Total[.]Cmd[.]Power[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Total.Cmd.Power.exe
Size

57.2MB
MD5

bfdd459dbb5dbc516b9fd3acbb8e1f30
SHA1

8cc22702ff2fd1fb30b04426187e720d1eb6f1db
SHA256

3384f004ac5e1f2f5c651040501bfbd9281b204c5940caab197112f68843ebf9
SHA512

dc572107f6aa107484b2012b9bc4ac4c0eb54274f48b7fd4becd5ba901e60b87660f6660137f7d64ffca0382abdd78285d686abe1b372330e4018dc39067f9c5
SSDEEP

1572864:AdPB0SM6Z57rsBcyDm4n3evw0b/h+KrmIzu5oOwkiC:+PB5M6nc2Y3Qj/hm2O9B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
Total.Cmd.Power.exe
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$WINDIR/NoClose.pif
unpack001/7z.dll
unpack001/7z.exe
unpack001/Plugins/wcx/Total7zip/7z.dll
unpack001/Plugins/wcx/Total7zip/7z.exe
unpack001/Setup/7z.dll
unpack001/Setup/7z.exe
unpack001/Utilites/AmoK/AmoK_DVD_Burner.exe
unpack001/Utilites/AmoK/tools/DVDVideo.exe
unpack001/Utilites/AutoRuns/Autoruns.exe
unpack001/Utilites/DWS/DWS_Lite.exe
unpack001/Utilites/DevEject/DevEject.exe
unpack001/Utilites/ISOCreator/ISOCreator.exe
unpack001/Utilites/Moverator/Moverator.exe
unpack001/Utilites/PasswordCracker/PCHook.dll
unpack001/Utilites/PasswordCracker/PWDCrack.exe
unpack001/Utilites/PasswordCracker/pchookU.dll
unpack001/out.upx

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2

Files

Total.Cmd.Power.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Arj.pif
$WINDIR/Lha.pif
$WINDIR/NoClose.pif
.exe windows:4 windows x86 arch:x86

4755901ae85dc368a090bd71a9aecb78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3346
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord1105
ord926
ord6877
ord1200
ord2764
ord860
ord858
ord924
ord4129
ord537
ord5683
ord5572
ord2915
ord1576
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord540
ord941
ord800
ord3825
ord825
ord1168

msvcrt

_except_handler3
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__p___argc
__p___argv
strstr
_mbsicmp
__CxxFrameHandler
_setmbcp
_stricmp
__set_app_type

kernel32

CreateProcessA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
GetPrivateProfileSectionA
Sleep
GetPrivateProfileIntA
GetVersion
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
CloseHandle
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
GetCommandLineA

user32

GetAsyncKeyState
GetMessageA
PostThreadMessageA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Pkunzip.pif
$WINDIR/Pkzip.pif
$WINDIR/Rar.pif
$WINDIR/Uc.pif
7z.dll
.dll windows:4 windows x86 arch:x86

6a7be52633b01426b17d148203c82793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharPrevExA
CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
exit
strchr
strcat
strcpy
memset
realloc
free
malloc
strlen
wcscmp
strcmp
strstr
_CxxThrowException
memmove
memcpy
memcmp
_purecall
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetOEMCP
FileTimeToLocalFileTime
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
CompareFileTime
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetModuleHandleA

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z.exe
.exe windows:4 windows x86 arch:x86

8c1dd070b13c63abc19b1534fe4b4867

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharUpperW

advapi32

LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
_ftol
memcmp
_purecall
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcpy
__CxxFrameHandler
_isatty
_fileno

kernel32

SetThreadAffinityMask
CreateEventW
SetEvent
InitializeCriticalSection
WaitForSingleObject
SetFileTime
VirtualFree
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
ResumeThread

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Language/Hist_rus.txt
Language/Keyb_rus.txt
Language/Keyb_ukr.txt
Language/License.txt
Language/SamTCPP.bmp
Language/WCMD_PTG.lng
Language/Wcmd_arb.mnu
Language/Wcmd_arm.lng
Language/Wcmd_arm.mnu
Language/Wcmd_bel.inc
Language/Wcmd_bel.lng
Language/Wcmd_bel.mnu
Language/Wcmd_eng.inc
Language/Wcmd_eng.lng
Language/Wcmd_eng.mnu
Language/Wcmd_est.inc
Language/Wcmd_est.lng
Language/Wcmd_est.mnu
Language/Wcmd_lat.lng
Language/Wcmd_lat.mnu
Language/Wcmd_ltu.lng
Language/Wcmd_ltu.mnu
Language/Wcmd_ptg.inc
Language/Wcmd_ptg.mnu
Language/Wcmd_rus.chm
.chm
Language/Wcmd_rus.inc
Language/Wcmd_rus.ini
Language/Wcmd_rus.lng
Language/Wcmd_rus.mnu
Language/Wcmd_rus_lite.mnu
Language/Wcmd_srb.inc
Language/Wcmd_srb.lng
Language/Wcmd_srb.mnu
Language/Wcmd_ukr.inc
Language/Wcmd_ukr.lng
Language/Wcmd_ukr.mnu
Language/Wcmd_uzb.inc
Language/Wcmd_uzb.lng
Language/Wcmd_uzb.mnu
Language/descript.ion
Language/wcmd_alb.inc
Language/wcmd_alb.lng
Language/wcmd_alb.mnu
Plugins/wcx/Total7zip/7z.dll
.dll windows:4 windows x86 arch:x86

6a7be52633b01426b17d148203c82793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharPrevExA
CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
exit
strchr
strcat
strcpy
memset
realloc
free
malloc
strlen
wcscmp
strcmp
strstr
_CxxThrowException
memmove
memcpy
memcmp
_purecall
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetOEMCP
FileTimeToLocalFileTime
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
CompareFileTime
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetModuleHandleA

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/wcx/Total7zip/7z.exe
.exe windows:4 windows x86 arch:x86

