fbcf9d6a8944164dcfb5c7f8f1732d15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbcf9d6a8944164dcfb5c7f8f1732d15_JaffaCakes118
Size

3.2MB
MD5

fbcf9d6a8944164dcfb5c7f8f1732d15
SHA1

01951fc374916284a2307abbe2982cd0c9cb2073
SHA256

28f5d9ad6cd9f296e5f74f25608fcbe62750112f7c3f308dc0ef2fc976b7f8fb
SHA512

a55b1bd3c3b2c89e550f321ef1c666b2fac12693033595460f84dde652d471ae0484fcb8648307a2a03bedd7a20c7be681bacaa6eb3ed33ca185ee78ec5d0250
SSDEEP

98304:0OOO3q6Ruwq1gO1EVpxhGLZadvj5P93oPFmb+mgo:793wwjvp6LZad5P94Fe+E

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
fbcf9d6a8944164dcfb5c7f8f1732d15_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/saction.dll
unpack001/GrabKernel.dll
unpack001/IEProFrm.dll
unpack001/IEProRes.dll
unpack001/IEProRs.dll
unpack001/MiniDM.exe
unpack001/winfile.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

fbcf9d6a8944164dcfb5c7f8f1732d15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/saction.dll
.dll windows:4 windows x86 arch:x86

e0dbe201ef881c2240becf6ab72022a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\ie7pro2\Setup\saction\Release\saction.pdb

Imports

ws2_32

WSAStartup
WSACleanup
gethostbyname

kernel32

WideCharToMultiByte
CreateDirectoryW
MultiByteToWideChar
FindResourceW
WritePrivateProfileStringA
SizeofResource
lstrlenA
LockResource
LoadResource
FindResourceExW
FindFirstFileW
GetFullPathNameW
SetLastError
FindNextFileW
CopyFileW
FindClose
GetWindowsDirectoryW
lstrcatW
lstrcpyW
lstrcmpiW
GetProcAddress
WaitForSingleObject
CloseHandle
GetUserDefaultLangID
GetVersionExW
GetTickCount
GetPrivateProfileStringA
lstrcpyA
GlobalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcpynW
Sleep
lstrcmpiA
CreateFileA
GetLocaleInfoW
SetStdHandle
FreeLibrary
LoadLibraryW
GetFileAttributesW
lstrlenW
CreateFileW
CreateThread
HeapAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
SetEndOfFile
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind

user32

wsprintfA
UnregisterClassA
SendMessageW
FindWindowW
WaitForInputIdle

advapi32

RegOpenKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoCreateGuid
CoTaskMemFree

shlwapi

UrlCompareW
StrStrIW
SHRegSetUSValueW

Exports

Exports

DoDelIE7ProButton
DoIE7ProButtonSet
DoSetAction
DoSetIntelAction
DoSetSearch
FindGrabBtn
FindIEInstance
FindIeProBtn
IntelShowHelp
OnInstall
OnUnInstall
PreInstall
PreUnInstall
ShowHelp

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GrabKernel.dll
.dll windows:4 windows x86 arch:x86

ac56e1ff9c0ad8d8b16e6a22147f9cb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\bmdl\GrabKernel\GrabKernel\Release\GrabKernel.pdb

Imports

kernel32

GetLastError
ResumeThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
SetThreadContext
GetThreadContext
SuspendThread
GetCurrentThread
SetLastError
WriteFile
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
CreateSemaphoreA
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

GetHookApiManager

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEPro.dll
.dll regsvr32 windows:4 windows x86 arch:x86

619617dfec8670a9662ec6f6e8e87e51

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:1d:94:fa:53:bc:dc:3f:7b:06:90:a5:75:d9:c8:43:ce:71:56:4b
Signer

Actual PE Digest

00:1d:94:fa:53:bc:dc:3f:7b:06:90:a5:75:d9:c8:43:ce:71:56:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\ie7pro2\IE7Pro\bin\release\IEPro.pdb

