0aa06ef1402d832b789698f0b53f54a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0aa06ef1402d832b789698f0b53f54a1_JaffaCakes118
Size

2.6MB
MD5

0aa06ef1402d832b789698f0b53f54a1
SHA1

b0d86233434f7926fa52908d98b04b8379128831
SHA256

19ca55e4b1700773f492816ca858c960e948dc6799e0ba6794f44673a7ec0ab1
SHA512

6241fc0a33f74eea4d10650ddb6d3cbacbf8e8a9141cd43dbb5ae053aa91dd68d0f77c7410e1da6e7acc767eb3ede9b6fc88f7bb10f16480ab58377fe81b7e6b
SSDEEP

49152:BLrYq8SsikTPJTlOx3Rm4CQwCmubys/E2DYKsqzPII/FBo6AYBI0T2fn9kYtUidk:B/18SsXM3LCObd/lDxsOw+BPBI62fnhG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

Files

0aa06ef1402d832b789698f0b53f54a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:81:79:d9:04:1c:71:64:41:68:2c:32:ce:99:5b:78:2e:73:21:39:5a:04:8b:e1:ea:15:04:22:f6:ee:19:3f
Signer

Actual PE Digest

6a:81:79:d9:04:1c:71:64:41:68:2c:32:ce:99:5b:78:2e:73:21:39:5a:04:8b:e1:ea:15:04:22:f6:ee:19:3f

Digest Algorithm

sha256

PE Digest Matches

true

57:db:00:b8:da:f9:1a:9c:2a:46:5e:a1:06:3b:ac:62:5c:1b:61:e8
Signer

Actual PE Digest

57:db:00:b8:da:f9:1a:9c:2a:46:5e:a1:06:3b:ac:62:5c:1b:61:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupHelper.dll
.dll windows:4 windows x86 arch:x86

d9997cc22607493388b309294c30bacc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22
Signer

Actual PE Digest

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\jenkins\workspace\CEN_MainLine_Build\qqpcmgr_proj\Source\Setup\SetupScript\plugin\SetupHelper.pdb

Imports

kernel32

InterlockedIncrement
GlobalGetAtomNameW
GetAtomNameW
GetThreadLocale
SystemTimeToFileTime
GlobalFlags
GetPrivateProfileStringW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileTime
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetDriveTypeW
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
TlsFree
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
GetModuleFileNameA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
SetStdHandle
GetConsoleCP
GetConsoleMode
CreateFileA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
GetFullPathNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
InterlockedCompareExchange
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetStdHandle
CreatePipe
DuplicateHandle
DebugBreak
MoveFileW
GetBinaryTypeW
IsDBCSLeadByte
GetCPInfo
GetLocalTime
WritePrivateProfileStringW
GetDiskFreeSpaceExW
GetProcessHeap
HeapAlloc
HeapFree
GetPrivateProfileIntW
InterlockedDecrement
ReadFile
SetFilePointer
GetTempPathW
GetFileSize
SetLastError
LocalAlloc
DeviceIoControl
GetCurrentProcessId
QueryDosDeviceW
Module32FirstW
Module32NextW
TerminateProcess
GetUserDefaultUILanguage
GetLocaleInfoW
CreateEventW
SetEvent
ExpandEnvironmentStringsW
GetCurrentDirectoryW
IsBadReadPtr
IsBadWritePtr
GetSystemDefaultLangID
GetVersion
MultiByteToWideChar
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetFileAttributesA
CreateFileW
WriteFile
FormatMessageW
FormatMessageA
lstrlenA
OutputDebugStringA
LocalFree
ReleaseMutex
CreateMutexW
GetModuleFileNameW
GetSystemInfo
LoadLibraryW
FreeLibrary
SetErrorMode
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GlobalAlloc
lstrcpynW
GlobalFree
GetWindowsDirectoryW
OutputDebugStringW
GetSystemDirectoryW
GetLastError
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CopyFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose
GetTickCount
GetVersionExW
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
lstrlenW
VirtualFreeEx
GetTempPathA
Sleep
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
FindResourceW
LoadResource
LockResource
SizeofResource
IsValidCodePage
WideCharToMultiByte