8c1dd070b13c63abc19b1534fe4b4867

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharUpperW

advapi32

LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
_ftol
memcmp
_purecall
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcpy
__CxxFrameHandler
_isatty
_fileno

kernel32

SetThreadAffinityMask
CreateEventW
SetEvent
InitializeCriticalSection
WaitForSingleObject
SetFileTime
VirtualFree
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
ResumeThread

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/7z.dll
.dll windows:4 windows x86 arch:x86

6a7be52633b01426b17d148203c82793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharPrevExA
CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
exit
strchr
strcat
strcpy
memset
realloc
free
malloc
strlen
wcscmp
strcmp
strstr
_CxxThrowException
memmove
memcpy
memcmp
_purecall
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetOEMCP
FileTimeToLocalFileTime
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
CompareFileTime
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetModuleHandleA

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/7z.exe
.exe windows:4 windows x86 arch:x86

8c1dd070b13c63abc19b1534fe4b4867

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharUpperW

advapi32

LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
_ftol
memcmp
_purecall
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcpy
__CxxFrameHandler
_isatty
_fileno

kernel32

SetThreadAffinityMask
CreateEventW
SetEvent
InitializeCriticalSection
WaitForSingleObject
SetFileTime
VirtualFree
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
ResumeThread

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/INSTALL.EXE
.exe windows:4 windows x86 arch:x86

2166933bee8d3fe4ebcb0ebc73ba56f7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

86:75:c1:86:25:76:c1:c2:d6:d6:5a:3d:9e:b8:5b:f5:b0:d5:65:b9:dc:f6:6a:d7:73:96:72:d9:92:d0:c3:8c
Signer

Actual PE Digest

86:75:c1:86:25:76:c1:c2:d6:d6:5a:3d:9e:b8:5b:f5:b0:d5:65:b9:dc:f6:6a:d7:73:96:72:d9:92:d0:c3:8c

Digest Algorithm

sha256

PE Digest Matches

true

9b:ef:26:ed:7f:03:25:be:dc:58:b8:4a:48:73:f2:a0:62:93:cf:c1
Signer

Actual PE Digest

9b:ef:26:ed:7f:03:25:be:dc:58:b8:4a:48:73:f2:a0:62:93:cf:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
GetWindowsDirectoryA
CopyFileA
GetUserDefaultLCID
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetVersionExA
GetCommandLineA
GetDriveTypeA
SetFilePointer
GetSystemDirectoryA
LocalFileTimeToFileTime
DosDateTimeToFileTime
IsValidCodePage
WideCharToMultiByte
GetStringTypeA
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
CreateFileA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersion
GetStartupInfoA
TerminateProcess
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
GetFileTime
GetFileSize
ReadFile
WriteFile
SetFileTime
DeleteFileA
WritePrivateProfileStringA
CreateDirectoryA
GetTickCount
Sleep
GetCurrentProcess
OpenProcess
GetStringTypeW
GetProcAddress
LoadLibraryA
GetModuleHandleA
CloseHandle
GetLastError
FindFirstFileA
FindNextFileA
FindClose
WinExec
GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
GetFileAttributesA
GetCPInfo
SetFileAttributesA

user32

BeginPaint
CharLowerA
GetUserObjectSecurity
FindWindowA
GetMessageA
UpdateWindow
CreateWindowExA
RegisterClassA
LoadIconA
OemToCharA
IsWindowUnicode
EndPaint
PostQuitMessage
DefWindowProcA
GetSystemMetrics
DrawTextW
BringWindowToTop
SetForegroundWindow
LoadCursorA
SetCursor
CharPrevA
MessageBoxA
CharUpperA
PostMessageA
MessageBoxW
EnumWindows
GetWindowTextA
GetClassLongA
GetWindowThreadProcessId
EnableWindow
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
SetFocus
DialogBoxParamW
DialogBoxParamA
MessageBeep
SendDlgItemMessageW
EndDialog
SendMessageW
SendMessageA
GetDlgItemTextA
DestroyWindow
CreateDialogParamW
CreateDialogParamA
GetDlgItem
ShowWindow
IsIconic
GetSystemMenu
DeleteMenu
GetDC
GetClientRect
FillRect
wsprintfA
GetSysColor
DrawTextA
ReleaseDC
SendDlgItemMessageA
SetWindowTextA
SetDlgItemTextW
SetDlgItemTextA
GetWindowRect
GetParent
MoveWindow
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetClassNameA

gdi32

CreateFontA
SelectObject
GetStockObject
DeleteObject
CreateSolidBrush
SetBkColor
SetBkMode
IntersectClipRect
SetTextColor

advapi32

AdjustTokenPrivileges
GetSecurityDescriptorOwner
GetTokenInformation
AllocateAndInitializeSid
LookupAccountSidA
FreeSid
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
LookupAccountNameA

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup/install.inf
Utilites/AmoK/AmoK_DVD_Burner.dklang
Utilites/AmoK/AmoK_DVD_Burner.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

data
Size: - Virtual size: 4.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 627KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Utilites/AmoK/deutsch.lng
Utilites/AmoK/english.lng
Utilites/AmoK/langid.pdf
.pdf
Utilites/AmoK/readme.txt
Utilites/AmoK/skin/ClearLooks-BLUE.skn
Utilites/AmoK/skin/ClearLooks-HUMAN.skn
Utilites/AmoK/skin/Crystal Clear-CRCL1S.skn
Utilites/AmoK/skin/Extensis-COPPER.skn
Utilites/AmoK/skin/Extensis-EXTENSIS.skn
Utilites/AmoK/skin/GNOME-Blue.skn
Utilites/AmoK/skin/GNOME-Gray.skn
Utilites/AmoK/skin/GNOME-Green.skn
Utilites/AmoK/skin/GUIRelax-CINDER.skn
Utilites/AmoK/skin/GUIRelax-SKYMAN.skn
Utilites/AmoK/skin/GUIRelax-SUBTLE.skn
Utilites/AmoK/skin/LE4-BLACKC.skn
Utilites/AmoK/skin/LE4-DEFAULT.skn
Utilites/AmoK/skin/Longhorn DWM-DWM.skn
Utilites/AmoK/skin/Longhorn Slate-Plex-SLATE.skn
Utilites/AmoK/skin/Longhorn Style-BLUE.skn
Utilites/AmoK/skin/Luna (Longhorn Revolution)-BLUE.skn
Utilites/AmoK/skin/Luna (Longhorn Revolution)-HOMESTEAD.skn
Utilites/AmoK/skin/Luna (Longhorn Revolution)-METALLIC.skn
Utilites/AmoK/skin/Luna (Longhorn Revolution)-NEON.skn
Utilites/AmoK/skin/MSN.skn
Utilites/AmoK/skin/MediaC-MEDIA1024.skn
Utilites/AmoK/skin/Mollis-BLUE.skn
Utilites/AmoK/skin/ONatural-BLUE.skn
Utilites/AmoK/skin/Office 2007.skn
Utilites/AmoK/skin/OpusOS-BLUEB2.skn
Utilites/AmoK/skin/OpusOS-DEEP2.skn
Utilites/AmoK/skin/OpusOS-OLIVE.skn
Utilites/AmoK/skin/Plex Style-PLEX.skn
Utilites/AmoK/skin/Plex Style-PLEXM6SVR.skn
Utilites/AmoK/skin/RoueGrey-SLIM.skn
Utilites/AmoK/skin/RoueOlive-SLIM.skn
Utilites/AmoK/skin/RoueSteel-SLIM.skn
Utilites/AmoK/skin/Royale Glass-GRAPHITE.skn
Utilites/AmoK/skin/Royale Glass-INDIGO.skn
Utilites/AmoK/skin/Royale1-BLUE.skn
Utilites/AmoK/skin/Royale1-HOMESTEAD.skn
Utilites/AmoK/skin/Royale1-METALLIC.skn
Utilites/AmoK/skin/Samui-SAMUI.skn
Utilites/AmoK/skin/Samui-SAMUI22.skn
Utilites/AmoK/skin/Sustenance-BLUE.skn
Utilites/AmoK/skin/Sustenance-ERGO.skn
Utilites/AmoK/skin/Sustenance-METALLIC.skn
Utilites/AmoK/skin/Sustenance-OLIVE.skn
Utilites/AmoK/skin/Sustenance-SLATE.skn
Utilites/AmoK/skin/System4-BLACK2.skn
Utilites/AmoK/skin/System4-BLUE.skn
Utilites/AmoK/skin/TD 4-PANTHER.skn
Utilites/AmoK/skin/TangoXP-BLUE.skn
Utilites/AmoK/skin/TangoXP-OLIVE.skn
Utilites/AmoK/skin/Tiger-WINDOWB.skn
Utilites/AmoK/skin/Tiger-WINDOWG.skn
Utilites/AmoK/skin/Tiger2-TGR.skn
Utilites/AmoK/skin/Tiger2-TGRPS.skn
Utilites/AmoK/skin/VistaXP-VISTAXPB2.skn
Utilites/AmoK/skin/VistaXP-VISTAXPS2.skn
Utilites/AmoK/skin/Watercolor-BLUE.skn
Utilites/AmoK/skin/Xplorer.skn
Utilites/AmoK/skin/corona-CORONA.skn
Utilites/AmoK/skin/corona-CORONA12.skn
Utilites/AmoK/skin/iTunes.skn
Utilites/AmoK/skin/luna-BLUE.skn
Utilites/AmoK/skin/luna-HOMESTEAD.skn
Utilites/AmoK/skin/luna-METALLIC.skn
Utilites/AmoK/skin/macos.skn
Utilites/AmoK/skin/mxp05.skn
Utilites/AmoK/skin/mxp1.skn
Utilites/AmoK/skin/mxp2.skn
Utilites/AmoK/skin/mxp3.skn
Utilites/AmoK/skin/mxskin03.skn
Utilites/AmoK/skin/mxskin10.skn
Utilites/AmoK/skin/mxskin11.skn
Utilites/AmoK/skin/mxskin13.skn
Utilites/AmoK/skin/mxskin14.skn
Utilites/AmoK/skin/mxskin15.skn
Utilites/AmoK/skin/mxskin16.skn
Utilites/AmoK/skin/mxskin17.skn
Utilites/AmoK/skin/mxskin18.skn
Utilites/AmoK/skin/mxskin19.skn
Utilites/AmoK/skin/mxskin2.skn
Utilites/AmoK/skin/mxskin20.skn
Utilites/AmoK/skin/mxskin21.skn
Utilites/AmoK/skin/mxskin22.skn
Utilites/AmoK/skin/mxskin23.skn
Utilites/AmoK/skin/mxskin24.skn
Utilites/AmoK/skin/mxskin25.skn
Utilites/AmoK/skin/mxskin26.skn
Utilites/AmoK/skin/mxskin27.skn
Utilites/AmoK/skin/mxskin28.skn
Utilites/AmoK/skin/mxskin29.skn
Utilites/AmoK/skin/mxskin30.skn
Utilites/AmoK/skin/mxskin31.skn
Utilites/AmoK/skin/mxskin32.skn
Utilites/AmoK/skin/mxskin33.skn
Utilites/AmoK/skin/mxskin35.skn
Utilites/AmoK/skin/mxskin36.skn
Utilites/AmoK/skin/mxskin37.skn
Utilites/AmoK/skin/mxskin38.skn
Utilites/AmoK/skin/mxskin39.skn
Utilites/AmoK/skin/mxskin41.skn
Utilites/AmoK/skin/mxskin42.skn
Utilites/AmoK/skin/mxskin43.skn
Utilites/AmoK/skin/mxskin44.skn
Utilites/AmoK/skin/mxskin45.skn
Utilites/AmoK/skin/mxskin46.skn
Utilites/AmoK/skin/mxskin47.skn
Utilites/AmoK/skin/mxskin48.skn
Utilites/AmoK/skin/mxskin49.skn
Utilites/AmoK/skin/mxskin50.skn
Utilites/AmoK/skin/mxskin51.skn
Utilites/AmoK/skin/mxskin53.skn
Utilites/AmoK/skin/mxskin54.skn
Utilites/AmoK/skin/mxskin55.skn
Utilites/AmoK/skin/mxskin56.skn
Utilites/AmoK/skin/mxskin57.skn
Utilites/AmoK/skin/mxskin58.skn
Utilites/AmoK/skin/mxskin59.skn
Utilites/AmoK/skin/mxskin61.skn
Utilites/AmoK/skin/mxskin63.skn
Utilites/AmoK/skin/mxskin64.skn
Utilites/AmoK/skin/mxskin65.skn
Utilites/AmoK/skin/mxskin66.skn
Utilites/AmoK/skin/mxskin68.skn
Utilites/AmoK/skin/mxskin71.skn
Utilites/AmoK/skin/mxskin8.skn
Utilites/AmoK/skin/mxskin9.skn
Utilites/AmoK/skin/office2003.skn
Utilites/AmoK/skin/skin.skn
Utilites/AmoK/skin/solaris99.skn
Utilites/AmoK/skin/wmpx-XMP2.skn
Utilites/AmoK/skin/wmpx-XMPX3.skn
Utilites/AmoK/tools/DVDVideo.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