Imports

gdiplus

GdiplusStartup

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
HttpEndRequestW
HttpSendRequestExW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetSetOptionW
InternetGetConnectedStateExW
InternetQueryOptionW

psapi

GetModuleFileNameExW
EnumProcessModules

urlmon

CoInternetGetSession

oleacc

AccessibleObjectFromWindow
WindowFromAccessibleObject

kernel32

GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
EnterCriticalSection
LeaveCriticalSection
CompareStringW
lstrlenW
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
lstrcmpiW
InterlockedIncrement
FreeLibrary
CloseHandle
WaitForSingleObject
Sleep
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryExW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
lstrcpynW
lstrlenA
DebugBreak
OutputDebugStringW
DeleteFileW
WideCharToMultiByte
GetTickCount
CreateDirectoryW
WriteFile
CreateFileW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
lstrcmpW
CreateThread
lstrcpyW
GetModuleHandleA
GetThreadLocale
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetCurrentProcessId
FindNextFileW
FindClose
GetFullPathNameW
FindFirstFileW
ReadFile
GetUserDefaultLangID
WritePrivateProfileStringA
GetPrivateProfileStringA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateProcessW
GlobalFree
lstrcatW
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LoadLibraryW
LoadLibraryA
GetUserDefaultLCID
EnumSystemLocalesA
GetStdHandle
GetModuleFileNameA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
GetOEMCP
SetThreadLocale
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
IsValidCodePage

user32

wsprintfA
SetMenuDefaultItem
InsertMenuItemW
GetKeyNameTextW
MapVirtualKeyW
LoadIconW
GetWindowThreadProcessId
CreateAcceleratorTableW
UnhookWindowsHookEx
DestroyAcceleratorTable
GetDesktopWindow
IsChild
RedrawWindow
InvalidateRgn
MoveWindow
RegisterWindowMessageW
GetMenuItemCount
MessageBoxW
EnableWindow
MessageBeep
ClientToScreen
wsprintfW
GetForegroundWindow
GetSystemMetrics
LoadImageW
SetDlgItemTextW
CreateDialogParamW
GetClassInfoExW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
AdjustWindowRect
DrawTextExW
GetTopWindow
LoadMenuW
RegisterClassExW
UnregisterClassW
SetWindowsHookExW
GetClassLongW
SetClassLongW
SetPropW
PostMessageW
CallNextHookEx
SetTimer
KillTimer
IsWindowVisible
GetPropW
FindWindowExW
EnumChildWindows
EnumThreadWindows
GetActiveWindow
SetCursor
EndPaint
BeginPaint
GetCapture
ReleaseCapture
GetSysColor
GetFocus
GetCursorPos
PtInRect
CallWindowProcW
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
DestroyWindow
DrawFocusRect
FillRect
GetClassNameW
LoadCursorW
GetSubMenu
SetMenuItemInfoW
TrackPopupMenu
DestroyMenu
SetRectEmpty
OffsetRect
ReleaseDC
GetDC
CharNextW
DialogBoxParamW
CreateWindowExW
DefWindowProcW
LoadStringW
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SetWindowPos
IsWindow
GetDlgItem
GetParent
GetDlgItemTextW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
SetWindowLongW
DrawTextW
SendMessageW
EndDialog
GetMenuItemInfoW
SetRect
CharLowerW
UnregisterClassA
IsIconic

gdi32

GetObjectW
SelectObject
CreateSolidBrush
GetDeviceCaps
GetTextMetricsW
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
SetBkColor
ExtTextOutW
DeleteDC
CreateFontIndirectW
GetStockObject
SetTextColor
SetBkMode
DeleteObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

ord680
ShellExecuteW

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
UnRegisterTypeLi
RegisterTypeLi
VariantCopy
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
OleCreateFontIndirect
VariantClear
VariantInit
VariantChangeType
SysFreeString

shlwapi

SHDeleteValueW
SHRegGetBoolUSValueW
StrStrW
UrlCompareW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProCx.exe
.exe windows:4 windows x86 arch:x86

fbea30d1ae4e4be75d031416cae6d364

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:2d:30:90:23:9e:96:61:3e:f8:6d:34:42:94:5c:9f:85:54:55:b2
Signer