user32

FillRect
ScrollWindowEx
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SendMessageTimeoutW
InvalidateRect
UnregisterClassA
SendMessageW
GetClientRect
FindWindowExW
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
TabbedTextOutW
DestroyIcon
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetDlgCtrlID
GetWindowLongW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
LoadBitmapW
LoadIconW
CharNextW
CharPrevW
GetCursorPos
LoadCursorW
SetCursor
GetDesktopWindow
ReleaseDC
GetDC
PtInRect
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
PostQuitMessage
CheckMenuItem
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
GetKeyNameTextW
MapVirtualKeyW
InflateRect
UnregisterClassW
GetSysColorBrush
GetMenuItemInfoW
DestroyMenu
GetDialogBaseUnits
GetKeyState
DeleteMenu
FindWindowW
GetParent
CharUpperW
SetScrollRange
ScreenToClient
ClientToScreen
GetWindowThreadProcessId
GetWindowTextW
EndPaint
BeginPaint
CallWindowProcW
SetWindowLongW
GetWindowRect
SetFocus
KillTimer
ShowWindow
IsWindowVisible
SetTimer
MoveWindow
OffsetRect
IsWindow
SetWindowTextW
IsWindowEnabled
UpdateWindow
CreateWindowExW
GetDlgItem
LoadImageW
RegisterWindowMessageW
MessageBoxW
LoadStringW
SystemParametersInfoW
SetWindowPos
GetSystemMenu
EnableMenuItem
RedrawWindow
GetDlgItemTextW
EndDialog
DefWindowProcW
PostMessageW
GetClassNameW
EnableWindow
GetWindow
FindWindowA
BeginDeferWindowPos

gdi32

GetTextMetricsW
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
PatBlt
GetWindowExtEx
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
StartDocW
SetROP2
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
DeleteObject
TextOutW
GetTextExtentPoint32W
SetBkMode
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetTextColor
BitBlt
GetDeviceCaps
CopyMetaFileW
CreateDCW
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetPolyFillMode
GetPixel

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
RegRestoreKeyW
RegEnumKeyExW
LookupAccountNameW
GetFileSecurityW
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
GetAclInformation
GetAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorControl
SetFileSecurityW
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
QueryServiceConfigW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegQueryInfoKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ChangeServiceConfigW
ChangeServiceConfig2W
DeleteService
ControlService
QueryServiceStatus
CreateServiceW
RegDeleteValueW
RegOpenKeyW
OpenSCManagerW
OpenServiceW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
CloseServiceHandle
StartServiceW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
ExtractIconW
SHGetFileInfoW
SHFileOperationW

shlwapi

PathFileExistsW
SHDeleteKeyW
PathIsDirectoryW
SHSetValueW
PathAppendW
PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
StgCreateDocfile
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
CoCreateGuid
CreateBindCtx
ReleaseStgMedium
SetConvertStg
StringFromCLSID
CoTreatAsClass
StgOpenStorage
StgIsStorageFile
CoInitialize
CoFreeUnusedLibrariesEx
ReadClassStg
CoTaskMemFree
CoCreateInstance
CoUninitialize
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc
WriteFmtUserTypeStg

oleaut32

VariantInit
VariantChangeType
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
VariantClear
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
SysStringLen
SysAllocString
SysFreeString
SafeArrayGetElement
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ws2_32