data
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 317KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Utilites/AmoK/translation.txt
Utilites/AutoRuns/Autoruns.exe
.exe windows:6 windows x64 arch:x64

45bca6f7718b47b1379c2e34d09b011b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\x64\Release\autoruns64.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_Add
ImageList_ReplaceIcon
ImageList_Draw
ImageList_Remove
ImageList_GetIcon
ImageList_GetImageCount
ord17
ImageList_Create

crypt32

CertDuplicateCertificateContext
CertGetNameStringW
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile

wintrust

CryptCATAdminCalcHashFromFileHandle

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
NtDeleteKey
NtOpenKey
NtCreateKey
RtlUnwind

kernel32

GetProfileStringW
WriteProfileStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileW
GetComputerNameW
GetLocaleInfoW
GetNumberFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
MultiByteToWideChar
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
CreateThread
GetExitCodeThread
ExpandEnvironmentStringsA
LoadLibraryExA
GetModuleHandleW
TryEnterCriticalSection
LocalAlloc
SetFileAttributesW
InitializeSRWLock
lstrlenW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetStdHandle
ResumeThread
FreeLibraryAndExitThread
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
SetFilePointerEx
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
GetFileType
ReadFile
FileTimeToLocalFileTime
LoadLibraryW
GetProcAddress
Sleep
GetLastError
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSizeEx
LoadLibraryExW
GetVersionExW
SetLastError
FreeEnvironmentStringsW
WriteConsoleW
SetEndOfFile
TlsFree
WideCharToMultiByte
OutputDebugStringW
lstrcatW
RemoveDirectoryW
GetTempFileNameW
GetLongPathNameW
GetFullPathNameW
GetFileTime
EncodePointer
GlobalLock
GlobalUnlock
GlobalAlloc
FreeLibrary
GetSystemWow64DirectoryW
IsWow64Process
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
GetTickCount
GetVersion
OpenProcess
CreateProcessW
TlsSetValue
TlsAlloc
ExitThread
TerminateProcess
GetCurrentProcess
CreateSemaphoreW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetErrorMode
GetTempPathW
WriteFile
InitializeSListHead
GetFileSize
DeleteFileW
CreateDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TlsGetValue
GetModuleFileNameW
ReleaseSRWLockExclusive
LocalFree
GetCommandLineW
GetStdHandle
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FormatMessageW
AcquireSRWLockExclusive
MulDiv
ExitProcess
GetModuleHandleExW
GetConsoleCP

user32

GetCursorPos
GetWindowRect
GetClientRect
GetWindowTextW
ClientToScreen
ScreenToClient
ChildWindowFromPoint
GetSysColor
IntersectRect
UnionRect
OffsetRect
PtInRect
GetWindowLongW
GetWindowLongPtrW
GetPropW
SetPropW
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetClassNameW
GetWindowThreadProcessId
LoadBitmapW
LoadIconW
LoadImageW
CopyImage
DrawIconEx
CreateIconIndirect
SetWindowLongPtrW
GetParent
SetParent
EnumChildWindows
FindWindowW
FindWindowExW
GetDC
SetForegroundWindow
GetIconInfo
SetMenuItemInfoW
TrackPopupMenu
DeleteMenu
ModifyMenuW
InsertMenuW
GetSubMenu
EnableMenuItem
CheckMenuItem
DrawMenuBar
GetMenu
GetSystemMetrics
TranslateAcceleratorW
LoadAcceleratorsW
EnableWindow
KillTimer
SetTimer
ReleaseCapture
GetFocus
SetFocus
CharUpperW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
DialogBoxParamW
CreateDialogParamW
IsZoomed
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
WaitForInputIdle
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
RegisterWindowMessageW
LoadStringW
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
MessageBoxW
IsDialogMessageW
EnumDisplaySettingsW
DrawTextW
MapWindowPoints
DestroyIcon

gdi32

CreateDIBSection
GetDIBits
ExtTextOutW
GetObjectW
GetTextMetricsW
SetTextColor
SetBkMode
SetBkColor
SelectObject
GetTextExtentPoint32W
GetStockObject
DeleteObject
CreateSolidBrush
CreateFontIndirectW
CreateBitmap
BitBlt
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC
GdiFlush

comdlg32

CommDlgExtendedError
ChooseFontW
FindTextW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegGetKeySecurity
RegLoadKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegUnLoadKeyW
RegQueryValueW
DeleteService
GetServiceDisplayNameW
QueryServiceConfig2W
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
CommandLineToArgvW
SHBrowseForFolderW
SHChangeNotify
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance

oleaut32

VariantChangeType
VariantInit
SysAllocStringByteLen
SysStringLen
VariantClear
SysFreeString
SysAllocString

shlwapi

SHCreateStreamOnFileW
SHAutoComplete
UrlUnescapeW
ord176

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Utilites/AutoRuns/Eula.txt
Utilites/AutoRuns/autoruns.chm
.chm
Utilites/AutoRuns/autorunsc.exe
.exe windows:6 windows x64 arch:x64