Actual PE Digest

db:2d:30:90:23:9e:96:61:3e:f8:6d:34:42:94:5c:9f:85:54:55:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionW
InternetQueryOptionW
InternetGetConnectedStateExW

kernel32

GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
lstrcmpW
GetProcAddress
LoadLibraryW
lstrlenA
TerminateProcess
WaitForSingleObject
Sleep
CloseHandle
OpenProcess
DeleteCriticalSection
MoveFileExW
DeleteFileW
GetUserDefaultLangID
lstrcpynW
lstrcatW
ReadFile
GetFileSize
CreateFileW
CreateProcessW
GlobalFree
FindNextFileW
RemoveDirectoryW
FindClose
ExitProcess
CreateDirectoryW
GetStartupInfoW
HeapReAlloc
GetModuleHandleA
HeapFree
HeapSize
HeapAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CopyFileW
FindFirstFileW
GetCurrentProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetProcessHeap
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

CharNextA
wsprintfW
UnregisterClassA
LoadStringW
DestroyWindow
CharNextW
MessageBoxW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

SHDeleteKeyW
StrToIntExW
StrToInt64ExW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IEProFrm.dll
.dll windows:4 windows x86 arch:x86

8dbe57bf3e6b7d123302bc0cd9194f39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\ie7pro2\IE7Pro\bin\release\IEProFrm.pdb

Imports

oleacc

AccessibleObjectFromWindow
WindowFromAccessibleObject

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
ImmGetOpenStatus

kernel32

RtlUnwind
TlsGetValue
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetVersion
InterlockedIncrement
GetModuleFileNameW
GetFileAttributesW
InterlockedDecrement
GetCurrentThreadId
SetLastError
GetModuleHandleW
GetModuleHandleA
GetLastError
OutputDebugStringA
LoadLibraryW
RaiseException
UnmapViewOfFile
CloseHandle
OpenFileMappingW
MapViewOfFile
lstrcmpiW
lstrlenW
GetCurrentProcessId
GetCurrentProcess
FlushInstructionCache
lstrcpyW
FindFirstFileW
FindClose
CreateFileW
GetFileSize
ReadFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetModuleFileNameA
GetStdHandle
GetCommandLineA
WriteFile
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
Sleep
TlsFree
TlsSetValue
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc

user32

GetWindowTextW
GetWindowTextLengthW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
GetWindowLongW
SetWindowLongW
IsWindow
CallWindowProcW
DefWindowProcW
SetWindowTextW
SendInput
GetFocus
KillTimer
SetTimer
GetPropW
IsWindowVisible
SetClassLongW
SetKeyboardState
GetClassLongW
GetKeyboardState
PostMessageW
GetDlgCtrlID
ScreenToClient
GetCursorPos
GetKeyState
FindWindowExW
EnumChildWindows
EnumThreadWindows
GetParent
SendMessageW
SetPropW
RegisterWindowMessageW
SetWindowsHookExW
GetWindowThreadProcessId
CallNextHookEx
UnhookWindowsHookEx
GetClassNameW
PtInRect
GetClassInfoExW
UnregisterClassA

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

CoCreateInstance

oleaut32

VariantInit
SysFreeString
VariantClear

Exports

Exports

installHook

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProRecorder.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e24c35ee44e3e74a3b14f01386cabe85

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:80:90:da:7b:fc:91:8d:74:38:8f:93:4f:84:00:b5:29:ca:c8:9e
Signer

Actual PE Digest

8e:80:90:da:7b:fc:91:8d:74:38:8f:93:4f:84:00:b5:29:ca:c8:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\bmdl\GrabPro\IE7PRORecorder\ReleaseMinDependency\IEProRecorder.pdb

Imports

wininet

InternetCloseHandle
InternetGetLastResponseInfoA
InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