WSCDeinstallProvider
WSCEnumProtocols
htonl
htons

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
EnumProcessModules

imagehlp

UnMapAndLoad
MapAndLoad

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

Exports

Exports

AddToAllowList
ApiInstallFileMonDriver
ApiUninstallFileMonDriver
BackUpSetupPackage
CallOutTrayIcon
CallRegEnvironmentVar
CallRegUrlProtocol
CallRegUrlProtocol2
CallUnRegEnvironmentVar
CallUnRegUrlProtocol
CallUnShortCut
Check360
CheckAV
CheckCRunTime
CheckForQQSoftUninstall
CheckForSetup
CheckForUninstall
CheckInstallPath
CheckQQPCRtpNeedReboot
CleanTempFolder
CloseProcess
CreateBitmapCtrl
CreateShortCutInfo
DelService
DeleteCacheFolder
DeleteFileRecursively
DeleteRebootCopy
DeployFile
DisableFileRedirect
ExecuteShell
ExecuteShellNoWait
ExtendCommand
FinalizeReport
FindExistedRTP
GetFunctionRunTime
GetIntVersionFromString
GetMessageHandler
GetParentProcessName
GetQQReleatedPath
GetQQSoftInstallDir
GetShortCutInfo
GetSystemDriversPath
HookInstallButton
InitPenetration
InitializeReport
IsAcLayers
IsAdmin
IsChildProtectionRun
IsCompare
IsMainWndRun
IsNeedUpdate
IsPinQQPCMgrToStartMenu
IsPinUnsoftToStartMenu
IsQQDoctorExist
IsQQPCTrayExists
IsQQSoftExist
IsVista
IsWin7
IsWinXp
IsWindows64
IsWndEnable
IsWow64
LoadDriver
LoadQMDriver
LoadTSFltmgr
NotifyAction
NotifyProgress
NotifySetupStatus
OutputError
OutputInfo
ParseCmdLine
ParseUninstallCmdLine
PinQQPCMgrToStartMenu
PinUnsoftToStartMenu
PrepareConfig
ReadLastInstallTime
ReadLastUnInstallTime
RecoverCommand
RecoverProxy
RegisterSecurityCenterHelper
ReleaseRtpOptDlg
RemoveArpDriver
RemoveFromAllowList
RemoveQQPCMgrFromStartMenu
RemoveUnSoftFromStartMenu
RepairQQPCRtp
ReportInstallInfo
ReportUninstallInfo
RevertFileRedirect
SaveRtpState
SetExclusive
SetFunctionRunStartTime
SetInstallPath
SetInstallStartTime
SetInstallTime
SetRowSpace
SetSystemAccessControl
SetText
SetUnInstallPath
SetUnistallPara
ShowLoadDriverErrorDlg
ShowRtpOptDlg
UnHookInstallButton
UninitPenetration
UninstallLSP
UninstallQQDoctor
UninstallQQSoft
UpdateFIXService
UpdateProtectState
UpdateRTPService
UpdateRtpState
UpdateSetupInfo
UpdateTrayIcon
WaitBugReportExit
WaitForFixShutdown
WaitForProcessEndByName
WaitForRtpShutdown
WaitForUninstExit
WaitUninstallComplete
WriteLog
WriteTimer
free_instfilespage_bitmap
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer

Sections

.text
Size: 872KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWin10Tips/PluginInfo/Win10Tips/PluginInfo.xml
CacheWin10Tips/plugins/Win10Tips/Win10Tips.exe
.exe windows:4 windows x86 arch:x86

9db5235cde2d8232fdd0ac359dda319e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:d5:78:58:68:10:8e:ac:c7:11:53:72:11:20:01:8d:f4:47:52:af
Signer

Actual PE Digest

c7:d5:78:58:68:10:8e:ac:c7:11:53:72:11:20:01:8d:f4:47:52:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\Air_Assist_Build\qqpcmgr_proj\Output\BinFinal\Win10Tips.pdb

Imports

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

htons
htonl
ntohs
ntohl

kernel32

DeleteFileW
InterlockedCompareExchange
InterlockedExchange
CreateFileW
WriteFile
SetFilePointer
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateMutexW
GetLastError
SetLastError
lstrlenA
lstrlenW
CopyFileW
WideCharToMultiByte
CreateProcessW
GetTickCount
RaiseException
GetTempPathW
GetDiskFreeSpaceExW
GetTempFileNameW
MultiByteToWideChar
SetEvent
WaitForSingleObject
LoadLibraryW
VirtualQuery
FreeLibrary
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetVersionExW
GlobalFree
FreeResource
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
OpenEventW
GetModuleFileNameA
ExpandEnvironmentStringsW
OpenFileMappingW
ReadFile
LoadLibraryA
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
ResetEvent
DuplicateHandle
GetSystemDirectoryW
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
ExitProcess
GetModuleHandleA
MoveFileW
IsDebuggerPresent
UnhandledExceptionFilter
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
GetLocalTime
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
WaitForMultipleObjects
SearchPathW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
HeapFree
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
SetErrorMode
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
GetProcessHeap
HeapAlloc
GetModuleFileNameW
CloseHandle
GetCommandLineW
lstrcpynW
OpenProcess
VirtualAllocEx
SetEndOfFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteProcessMemory
SetUnhandledExceptionFilter
CreateFileA
GetSystemDefaultLangID