8ecaaea3a76db93c66f46f6b584b368e

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:65:ea:df:5b:cd:e9:d6:e1:b6:c6:09:fd:bc:aa:6a:4d:be:9f:d4:92:2e:12:d3:d9:4d:d2:c7:8d:b7:d8:0b
Signer

Actual PE Digest

d3:65:ea:df:5b:cd:e9:d6:e1:b6:c6:09:fd:bc:aa:6a:4d:be:9f:d4:92:2e:12:d3:d9:4d:d2:c7:8d:b7:d8:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\x64\Release Console\autorunsc64.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

ImageList_ReplaceIcon
ImageList_Add

crypt32

CertGetNameStringW
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDuplicateCertificateContext

wintrust

CryptCATAdminCalcHashFromFileHandle

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenKey
NtCreateKey
RtlUnwind

kernel32

GetSystemWow64DirectoryW
FormatMessageA
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
CreateThread
GetExitCodeThread
GetConsoleCP
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
OutputDebugStringW
WideCharToMultiByte
GetSystemWindowsDirectoryW
GetVersion
OpenProcess
TlsSetValue
TlsAlloc
ExitThread
GetCurrentProcess
InitializeCriticalSection
SetErrorMode
WriteFile
GetLongPathNameW
IsWow64Process
GetFullPathNameW
GetFileTime
GetFileSize
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TlsGetValue
GetModuleFileNameW
LocalFree
LocalAlloc
GetFileType
GetCommandLineW
GetStdHandle
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FormatMessageW
MulDiv
GetModuleHandleW
ReadFile
FileTimeToLocalFileTime
LoadLibraryW
GetProcAddress
Sleep
GetLastError
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSizeEx
LoadLibraryExW
GetVersionExW
SetLastError
WriteConsoleW
SetEndOfFile
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibraryAndExitThread
GetStringTypeW
SetFilePointerEx
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetCommandLineA
SetStdHandle

user32

GetSubMenu
MessageBoxW
GetParent
SetDlgItemTextW
PostMessageW
LoadStringW
SendMessageW
DestroyIcon
LoadIconW
DeleteMenu
InsertMenuW
CheckMenuItem
GetMenu
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW

gdi32

DeleteObject
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC

comdlg32

PrintDlgW

advapi32

CryptAcquireContextW
QueryServiceConfig2W
GetServiceDisplayNameW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
RegQueryValueW
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenServiceW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetFileInfoW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx

oleaut32

VariantChangeType
VariantInit
SysAllocStringByteLen
SysStringLen
VariantClear
SysFreeString
SysAllocString

shlwapi

UrlUnescapeW
ord176

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilites/DWS/DWS_Lite.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Nummer\Documents\GitHub\Destroy-Windows-10-Spying\DWS\obj\Release\DWS.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilites/DevEject/DevEject.exe
.exe windows:4 windows x86 arch:x86

fb4ab69a560d20c548cbcb76d7218196

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

GetProcAddress
GetLastError
LoadLibraryA
GetModuleHandleA
GetVersion
FreeLibrary
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
RtlUnwind
InterlockedExchange
FlushFileBuffers
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
SetStdHandle
CloseHandle

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Utilites/DevEject/DevEject.txt
Utilites/DevEject/RemoveDrive.exe
.exe windows:5 windows x86 arch:x86

0927d81a4c4599431090a27414dff9e6

Code Sign

5b:16:02:a6:5c:10:8c:b5:47:a1:5f:08:9a:33:5c:5b
Certificate

Issuer

CN=Uwe Sieber,O=www.uwe-sieber.de,1.2.840.113549.1.9.1=#0c126d61696c407577652d7369656265722e6465

Not Before

08/09/2011, 13:43

Not After

30/12/2099, 22:00

Subject

CN=Uwe Sieber,O=www.uwe-sieber.de,1.2.840.113549.1.9.1=#0c126d61696c407577652d7369656265722e6465

Extended Key Usages

ExtKeyUsageCodeSigning

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cd:9c:18:9f:15:be:38:4c:71:90:df:44:a2:8a:08:d5:6d:99:74:1f
Signer

Actual PE Digest

cd:9c:18:9f:15:be:38:4c:71:90:df:44:a2:8a:08:d5:6d:99:74:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\1Source\VC\RemoveDrive2800\Release\RemoveDrive.pdb

Imports

setupapi

CM_Get_DevNode_Registry_PropertyA
SetupDiEnumDeviceInfo
CM_Query_And_Remove_SubTreeW
CM_Request_Device_EjectW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

shlwapi

PathUnquoteSpacesW
StrStrIW
StrStrW
StrTrimA
PathFindFileNameA
PathFindExtensionA
PathRenameExtensionA
StrStrIA
StrChrA
StrToIntA
StrChrIA
StrNCatA
StrStrA
PathCompactPathExA