kernel32

CreateDirectoryA
GetPrivateProfileStringA
GetEnvironmentVariableA
GetVersionExA
FindClose
FindFirstFileA
Sleep
CreateProcessA
CreateFileMappingA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetTempPathA
GetModuleFileNameA
WideCharToMultiByte
GetWindowsDirectoryA
GetTickCount
lstrcmpiA
CreateFileA
RemoveDirectoryA
FindNextFileA
DeleteFileA
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
CreateThread
lstrlenW
LoadLibraryExA
IsDBCSLeadByte
SizeofResource
GetCurrentProcessId
CompareStringA
lstrcpynA
CopyFileA
lstrcpyA
WriteFile
FreeConsole
AllocConsole
lstrcmpA
GlobalUnlock
GlobalLock
GlobalAlloc
DisableThreadLibraryCalls
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalReAlloc
FormatMessageA
GetFileAttributesA
InterlockedCompareExchange
VirtualAlloc
VirtualFree
IsBadWritePtr
CreateMutexA
ReleaseMutex
PostQueuedCompletionStatus
GetPrivateProfileIntA
GetQueuedCompletionStatus
GetSystemInfo
GlobalFree
SetEndOfFile
SetFilePointer
VirtualProtect
VirtualQuery
ExitThread
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetThreadLocale
GetLocaleInfoA
GetACP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
FatalAppExitA
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
WritePrivateProfileStringA
FreeLibrary
InterlockedIncrement
GetLocalTime
MulDiv
GetCurrentThreadId
CreateEventA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
SetEvent
CloseHandle
GetExitCodeThread
WaitForSingleObject
TerminateThread
lstrlenA
InterlockedDecrement
FindResourceA
LoadResource
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
LockResource
IsValidLocale
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
ReadFile
CompareStringW
SetEnvironmentVariableA
RtlUnwind
CreateIoCompletionPort
HeapReAlloc

user32

GetDlgCtrlID
GetWindowTextLengthA
SetRectEmpty
FillRect
IsWindowEnabled
IntersectRect
IsRectEmpty
SetWindowRgn
KillTimer
IsWindowVisible
GetUpdateRect
SetScrollInfo
GetScrollInfo
EnableScrollBar
LoadStringW
wsprintfW
PtInRect
wsprintfA
PostQuitMessage
OffsetRect
EnableMenuItem
TrackPopupMenu
GetSystemMetrics
MonitorFromPoint
InvalidateRgn
RedrawWindow
IsChild
DestroyAcceleratorTable
CreateAcceleratorTableA
RegisterWindowMessageA
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
GetMonitorInfoA
SetActiveWindow
SetTimer
ClientToScreen
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
GetSysColor
DrawFocusRect
GetClassNameA
GetWindowThreadProcessId
CharNextA
LoadImageA
DrawTextA
DrawFrameControl
GetDesktopWindow
DestroyIcon
GetWindowDC
EndPaint
BeginPaint
DrawIconEx
GetCapture
GetCursorPos
WindowFromPoint
ReleaseCapture
SetCapture
InvalidateRect
UpdateWindow
ScreenToClient
GetWindowTextA
SetForegroundWindow
GetClassInfoExA
RegisterClassExA
EqualRect
SetRect
GetActiveWindow
TranslateMessage
GetKeyState
GetComboBoxInfo
SetFocus
CallWindowProcA
GetDlgItem
EndDialog
GetWindow
GetClientRect
SendDlgItemMessageA
SystemParametersInfoA
ReleaseDC
GetDC
DefWindowProcA
LoadCursorA
DialogBoxParamA
CreateWindowExA
DestroyWindow
GetFocus
MapWindowPoints
LoadMenuA
GetSubMenu
SetMenuItemInfoA
TrackPopupMenuEx
DestroyMenu
SetCursor
GetParent
LoadStringA
GetWindowLongA
SetWindowPos
IsWindow
MessageBoxA
ShowWindow
GetWindowRect
MoveWindow
SendMessageA
PostMessageA
SetWindowLongA
UnregisterClassA
SetWindowTextA

gdi32

CreateDIBSection
ExtCreateRegion
CombineRgn
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetRgnBox
PatBlt
GetTextExtentPoint32A
LineTo
MoveToEx
RestoreDC
SaveDC
GetTextMetricsA
SetBkColor
ExtTextOutA
CreatePen
CreateBrushIndirect
BitBlt
RoundRect
SetTextColor
SetBkMode
GetStockObject
CreateFontIndirectA
GetObjectA
DeleteObject
DeleteDC
CreateSolidBrush

advapi32

AdjustTokenPrivileges
IsTextUnicode
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
ExtractIconExA
SHCreateDirectoryExA
ShellExecuteA
ShellExecuteExA

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
RegisterDragDrop
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocString
SystemTimeToVariantTime
SafeArrayCreateVector
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysAllocStringLen
DispCallFunc
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
VarUI4FromStr
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

StrStrA
StrCmpNIA
StrStrIA

msimg32

GradientFill

ws2_32

closesocket
WSAGetLastError
inet_addr
getsockname
bind
connect
shutdown
WSASend
ntohs
htons
WSAStartup
WSACleanup
__WSAFDIsSet
select
WSASocketA
htonl
getpeername
WSAIoctl
setsockopt
inet_ntoa
WSAAccept
listen
WSARecv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProRes.dll
.dll windows:4 windows x86 arch:x86

22b98c5c8c68a5c45b232e3b1c1c06e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\ie7pro2\IEProRes\Release\IEProRes.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProRs.dll
.dll windows:4 windows x86 arch:x86

22b98c5c8c68a5c45b232e3b1c1c06e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\ie7pro2\IEProRs\Release\IEProRs.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MiniDM.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProEula.txt
ProgSenseSetup.exe
.exe windows:1 windows x86 arch:x86

Code Sign

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/07/2009, 00:00

Not After

14/07/2010, 23:59

Subject

CN=GlobalNet Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=GlobalNet Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d2:f9:65:f1:12:55:3b:a5:aa:0c:42:1a:56:b4:ad:f0:d3:ab:81
Signer

Actual PE Digest

2b:d2:f9:65:f1:12:55:3b:a5:aa:0c:42:1a:56:b4:ad:f0:d3:ab:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filter.ini
language/MiniDM/mdmara.ini
language/MiniDM/mdmbgr.ini
language/MiniDM/mdmchs.ini
language/MiniDM/mdmcht.ini
language/MiniDM/mdmcsy.ini
language/MiniDM/mdmdan.ini
language/MiniDM/mdmdeu.ini
language/MiniDM/mdmell.ini
language/MiniDM/mdmeng.ini
language/MiniDM/mdmesp.ini
language/MiniDM/mdmfar.ini
language/MiniDM/mdmfin.ini
language/MiniDM/mdmfra.ini
language/MiniDM/mdmheb.ini
language/MiniDM/mdmhun.ini
language/MiniDM/mdmita.ini
language/MiniDM/mdmjpn.ini
language/MiniDM/mdmkor.ini
language/MiniDM/mdmnld.ini
language/MiniDM/mdmnor.ini
language/MiniDM/mdmplk.ini
language/MiniDM/mdmptb.ini
language/MiniDM/mdmrom.ini
language/MiniDM/mdmrus.ini
language/MiniDM/mdmsky.ini
language/MiniDM/mdmslv.ini
language/MiniDM/mdmsqi.ini
language/MiniDM/mdmsve.ini
language/MiniDM/mdmtha.ini
language/MiniDM/mdmtrk.ini
language/proara.ini
language/probel.ini
language/probgr.ini
language/prochs.ini
language/procht.ini
language/procsy.ini
language/prodan.ini
language/prodeu.ini
language/proell.ini
language/proeng.ini
language/proesm.ini
language/proesp.ini
language/profar.ini
language/profin.ini
language/profra.ini
language/proheb.ini
language/prohun.ini
language/proita.ini
language/projpn.ini
language/prokor.ini
language/prolth.ini
language/pronld.ini
language/pronor.ini
language/proplk.ini
language/proptb.ini
language/proptg.ini
language/prorom.ini
language/prorus.ini
language/prosky.ini
language/proslv.ini
language/prosqi.ini
language/prosrl.ini
language/prosve.ini
language/protha.ini
language/protrk.ini
language/proukr.ini
language/provit.ini
lgpl.txt
readme.txt
winfile.dll
.dll windows:4 windows x86 arch:x86

55b6d27b6f191edf5a404998573abdb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GlobalAlloc
lstrcpyW
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
CloseHandle
ReadFile
InitializeCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

get_buff_type
get_buff_typeW
get_file_type

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 38KB - Virtual size: 37KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 264B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

e0dbe201ef881c2240becf6ab72022a6

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 38KB - Virtual size: 37KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 264B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 8KB

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

00:1d:94:fa:53:bc:dc:3f:7b:06:90:a5:75:d9:c8:43:ce:71:56:4b
Signer

.text
Size: 448KB - Virtual size: 447KB

.rdata
Size: 92KB - Virtual size: 88KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 156KB - Virtual size: 153KB

.reloc
Size: 40KB - Virtual size: 38KB

33:59:91:4b:cd:51:53:17:45:f8:a6:e9:16:3b:0f:e6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

db:2d:30:90:23:9e:96:61:3e:f8:6d:34:42:94:5c:9f:85:54:55:b2
Signer