user32

PostMessageW
DispatchMessageW
TranslateMessage
FillRect
GetMessageW
DefWindowProcW
GetClassInfoW
BeginPaint
IsRectEmpty
DrawTextW
InvalidateRect
GetSystemMenu
SetWindowsHookExW
GetMenuState
UnionRect
DrawIconEx
CallNextHookEx
GetSystemMetrics
GetClassInfoExW
GetClassNameW
GetCursorPos
IsWindow
RegisterWindowMessageW
ScreenToClient
EnableWindow
GetAncestor
WindowFromPoint
GetDesktopWindow
ClientToScreen
SetFocus
SendMessageTimeoutW
SetCursor
IsZoomed
GetWindowThreadProcessId
GetWindowTextW
FindWindowA
UnregisterClassA
UnhookWindowsHookEx
ShowWindow
UpdateWindow
EnumWindows
SetForegroundWindow
SetRect
PeekMessageW
LoadImageW
SystemParametersInfoW
SetTimer
GetWindowLongW
GetParent
GetWindow
GetWindowRect
GetClientRect
SendMessageW
MapWindowPoints
SetWindowPos
KillTimer
PostQuitMessage
EqualRect
PtInRect
OffsetRect
LoadCursorW
GetDC
ReleaseDC
IntersectRect
DestroyWindow
SetCapture
ReleaseCapture
RegisterClassExW
GetCapture
GetKeyState
CreateWindowExW
CopyRect
CallWindowProcW
UpdateLayeredWindow
FindWindowExW
SetWindowLongW
IsWindowVisible
GetActiveWindow
EndPaint
SetWindowRgn

advapi32

LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
GetTokenInformation
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
SHCreateDirectoryExW

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathAppendW
PathStripPathW
PathFileExistsW

gdi32

CreateCompatibleDC
SelectObject
DeleteDC
CreatePen
GetStockObject
SetBkMode
DeleteObject
GetTextExtentPoint32W
ExcludeClipRect
CreateRectRgn
CreateCompatibleBitmap
BitBlt
CreateFontIndirectW
Rectangle
GetObjectW
ExtCreateRegion
CombineRgn
GetObjectA
CreateSolidBrush
SetTextColor
GetClipRgn
ExtSelectClipRgn
SelectClipRgn
CreateDIBSection

userenv

CreateEnvironmentBlock

msimg32

AlphaBlend

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

gdiplus

GdipCreateSolidFill
GdipDeleteBrush
GdipSetStringFormatTrimming
GdipDeleteFont
GdipMeasureString
GdipDrawString
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFontFromDC
GdipSetStringFormatFlags
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipSetWorldTransform
GdipCreateHBITMAPFromBitmap
GdipRotateMatrix
GdipCreateBitmapFromScan0
GdipTranslateMatrix
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipDeleteMatrix
GdipGraphicsClear
GdipCreateMatrix
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipCreateStringFormat
GdipDrawImageRectRectI

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetReadFile

Sections

.text
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

6a:81:79:d9:04:1c:71:64:41:68:2c:32:ce:99:5b:78:2e:73:21:39:5a:04:8b:e1:ea:15:04:22:f6:ee:19:3fSigner

57:db:00:b8:da:f9:1a:9c:2a:46:5e:a1:06:3b:ac:62:5c:1b:61:e8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 580KB

.rsrc Size: 285KB - Virtual size: 284KB

d9997cc22607493388b309294c30bacc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

6a:81:79:d9:04:1c:71:64:41:68:2c:32:ce:99:5b:78:2e:73:21:39:5a:04:8b:e1:ea:15:04:22:f6:ee:19:3f
Signer

57:db:00:b8:da:f9:1a:9c:2a:46:5e:a1:06:3b:ac:62:5c:1b:61:e8
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 580KB

.rsrc
Size: 285KB - Virtual size: 284KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22
Signer

.text
Size: 872KB - Virtual size: 869KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 20KB - Virtual size: 41KB

.rsrc
Size: 308KB - Virtual size: 305KB

.reloc
Size: 52KB - Virtual size: 48KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c7:d5:78:58:68:10:8e:ac:c7:11:53:72:11:20:01:8d:f4:47:52:af
Signer

.text
Size: 340KB - Virtual size: 336KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 36KB - Virtual size: 35KB