psapi

GetModuleFileNameExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

FindVolumeMountPointClose
FindNextVolumeA
FindVolumeClose
GetVersionExA
GetDiskFreeSpaceExA
FormatMessageA
LocalFree
SetFileAttributesA
CreateProcessA
WideCharToMultiByte
lstrlenW
FindNextVolumeMountPointA
LoadLibraryA
ReadFile
DefineDosDeviceA
FindFirstVolumeMountPointA
FindFirstVolumeA
QueryDosDeviceW
GetFileAttributesW
MultiByteToWideChar
GetOverlappedResult
GetModuleHandleA
GetProcAddress
GetTickCount
GetCurrentProcessId
lstrcpyA
OpenProcess
DuplicateHandle
GetCurrentProcess
CloseHandle
WaitForSingleObject
CreateThread
Sleep
GetExitCodeThread
lstrcatA
lstrlenA
lstrcmpiA
FindFirstFileA
GetFileAttributesA
CreateFileA
FindNextFileA
FindClose
GetModuleFileNameA
SetConsoleCtrlHandler
GetStdHandle
SetConsoleMode
GetConsoleScreenBufferInfo
GetNumberOfConsoleInputEvents
PeekConsoleInputA
FlushConsoleInputBuffer
GetConsoleWindow
ReadConsoleInputA
SetConsoleTextAttribute
SetConsoleCursorPosition
ReadConsoleOutputA
lstrcmpA
WriteConsoleOutputAttribute
OutputDebugStringA
GetCommandLineA
GetProcessHeap
SetUnhandledExceptionFilter
ExitProcess
HeapAlloc
HeapFree
WriteFile
GetTempPathA
SetLastError
GetCurrentThreadId
GetLastError
FreeLibrary
lstrcpynA
DeviceIoControl
GetDriveTypeA
QueryDosDeviceA
GetVolumePathNameA
GetVolumeNameForVolumeMountPointA
SetErrorMode
GetFullPathNameA
GetCurrentDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
CopyFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetPrivateProfileStringA
WritePrivateProfileStringA
FlushFileBuffers
lstrcpyW
GetVolumeInformationA
CreateEventA

user32

SetForegroundWindow
FlashWindowEx
SendMessageTimeoutA
ShowWindow
wvsprintfA
CharToOemA
GetKeyState
GetAsyncKeyState
CharUpperA
GetWindowThreadProcessId
IsWindowVisible
GetDesktopWindow
GetWindow
wsprintfA
CharLowerA

advapi32

OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
ControlService
LookupPrivilegeValueA

shell32

SHChangeNotify
ord680
ShellExecuteA

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Utilites/DevEject/RemoveDrive.js
.js
Utilites/DevEject/RemoveDrive.txt
Utilites/DevEject/RemoveDriveRus.txt
Utilites/DevEject/RemoveFlashRus.txt
Utilites/GeekUninstaller/geek.exe
.exe windows:6 windows x86 arch:x86

e334078374fb22fccd395b058f22ade4

Code Sign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:8f:12:e7:c1:d3:cd:c5:c2:f2:a2:ca:7a:ea:57:db:06:d1:23:a9:d5:d9:73:3f:9c:b6:a2:d9:69:4e:cf:19
Signer

Actual PE Digest

37:8f:12:e7:c1:d3:cd:c5:c2:f2:a2:ca:7a:ea:57:db:06:d1:23:a9:d5:d9:73:3f:9c:b6:a2:d9:69:4e:cf:19

Digest Algorithm

sha256

PE Digest Matches

true

ed:cb:c5:70:03:c0:9a:74:db:08:85:df:08:2a:5f:5f:a3:4b:7f:59
Signer

Actual PE Digest

ed:cb:c5:70:03:c0:9a:74:db:08:85:df:08:2a:5f:5f:a3:4b:7f:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\uninstall-tool\Ready\geek.pdb

Imports

kernel32

GetFileSizeEx
GlobalFlags
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetDriveTypeW
LocalReAlloc
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetCPInfo
LCMapStringEx
GetStringTypeW
OutputDebugStringW
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalReAlloc
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
GetThreadLocale
GetPrivateProfileIntW
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
GetACP
InitializeCriticalSectionEx
OpenEventW
OpenMutexW
CreateMutexW
GlobalFree
lstrlenA
ExitProcess
CompareStringW
EnumResourceLanguagesW
EnumResourceTypesW
EnumResourceNamesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalGetAtomNameW
lstrcmpA
ResumeThread
SetThreadPriority
CreateThread
CreateDirectoryW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
LocalUnlock
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GlobalLock
GlobalUnlock
GlobalAlloc
SetFilePointer
lstrcatW
lstrcpyW
VirtualProtect
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalAlloc
GetModuleFileNameW
GetCurrentThread
GetProcessTimes
FileTimeToLocalFileTime
CompareFileTime
LocalFree
GetTempFileNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
FormatMessageW
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MoveFileExW
SystemTimeToFileTime
GetSystemTime
CreateProcessW
GetExitCodeProcess
GetComputerNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
LoadLibraryW
GetLongPathNameW
GetExitCodeThread
GetTickCount
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
lstrcmpW
SearchPathW
ReadFile
GetFileSize
GetCommandLineW
GetLocalTime
Sleep
GetCurrentDirectoryW
VerifyVersionInfoW
lstrcpynW
MulDiv
VerSetConditionMask
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenW
OpenProcess
TerminateProcess
GetLastError
WideCharToMultiByte
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetUserDefaultUILanguage
GetModuleHandleW
GetCurrentProcess
GetTempPathW
WriteFile
DeleteFileW
MultiByteToWideChar
GetCurrentProcessId
FindResourceW
SizeofResource
LockResource
LoadResource
CreateFileW
TerminateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
SetLastError
CloseHandle
ReadConsoleW

user32

CopyAcceleratorTableW
LoadAcceleratorsW
IsWindowEnabled
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardState
IsCharLowerW
CharUpperW
IsIconic
GetKeyboardLayout
GetKeyboardLayoutList
ToUnicodeEx
GetMenuItemCount
GetMenuItemInfoW
GetMenuItemID
SetParent
GetTopWindow
UpdateWindow
LoadMenuW
MapVirtualKeyW
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetDesktopWindow
IntersectRect
InvertRect
LockWindowUpdate
GetDCEx
GetSubMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetCapture
CreateIconIndirect
CreateIconFromResourceEx
LoadBitmapW
TabbedTextOutW
DrawStateW
GrayStringW
DrawTextExW
RegisterClipboardFormatW
ReleaseCapture
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
WinHelpW
IsDialogMessageW
LoadIconW
GetWindow
GetLastActivePopup
MessageBeep
RedrawWindow
EndPaint
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
MoveWindow
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
DrawFocusRect
IsClipboardFormatAvailable
SetPropW
EnableWindow
GetWindowTextW
WaitForInputIdle
SetWindowLongW
GetWindowLongW
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
BringWindowToTop
SetWindowPos
ShowWindow
CreateWindowExW
DefWindowProcW
GetMessageW
CharLowerBuffW
CharLowerBuffA
FillRect
InsertMenuW
SetWindowTextW
GetDlgItem
CharLowerW
CopyIcon
GetClassNameW
ClientToScreen
KillTimer
MapWindowPoints
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
SetActiveWindow
SetWindowRgn
UnionRect
GetMenuStringW
LookupIconIdFromDirectoryEx
GetCursor
WindowFromPoint
DrawEdge
GetDoubleClickTime
SetTimer
SetForegroundWindow
GetMenuDefaultItem
TrackPopupMenu
IsWindowVisible
UnregisterClassW
GetActiveWindow
EqualRect
IsRectEmpty
SetRectEmpty
GetForegroundWindow
SystemParametersInfoW
SetClassLongW
InflateRect
GetMenu
SetMenu
GetMenuState
GetClassLongW
SetCursorPos
CallWindowProcW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
GetTabbedTextExtentA
MapDialogRect
GetWindowPlacement
SetWindowPlacement
TranslateAcceleratorW
SendDlgItemMessageA
IsZoomed
MessageBoxW
EnumWindows
RegisterWindowMessageW
SendMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
DestroyIcon
LoadImageW
DrawIconEx
GetIconInfo
GetSystemMetrics
GetWindowRect
SendMessageTimeoutW
GetWindowThreadProcessId
DrawFrameControl
GetMessagePos
CreatePopupMenu
AppendMenuW
GetDC
ReleaseDC
CopyRect
GetPropW
RemovePropW
GetWindowTextLengthW
MonitorFromWindow
GetMonitorInfoW
SetScrollRange
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
DeleteMenu
RealChildWindowFromPoint
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageW
GetScrollPos
ValidateRect
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem

gdi32

CombineRgn
CreatePatternBrush
StretchDIBits
Ellipse
GetCharWidthW
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetTextAlign
GetTextExtentPoint32A
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
ExtSelectClipRgn
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
GetBkColor
RestoreDC
RealizePalette
SaveDC
SetDIBitsToDevice
ExcludeClipRect
SelectClipRgn
Polyline
SetMapMode
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
CreateFontW
GetViewportOrgEx
GetBitmapBits
ExtCreateRegion
SetBkMode
PtInRegion
CreateRectRgn
GetTextMetricsW
GetTextColor
GetCurrentObject
Polygon
PatBlt
EnumFontFamiliesExW
CreateRectRgnIndirect
ExtTextOutW
TextOutW
CreateDIBSection
SetStretchBltMode
StretchBlt
SetPixel
RectVisible
PtVisible
GetPixel
GetDIBits
Escape
CreateBitmap
BitBlt
SetTextColor
SetBkColor
DeleteDC
CreateDCW
RoundRect
Rectangle
GetStockObject
GetDeviceCaps
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
GetTextExtentPoint32W
CreateSolidBrush

msimg32

GradientFill

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueW
RegEnumKeyW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
ConvertSidToStringSidW
IsValidSid
GetTokenInformation

shell32

ExtractIconExW
SHGetFileInfoW
CommandLineToArgvW
SHFileOperationW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
DragQueryFileW
DragFinish

comctl32

ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
InitCommonControlsEx

shlwapi

PathRemoveArgsW
PathUnquoteSpacesW
PathFileExistsW
PathParseIconLocationW
PathIsDirectoryW
StrFormatByteSizeW
PathAddBackslashW
PathRemoveFileSpecW
PathMatchSpecW
PathStripPathW
ord487
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
UrlUnescapeW

uxtheme

IsAppThemed
DrawThemeParentBackground
OpenThemeData
DrawThemeBackground
GetThemePartSize
CloseThemeData
IsThemeBackgroundPartiallyTransparent

ole32

CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
StgCreateDocfileOnILockBytes
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
LoadTypeLi
SafeArrayGetElemsize
SafeArrayGetDim
OleCreateFontIndirect
VariantChangeType
VarUdateFromDate
VarBstrFromDate
VarDateFromStr
VariantChangeTypeEx
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicturePath
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantCopy
VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy

oledlg

OleUIBusyW
OleUIAddVerbMenuW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcessModules

gdiplus

GdipGetImageWidth
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipAlloc
GdipFree
GdiplusStartup
GdipCreateBitmapFromHICON
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdipGetImageHeight
GdipImageRotateFlip

winmm

PlaySoundW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Utilites/ISOCreator/ISOCreator.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\FreeISOCreator\FreeISOCreator\obj\x86\Release\FreeISOCreator.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilites/Moverator/Moverator.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\programming\moverator\obj\Release\moverator.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilites/PasswordCracker/Cesky.lng
Utilites/PasswordCracker/Chinese[RPC].lng
Utilites/PasswordCracker/Danish.lng
Utilites/PasswordCracker/Espaniol.lng
Utilites/PasswordCracker/Filipino.lng
Utilites/PasswordCracker/French.lng
Utilites/PasswordCracker/German.lng
Utilites/PasswordCracker/Greek.lng
Utilites/PasswordCracker/Hindi.lng
Utilites/PasswordCracker/Italiano.lng
Utilites/PasswordCracker/Link.txt
Utilites/PasswordCracker/Nederlands.lng
Utilites/PasswordCracker/PCHook.dll
.dll windows:4 windows x86 arch:x86

dcef0d72f05c748fc9f8c3e00ecaea1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
FreeLibrary

user32

RedrawWindow
SetWindowLongA
GetWindowLongA
SendMessageA
GetClientRect
CallNextHookEx
IsWindow
SendMessageTimeoutA
SetWindowsHookExA
GetWindowThreadProcessId
UnhookWindowsHookEx

Exports

Exports

_DllMain@12
_Install
_UnInstall

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 609B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilites/PasswordCracker/PWDCrack.exe
.exe windows:4 windows x86 arch:x86

8a18f8be2344de27befb518f02d958d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetLocaleInfoW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetCurrentThreadId
FormatMessageW
LocalFree
LocalAlloc
SetLastError
GetLocalTime
InterlockedExchange
InterlockedCompareExchange
WriteFile
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetCurrentProcessId
FindNextFileW
GetStartupInfoW
IsBadCodePtr
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
IsBadReadPtr
Sleep
CreateEventW
CreateThread
ResumeThread
SetEvent
MultiByteToWideChar
SetErrorMode
GetFileAttributesW
GetLastError
GetModuleHandleW
IsBadStringPtrW
WaitForSingleObject
CloseHandle
FindFirstFileW
FindClose
GetCurrentProcess
FlushInstructionCache
OutputDebugStringW
DebugBreak
lstrlenA
InterlockedIncrement
InterlockedDecrement
CompareStringW
lstrcmpiW
lstrcpyW
lstrlenW
LoadLibraryW
GetProcAddress
FreeLibrary

user32

SetWindowPos
LoadIconW
SetForegroundWindow
GetSubMenu
EnableMenuItem
GetMenuItemID
TrackPopupMenuEx
PostMessageW
DestroyMenu
TrackPopupMenu
DrawFrameControl
CopyRect
InflateRect
LoadBitmapW
LoadMenuW
MessageBoxW
GetActiveWindow
DialogBoxParamW
DeleteMenu
SetCursorPos
GetSystemMetrics
SystemParametersInfoW
GetMenuItemCount
SetMenuItemInfoW
GetSystemMenu
CharUpperW
ShowWindow
FlashWindow
CreatePopupMenu
AppendMenuW
CheckMenuItem
SetMenuDefaultItem
InsertMenuW
CreateDialogParamW
GetWindow
DestroyWindow
GetWindowThreadProcessId
GetSysColorBrush
GetIconInfo
SetWindowTextW
ClientToScreen
GetWindowRect
GetKeyboardLayout
MapWindowPoints
KillTimer
GetMenuStringW
DestroyIcon
RedrawWindow
CallWindowProcW
LoadStringW
wvsprintfW
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
FillRect
CharNextW
GetDlgCtrlID
CreateWindowExW
ReleaseDC
GetDC
GetClientRect
DrawTextW
OffsetRect
GetClassNameW
GetWindowLongW
SetWindowLongW
LoadCursorW
GetWindowTextLengthW
GetWindowTextW
GetCursorPos
ScreenToClient
SetCursor
EndPaint
BeginPaint
GetParent
InvalidateRect
PtInRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
UpdateWindow
IsWindow
DefWindowProcW
SendMessageW
EndDialog
GetKeyboardLayoutList
IsWindowVisible
WindowFromPoint
MessageBeep
SetRectEmpty
DrawIconEx
GetDlgItem
LoadImageW
SetTimer

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW

gdi32

GetObjectType
SetBkMode
SetTextColor
DeleteDC
SelectObject
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteObject

advapi32

CheckTokenMembership
RegQueryValueExW
RegOpenKeyExW
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
OpenProcessToken
RegCloseKey

comctl32

ImageList_Draw
ImageList_Add
ImageList_Create
ImageList_Destroy
_TrackMouseEvent

rpcrt4

UuidFromStringA

msvcrt

??3@YAXPAX@Z
free
malloc
memset
_wtoi
memcpy
??2@YAPAXI@Z
wcslen
iswdigit
_wsplitpath
wcscmp
wcsncpy
wcschr
wcsstr
memmove
_ftol
_wcsicmp
swprintf
_wcsicoll
wcsrchr
_except_handler3
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
__dllonexit
_onexit
_controlfp
__p__fmode

ole32

CoInitialize
CoCreateInstance

shell32

ShellExecuteW
Shell_NotifyIconW

oleaut32

SysFreeString
SysAllocStringLen
VariantClear

pchooku

_Install
_UnInstall

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Utilites/PasswordCracker/Polish.lng
Utilites/PasswordCracker/Portugues [BR].lng
Utilites/PasswordCracker/Portugues.lng
Utilites/PasswordCracker/ReadMe_En.htm
Utilites/PasswordCracker/ReadMe_Ru.htm
Utilites/PasswordCracker/Rename_To_Language_Name_In_English.lng
Utilites/PasswordCracker/Russian.lng
Utilites/PasswordCracker/Russian_U.lng
Utilites/PasswordCracker/Settings.ini
Utilites/PasswordCracker/Sinhala.lng
Utilites/PasswordCracker/Ukrainian.lng
Utilites/PasswordCracker/Zhope.lng
Utilites/PasswordCracker/pchookU.dll
.dll windows:4 windows x86 arch:x86

8835efc0d212d1b5869a9e57bdff8ede

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
FreeLibrary

user32

RedrawWindow
SetWindowLongW
GetWindowLongW
SendMessageW
GetClientRect
CallNextHookEx
IsWindow
SendMessageTimeoutW
SetWindowsHookExW
GetWindowThreadProcessId
UnhookWindowsHookEx

Exports

Exports

_DllMain@12
_Install
_UnInstall

Sections

.text
Size: 1024B - Virtual size: 611B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilites/PasswordCracker/pwdcrack.exe.manifest
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 252KB

UPX1 Size: 20KB - Virtual size: 20KB

.rsrc Size: 73KB - Virtual size: 76KB

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 654B

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 646B

.data Size: - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 146B

4755901ae85dc368a090bd71a9aecb78

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

6a7be52633b01426b17d148203c82793

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

msvcrt

UPX0
Size: - Virtual size: 252KB

UPX1
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 73KB - Virtual size: 76KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 654B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 885KB - Virtual size: 885KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 1KB - Virtual size: 34KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 36KB - Virtual size: 36KB

.text
Size: 252KB - Virtual size: 252KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 1KB - Virtual size: 9KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 885KB - Virtual size: 885KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 1KB - Virtual size: 34KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 36KB - Virtual size: 36KB

.text
Size: 252KB - Virtual size: 252KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 1KB - Virtual size: 9KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB