��-�,�;�#j�|jc+��P��>&v�%e��DK>�M��耭��h5�D�Q-�.ӣfI�E��iO!Yk�F��/�5�j��>8�Jc@݂��|�QҌ/� ��q�W��j)�;��$s빾q��`KF��6�s ��a�mC�"�@��6 �,�B�S|�4�[��i[:\��4Zzp:B��K�]5=�WCP�%��;��)��Jm;Mk��x��Y��Dh$b�Y�Zf�?�gk�'�֭Ě�y��V�|� -�`A��-AX}� �X�ΰ��J%'ˮ��U��|{��-��_(�RS��Ф�I�\9q/C��k��'႞&5O,�Ҩ�+�A��߀aq��n �99�kܴ"�E��E��4�H��P�8��t �|��gԩ\��G��/��ޕ� e5��C��eLA�!sb�5�l"�i�zY��g5��^۲i冞4h��ֳᙾwrwI��\�|0��E�Ȥ��ȧ`[{��_]�ؘ��<��'��[��0��g��n(!("��s��_��M��F�3T�g��ZS!{��a�_�:��0w4J]��Z��70GOo'I��U�tx*ࢬAn~S��=�e�)pV�5%1�o> DZN�AƜ _#-&�]�.��/Iѻ4]f

Sections

Size: 402KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 57KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 66.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 173KB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VCScope.exe
.exe windows:5 windows x86 arch:x86

e6193121e803bc281fd0c21d67d9ff49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
RaiseException
VirtualAlloc
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetErrorMode
CreateFileA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
GlobalAlloc
FormatMessageA
LocalFree
lstrlenA
LoadLibraryA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GlobalFree
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GetProcAddress
GetCurrentProcessId
GetModuleFileNameA
SetLastError
MultiByteToWideChar
GetCurrentDirectoryA
Sleep
GetTickCount
ReleaseMutex
CreateMutexA
GetLastError
CreateDirectoryA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceA
FreeEnvironmentStringsW
GetModuleHandleA

user32

UnregisterClassA
LoadCursorA
GetSysColorBrush
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetWindowPlacement
GetWindow
SystemParametersInfoA
DestroyMenu
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
CheckMenuItem
EnableWindow
GetSysColor
TabbedTextOutA
CopyRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
RegisterWindowMessageA
InvalidateRect
DrawTextExA
GrayStringA
GetClientRect
LoadMenuA
LoadStringA
GetSubMenu
DrawTextA
GetWindowRect
FrameRect
FillRect
ScrollDC
SendMessageA
LoadIconA
GetSystemMetrics
DispatchMessageA
AppendMenuA
RedrawWindow
PeekMessageA
SetCursorPos
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
GetMessageA
GetSystemMenu
SetTimer
IsIconic
KillTimer
DrawIcon
PtInRect
TranslateMessage

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolylineTo
DeleteDC
GetStockObject
OffsetViewportOrgEx
GetDeviceCaps
SelectObject
SetViewportOrgEx
GetObjectA
SelectClipRgn
DeleteObject
TextOutA
SetTextAlign
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SetPixel
CreatePolygonRgn
BitBlt
LPtoDP
Polygon
CreateFontA
CreateCompatibleDC
DPtoLP
CreateCompatibleBitmap
Rectangle
GetMapMode
PtVisible
GetBkColor
Escape
CreatePen
GetTextMetricsA
RectVisible
ExtTextOutA
CreateSolidBrush

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathRemoveExtensionA
PathRemoveFileSpecW
PathFindFileNameA
PathFindExtensionA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
distrib.cfg
dpinst.exe
.exe windows:6 windows x86 arch:x86

3ab7cc62e4963955ad408cd420cd8ef1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:9c:8e:19:a2:24:dc:85:9b:d3:48:4b:b6:76:01:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2012 00:00

Not After

04-12-2015 23:59

Subject

CN=Ross-Tech\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Ross-Tech\, LLC,L=Lansdale,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DpInst.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
IsTextUnicode
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
DeleteService
StartServiceW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatus
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetFileAttributesW
DeleteFileW
ReleaseMutex
SetFilePointer
HeapFree
GetProcessHeap
HeapAlloc
CreateMutexW
FreeConsole
SetConsoleMode
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FreeLibrary
FillConsoleOutputCharacterW
ReadConsoleOutputW
GetConsoleMode
GetStdHandle
GetProcAddress
LoadLibraryW
WriteConsoleW
IsValidLocale
lstrlenW
lstrcmpW
CompareStringW
GetTempFileNameW
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
SetFileAttributesW
FormatMessageW
RaiseException
GetFileSize
CreateFileMappingW
MapViewOfFile
WriteConsoleOutputW
UnmapViewOfFile
InterlockedDecrement
InterlockedIncrement
CreateFileW
WriteFile
CreateThread
WaitForMultipleObjectsEx
InterlockedCompareExchange
WaitForSingleObjectEx
SetEvent
CreateEventW
GetExitCodeProcess
DeviceIoControl
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetFullPathNameW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
MoveFileExW
SearchPathW
GetSystemDefaultUILanguage
LoadLibraryExW
CreateFileA
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleCP
GetLocaleInfoA
Sleep
LoadLibraryExA
ReadFile
LCMapStringW
LCMapStringA
GetThreadLocale
SetThreadLocale
GetUserDefaultUILanguage
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
GetModuleFileNameW
SetCurrentDirectoryW
WaitForSingleObject
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
GetModuleHandleA
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetStartupInfoW
GetEnvironmentVariableW
lstrcmpiW
WideCharToMultiByte
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
LocalAlloc
GlobalFree
LocalFree
MultiByteToWideChar
GetCurrentProcess
GetLastError
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceLanguagesW
LocalReAlloc
EnterCriticalSection

gdi32

SetLayout
DeleteDC
GetObjectW
CreateCompatibleBitmap
CreateBitmap
SelectObject
StartPage
EndPage
StartDocW
EndDoc
GetTextMetricsW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
CreateCompatibleDC

user32

AllowSetForegroundWindow
DefWindowProcW
PostQuitMessage
GetUserObjectInformationW
GetProcessWindowStation
GetIconInfo
DrawIconEx
CreateIconIndirect
LoadIconW
LoadBitmapW
DrawTextExW
LoadImageW
GetSystemMetrics
GetSysColor
DestroyWindow
GetWindowLongW
SendDlgItemMessageW
InvalidateRect
SystemParametersInfoW
GetDC
ReleaseDC
SetWindowLongW
SetWindowTextW
GetParent
PostMessageW
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
DestroyIcon
DialogBoxParamW
SetDlgItemTextW
CharLowerW
GetDlgItem
SendMessageW
MessageBoxW
RegisterClassExW
CreateWindowExW
ShowWindow
UnregisterClassA
EndDialog

ntdll

RtlNtStatusToDosError
NtOpenThreadToken
NtQueryInformationToken
NtOpenProcessToken
RtlUnwind
NtClose

shell32

SHGetFolderPathW
ShellExecuteExW
ord59
CommandLineToArgvW

setupapi

SetupDiClassNameFromGuidW
SetupDiOpenClassRegKey
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupGetLineCountW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW
pSetupSetGlobalFlags
pSetupGetGlobalFlags
SetupGetFieldCount
SetupGetIntField
SetupOpenAppendInfFileW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
CM_Enumerate_Classes
CM_Get_DevNode_Status
SetupDiCreateDeviceInfoList
SetupDiSetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupGetTargetPathW
SetupQueueCopyIndirectW
SetupQueueCopyW
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupCopyOEMInfW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CM_Setup_DevNode
SetupDiEnumDeviceInfo
CMP_WaitNoPendingInstallEvents
CM_Query_And_Remove_SubTreeW

wintrust

WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

ole32

CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysFreeString

comctl32

CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_SetBkColor
PropertySheetW
ImageList_Create

comdlg32

PrintDlgExW
GetSaveFileNameW

crypt32

CertFreeCertificateContext
CertFreeCTLContext
CertGetCTLContextProperty
CryptQueryObject

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 470KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lch-loc.txt
rt-usb.cat

Sharing

General

Malware Config

Signatures

Files

e221f4f7d36469d53810a4b5f9fc8966

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4b:2f:83:d4:e0:7a:f8Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 208KB

.rsrc Size: 37KB - Virtual size: 36KB

169a48cc9c51ee5c3252871261341ac9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shlwapi

version

kernel32

user32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 2KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 610B

7efb019e000b6e0291c32d00fe622590

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

oleaut32

msvcrt

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4b:2f:83:d4:e0:7a:f8
Certificate

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 208KB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 610B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 318B

.reloc
Size: 1024B - Virtual size: 596B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 630B

.text
Size: 144KB - Virtual size: 142KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 24KB - Virtual size: 22KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4b:2f:83:d4:e0:7a:f8
Certificate

CODE
Size: 570KB - Virtual size: 569KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 33KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 62KB - Virtual size: 62KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate