vivitar[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

vivitar.zip
Size

17.1MB
MD5

4fac67c78c978dcd4302ff8028a73735
SHA1

4fa40e944f860889f0cb5fb80e1f0b71d6ff168c
SHA256

237020dcdbeed096b073638d5c204f1c47881ad75aa0e19c464429a952833b26
SHA512

157afdf78cba11dba333a0c9c383b1e4636a274d56399a759e83fc2c184d63f449af594fe7d135b0f73378b4d26a4f2bb88cd7d44c3fe0ef5b742c61472ed36e
SSDEEP

393216:mID224hNVjxlLjN64RqtvaSWlR0ciQJ8Cbd65U052C5:eXV96ttv5sJHJWU05F5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/vivitar/Setup.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vivitar/Setup.exe
unpack002/out.upx
unpack004/$PLUGINSDIR/NSISArray.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/UserInfo.dll
unpack004/$PLUGINSDIR/fpinstall.dll
unpack004/$PLUGINSDIR/nsExec.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/vivitar/startup/inst/install_flash_player.exe	nsis_installer_1

Files

vivitar.zip
.zip
vivitar/Config.txt
vivitar/Graphics/animation_progress.png
.png
vivitar/Graphics/barber_bar_16.png
.png
vivitar/Graphics/installer_bot.png
.png
vivitar/Graphics/installer_btn_stop.png
.png
vivitar/Languages/de/HMSetup.mo
vivitar/Languages/el/HMSetup.mo
vivitar/Languages/es-la/HMSetup.mo
vivitar/Languages/es/HMSetup.mo
vivitar/Languages/fr-ca/HMSetup.mo
vivitar/Languages/fr/HMSetup.mo
vivitar/Languages/it/HMSetup.mo
vivitar/Languages/nl/HMSetup.mo
vivitar/Languages/pt-br/HMSetup.mo
vivitar/Languages/pt/HMSetup.mo
vivitar/Languages/ru/HMSetup.mo
vivitar/Languages/tr/HMSetup.mo
vivitar/Setup.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vivitar/runsetup.exe
.exe windows:5 windows x86 arch:x86

1dbfc918943718a4e181fe6372495941

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:9d:55:e2:d5:26:85:8d:fc:f4:e4:71:27:ed:c8:37
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01-05-2009 00:00

Not After

01-05-2010 23:59

Subject

CN=Sakar International\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sakar International\, Inc.,L=Edison,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:62:cd:9f:ed:0d:e6:6f:78:94:24:10:ad:51:a9:fc:f8:9d:6e:ee
Signer

Actual PE Digest

52:62:cd:9f:ed:0d:e6:6f:78:94:24:10:ad:51:a9:fc:f8:9d:6e:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\proj\HMI\Installer\HMWinLauncher\Release\HMWinLauncher.pdb

Imports

kernel32

WaitForSingleObject
GetModuleFileNameW
CreateFileA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
RtlUnwind
HeapFree
CloseHandle
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
CreateFileW
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
HeapSize

user32

MessageBoxW

shell32

ShellExecuteExW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vivitar/runsetup.txt
vivitar/startup/css/setup.css
vivitar/startup/data/de/loading.html
.html
vivitar/startup/data/de/nointernet.html
.html .js polyglot
vivitar/startup/data/de/tutorial_Macintosh.html
.html
vivitar/startup/data/de/tutorial_Macintosh.swf
vivitar/startup/data/de/tutorial_Vista.html
.html
vivitar/startup/data/de/tutorial_Vista.swf
vivitar/startup/data/de/tutorial_XP.html
.html
vivitar/startup/data/de/tutorial_XP.swf
vivitar/startup/data/el/loading.html
.html
vivitar/startup/data/el/nointernet.html
.html .js polyglot
vivitar/startup/data/el/tutorial_Macintosh.html
.html
vivitar/startup/data/el/tutorial_Macintosh.swf
vivitar/startup/data/el/tutorial_Vista.html
.html
vivitar/startup/data/el/tutorial_Vista.swf
vivitar/startup/data/el/tutorial_XP.html
.html
vivitar/startup/data/el/tutorial_XP.swf
vivitar/startup/data/en/loading.html
.html
vivitar/startup/data/en/nointernet.html
.html .js polyglot
vivitar/startup/data/en/tutorial_Macintosh.html
.html
vivitar/startup/data/en/tutorial_Macintosh.swf
vivitar/startup/data/en/tutorial_Vista.html
.html
vivitar/startup/data/en/tutorial_Vista.swf
vivitar/startup/data/en/tutorial_XP.html
.html
vivitar/startup/data/en/tutorial_XP.swf
vivitar/startup/data/es/loading.html
.html
vivitar/startup/data/es/nointernet.html
.html .js polyglot
vivitar/startup/data/es/tutorial_Macintosh.html
.html
vivitar/startup/data/es/tutorial_Macintosh.swf
vivitar/startup/data/es/tutorial_Vista.html
.html
vivitar/startup/data/es/tutorial_Vista.swf
vivitar/startup/data/es/tutorial_XP.html
.html
vivitar/startup/data/es/tutorial_XP.swf
vivitar/startup/data/fr/loading.html
.html
vivitar/startup/data/fr/nointernet.html
.html .js polyglot
vivitar/startup/data/fr/tutorial_Macintosh.html
.html
vivitar/startup/data/fr/tutorial_Macintosh.swf
vivitar/startup/data/fr/tutorial_Vista.html
.html
vivitar/startup/data/fr/tutorial_Vista.swf
vivitar/startup/data/fr/tutorial_XP.html
.html
vivitar/startup/data/fr/tutorial_XP.swf
vivitar/startup/data/it/loading.html
.html
vivitar/startup/data/it/nointernet.html
.html .js polyglot
vivitar/startup/data/it/tutorial_Macintosh.html
.html
vivitar/startup/data/it/tutorial_Macintosh.swf
vivitar/startup/data/it/tutorial_Vista.html
.html
vivitar/startup/data/it/tutorial_Vista.swf
vivitar/startup/data/it/tutorial_XP.html
.html
vivitar/startup/data/it/tutorial_XP.swf
vivitar/startup/data/nl/loading.html
.html
vivitar/startup/data/nl/nointernet.html
.html .js polyglot
vivitar/startup/data/nl/tutorial_Macintosh.html
.html
vivitar/startup/data/nl/tutorial_Macintosh.swf
vivitar/startup/data/nl/tutorial_Vista.html
.html
vivitar/startup/data/nl/tutorial_Vista.swf
vivitar/startup/data/nl/tutorial_XP.html
.html
vivitar/startup/data/nl/tutorial_XP.swf
vivitar/startup/data/pt/loading.html
.html
vivitar/startup/data/pt/nointernet.html
.html .js polyglot
vivitar/startup/data/pt/tutorial_Macintosh.html
.html
vivitar/startup/data/pt/tutorial_Macintosh.swf
vivitar/startup/data/pt/tutorial_Vista.html
.html
vivitar/startup/data/pt/tutorial_Vista.swf
vivitar/startup/data/pt/tutorial_XP.html
.html
vivitar/startup/data/pt/tutorial_XP.swf
vivitar/startup/data/ru/loading.html
.html
vivitar/startup/data/ru/nointernet.html
.html .js polyglot
vivitar/startup/data/ru/tutorial_Macintosh.html
.html
vivitar/startup/data/ru/tutorial_Macintosh.swf
vivitar/startup/data/ru/tutorial_Vista.html
.html
vivitar/startup/data/ru/tutorial_Vista.swf
vivitar/startup/data/ru/tutorial_XP.html
.html
vivitar/startup/data/ru/tutorial_XP.swf
vivitar/startup/data/tr/loading.html
.html
vivitar/startup/data/tr/nointernet.html
.html .js polyglot
vivitar/startup/data/tr/tutorial_Macintosh.html
.html
vivitar/startup/data/tr/tutorial_Macintosh.swf
vivitar/startup/data/tr/tutorial_Vista.html
.html
vivitar/startup/data/tr/tutorial_Vista.swf
vivitar/startup/data/tr/tutorial_XP.html
.html
vivitar/startup/data/tr/tutorial_XP.swf
vivitar/startup/flash_detector_de.html
.html .js polyglot
vivitar/startup/flash_detector_el.html
.html .js polyglot
vivitar/startup/flash_detector_en.html
.html .js polyglot
vivitar/startup/flash_detector_es.html
.html .js polyglot
vivitar/startup/flash_detector_fr.html
.html .js polyglot
vivitar/startup/flash_detector_it.html
.html .js polyglot
vivitar/startup/flash_detector_nl.html
.html .js polyglot
vivitar/startup/flash_detector_pt.html
.html .js polyglot
vivitar/startup/flash_detector_ru.html
.html .js polyglot
vivitar/startup/flash_detector_tr.html
.html .js polyglot
vivitar/startup/images/setup_bg.png
.png
vivitar/startup/images/setup_biglogo.jpg
.jpg
vivitar/startup/images/setup_bot_bg.png
.png
vivitar/startup/images/setup_bot_btn.jpg
.jpg
vivitar/startup/images/setup_btn_install.jpg
.jpg
vivitar/startup/images/setup_btn_launch.jpg
.jpg
vivitar/startup/images/setup_btn_tutorial.jpg
.jpg
vivitar/startup/images/setup_smalllogo.jpg
.jpg
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Archive.bom
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Archive.pax.gz
.gz
Archive.pax
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Info.plist
.xml
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/PkgInfo
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/Adobe Flash Player.bom
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/Adobe Flash Player.info
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/Adobe Flash Player.pax.gz
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/Adobe Flash Player.sizes
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/Archive.sizes
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/Info.plist
.xml
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/MacOS/CloseFPClients
.macho macos arch:ppc arch:x86
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/PkgInfo
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/Resources/English.lproj/CBLocalizable.strings
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/Resources/English.lproj/CFPCMain.nib/classes.nib
.xml
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/Resources/English.lproj/CFPCMain.nib/info.nib
.xml
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/Resources/English.lproj/CFPCMain.nib/keyedobjects.nib
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/Resources/FP128.icns
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/CloseFPClients.app/Contents/Resources/greyBackground.png
.png
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/Description.plist
.xml
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/ICVersionValidator.awk
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/MacOSXVersionCheck.sh
.sh linux
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/RemoveUserFPInstall.applescript
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/Welcome.rtf
.rtf
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/background.tif
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/package_version
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/postflight
.sh linux
vivitar/startup/inst/Adobe_Flash_Player.pkg/Contents/Resources/preflight
.sh linux
vivitar/startup/inst/install_flash_player.exe
.exe windows:4 windows x86 arch:x86

8f26fcd857d64db1a0ee4f8bdb240223

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-10-2008 00:00

Not After

10-12-2009 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e2:0c:64:56:a1:e3:49:15:c6:82:ee:6c:0a:f6:05:19:35:92:eb:f3
Signer

Actual PE Digest

e2:0c:64:56:a1:e3:49:15:c6:82:ee:6c:0a:f6:05:19:35:92:eb:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISArray.dll
.dll windows:4 windows x86 arch:x86

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
lstrcmpiA
lstrcmpA
lstrcatA
GlobalAlloc

user32

MessageBoxA
SendMessageA
wsprintfA
GetDlgItem
FindWindowExA
DialogBoxParamA
EnableWindow
SetWindowTextA
EndDialog
RedrawWindow
CharLowerA

Exports

Exports

ArrayCount
ArrayExists
Clear
Concat
Copy
Cut
Debug
Delete
ErrorStyle
Exists
ExistsI
FreeUnusedMem
Join
New
Pop
Push
Put
ReDim
Read
ReadToStack
Reverse
Search
SearchI
SetSize
Shift
SizeOf
Sort
Splice
Swap
Unload
Unshift
Write
WriteList
WriteListC

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/fpinstall.dll
.dll windows:4 windows x86 arch:x86

4bb7026bcfe942cdf23b6f661ad54f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
OpenProcess
GetVersionExA
FormatMessageA
GetLastError
SetFileAttributesA
GetFileAttributesA
GetCurrentProcess
TerminateProcess
CloseHandle
lstrlenA
lstrcpyA
GlobalAlloc
lstrcpynA
LoadLibraryA
GlobalFree

user32

MessageBoxA

advapi32

GetTokenInformation
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken

Exports

Exports

_ChangeRegKeyDACL
_FindProcess
_KillProcess
_ObjectExistsAndIsOwnedBySomeoneElse
_RecursiveRegLockUnlock
_Unload
_UnlockControl

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

238a16a49edf3ab59e2f8c89449c9af7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GlobalLock
DeleteFileA
TerminateProcess
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CloseHandle
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetCommandLineA
Sleep
lstrcmpiA
GetExitCodeProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/FlashUtil10c.exe
.exe windows:5 windows x86 arch:x86

c8a9f0aa8ca1ec9669a57e97c635955d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-10-2008 00:00

Not After

10-12-2009 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:2c:83:f5:cf:37:b1:9c:ce:bc:46:10:8c:af:fe:aa:3b:00:b3:78
Signer

Actual PE Digest

57:2c:83:f5:cf:37:b1:9c:ce:bc:46:10:8c:af:fe:aa:3b:00:b3:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

crypt32

CertVerifySubjectCertificateContext
CryptGetMessageCertificates
CertCloseStore
CertFreeCertificateContext
CryptVerifyMessageSignature
CertFindCertificateInStore
CertCreateCertificateContext

shlwapi

SHDeleteKeyA

kernel32

GetCPInfo
IsDebuggerPresent
GetLastError
CreateMutexA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetTempPathA
WriteFile
FormatMessageA
_lclose
_lread
OpenFile
GetSystemDirectoryA
SetThreadLocale
GetSystemDefaultLangID
LocalFree
LocalAlloc
GetCurrentProcess
CreateThread
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
GetTickCount
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetACP
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
CreateFileW
SetFilePointer
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
CreateFileMappingA
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
ExitProcess
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetOEMCP
FreeEnvironmentStringsA
Sleep
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
HeapAlloc
HeapFree
GetStartupInfoA
IsValidCodePage
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
MapViewOfFile
RtlUnwind

user32

GetForegroundWindow
SystemParametersInfoA
WaitForInputIdle
LoadImageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
LoadCursorA
RegisterClassExA
DefWindowProcA
CreateDialogParamA
SetWindowTextA
CharNextA
CreateWindowExA
GetDlgItem
SetWindowLongA
MessageBoxA
LoadBitmapA
LoadStringA
DialogBoxParamA
EndDialog
GetParent
GetDesktopWindow
GetWindowRect
SetWindowPos
PostMessageA
ShowWindow
SendMessageA
DestroyWindow
PostQuitMessage
DdeInitializeA
DdeDisconnect
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
ScreenToClient
GetWindowLongA

gdi32

DeleteObject

advapi32

RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupAccountSidA

shell32

ShellExecuteA

ole32

CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject

oleaut32

SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayDestroy
DispInvoke
SysAllocString
SafeArrayAccessData
LoadRegTypeLi
DispGetIDsOfNames

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flash10c.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

bbcf2461b6afdae4c3c84c0cf582063b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-10-2008 00:00

Not After

10-12-2009 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:15:c6:dd:32:04:e8:e0:14:36:5b:3b:93:a5:c1:e6:7c:9c:f8:30
Signer

Actual PE Digest

49:15:c6:dd:32:04:e8:e0:14:36:5b:3b:93:a5:c1:e6:7c:9c:f8:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer10_Squirt\platform\win32\obj\Flash5AX\Release\Flash.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winmm

waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInGetNumDevs
waveOutGetDevCapsA
waveOutUnprepareHeader
waveOutGetNumDevs
waveOutOpen
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveOutGetPosition
timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetTime
waveOutPrepareHeader
waveOutWrite
waveOutClose
waveOutReset
timeGetDevCaps
waveInGetDevCapsA
timeEndPeriod

wininet

HttpSendRequestA
InternetOpenA
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetCloseHandle

crypt32

CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore
CryptVerifyMessageSignature

rpcrt4

UuidToStringA
RpcStringFreeA

oleaut32

OleCreatePropertyFrame
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocStringLen
SysStringLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SafeArrayDestroy
VarBstrCat
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayLock
SafeArrayCreateVector

kernel32

LocalFree
LocalAlloc
SetFileAttributesA
GetFileAttributesA
CreateMutexA
FreeLibrary
GetModuleFileNameA
MulDiv
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetCurrentThreadId
OutputDebugStringA
SetLastError
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
SetErrorMode
GetTickCount
LCMapStringA
LCMapStringW
CreateProcessA
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
WaitForSingleObject
SetWaitableTimer
CreateThread
CreateWaitableTimerA
GetProcessTimes
GetCurrentProcessId
GlobalSize
GetTempFileNameW
GetSystemInfo
GetSystemDefaultLangID
MoveFileA
DeleteFileA
GetUserDefaultLangID
CreateFileA
ExitThread
WriteFile
SetFilePointer
ReadFile
GetFileSize
LockResource
GetCurrentProcess
FindResourceExW
GetFileAttributesW
SetUnhandledExceptionFilter
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
CreateDirectoryA
CreateFileW
GetCurrentDirectoryA
GetTempFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SetCurrentDirectoryA
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExA
RemoveDirectoryA
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
lstrcpyA
IsDBCSLeadByteEx
VirtualProtectEx
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
VirtualProtect
CreateSemaphoreA
ReleaseSemaphore
IsProcessorFeaturePresent
GetCommandLineA
UnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
IsDebuggerPresent
HeapCreate
FindResourceExA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
FlushInstructionCache
lstrcmpiA
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress
GlobalAlloc
GetLocaleInfoA
GetVersionExA
lstrlenW
lstrlenA
RaiseException
WideCharToMultiByte
GlobalFree
GetCurrentThread
SetThreadAffinityMask
VirtualQuery
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
ResetEvent
CreateEventA
CloseHandle
WaitForMultipleObjects
SetEvent
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
IsValidCodePage
GetOEMCP
RtlUnwind
HeapDestroy
HeapReAlloc
ExitProcess

user32

IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowThreadProcessId
PeekMessageA
WaitForInputIdle
GetForegroundWindow
TranslateMessage
DispatchMessageA
DialogBoxParamW
DialogBoxParamA
RedrawWindow
DialogBoxIndirectParamW
DialogBoxIndirectParamA
EndDialog
GetDesktopWindow
LoadIconA
SendMessageA
GetDlgItem
SetWindowTextA
GetMenuItemCount
InsertMenuItemW
GetClipboardFormatNameA
RegisterClipboardFormatA
GetParent
IsChild
PtInRect
BeginPaint
EndPaint
SystemParametersInfoA
GetMenuItemID
DeleteMenu
InsertMenuItemA
GetMenuItemInfoA
TrackPopupMenu
KillTimer
SetTimer
UpdateWindow
RegisterClassA
GetWindowRect
MapVirtualKeyA
GetKeyState
GetFocus
ReleaseCapture
GetSystemMetrics
EnumDisplaySettingsA
GetCapture
LoadMenuA
GetSubMenu
DestroyMenu
SetCursor
WindowFromPoint
GetCursorPos
ScreenToClient
GetClientRect
MessageBoxA
LoadStringA
SetCapture
IsWindow
DestroyWindow
EnableMenuItem
CheckMenuItem
SetFocus
GetWindowInfo
CopyRect
SendInput
GetKeyboardLayout
FillRect
UnregisterClassA
CreateWindowExA
RegisterClassExA
InvalidateRect
DefWindowProcA
UnionRect
CallWindowProcA
IntersectRect
EqualRect
SetWindowRgn
SetWindowPos
GetDC
LoadCursorA
GetClassInfoExA
ShowWindow
GetWindowLongA
SetWindowLongA
CharNextW
CharNextA
ClientToScreen
GetMonitorInfoA
OffsetRect
SetRect
MonitorFromWindow
GetTopWindow
GetDoubleClickTime
EnumWindows
PostMessageA
IsWindowEnabled
GetWindow
GetClassNameA
GetWindowTextW
GetWindowTextA
ReleaseDC

gdi32

CreateMetaFileA
GetObjectA
CreateDIBSection
DeleteObject
GetDIBits
CreateCompatibleBitmap
SetWindowOrgEx
SelectObject
SelectPalette
RealizePalette
ExtTextOutA
SetBkColor
CreateSolidBrush
StretchBlt
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
SetTextAlign
StartPage
BitBlt
EndPage
SetStretchBltMode
GetStretchBltMode
Rectangle
GetStockObject
StretchDIBits
SetViewportOrgEx
SetPolyFillMode
GetClipBox
GetSystemPaletteEntries
GetObjectType
GetICMProfileA
CreateDCA
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesA
SetBkMode
IntersectClipRect
SelectClipRgn
ExtTextOutW
SetTextColor
GetClipRgn
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
GetBkColor
CreateFontIndirectW
SetWorldTransform
SetGraphicsMode
GetWorldTransform
SetTextCharacterExtra
CreatePen
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
GetTextExtentPoint32A
CreatePalette
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
SaveDC
BeginPath
EndPath
LineTo
MoveToEx
PolyBezierTo
SelectClipPath
RestoreDC
GdiFlush
CreateCompatibleDC
DeleteDC
GetPixel
GetDeviceCaps
GetFontData
LPtoDP
EnumFontFamiliesExW
TextOutA

comdlg32

CommDlgExtendedError
GetSaveFileNameA
PrintDlgA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHAppBarMessage

ole32

OleRegGetMiscStatus
CreateDataAdviseHolder
CoCreateInstance
StringFromGUID2
WriteClassStm
OleSaveToStream
OleRegGetUserType
CoInitialize
ReleaseStgMedium
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
OleUninitialize
OleRegEnumVerbs
CreateOleAdviseHolder
CoTaskMemRealloc
CoTaskMemFree
ReadClassStm
CoTaskMemAlloc
OleSetClipboard
OleInitialize
CoRegisterMessageFilter
CoInitializeEx
CreateBindCtx
CoUninitialize

shlwapi

SHDeleteKeyA

urlmon

HlinkSimpleNavigateToMoniker
RegisterBindStatusCallback
CreateURLMoniker
CopyStgMedium

mscms

DeleteColorTransform
CloseColorProfile
CreateColorTransformW
OpenColorProfileA
TranslateBitmapBits

ws2_32

getservbyname
htons
gethostbyaddr
getservbyport
WSASetLastError
setsockopt
ioctlsocket
connect
recvfrom
sendto
WSAAddressToStringA
gethostname
select
ntohl
htonl
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACleanup
closesocket
WSAGetLastError
WSAIoctl
WSAAsyncSelect
socket
WSASocketA
WSAStartup
recv
send
bind
ntohs
getsockname
inet_addr
gethostbyname
inet_ntoa

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 962KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashUtil10c.exe
.exe windows:5 windows x86 arch:x86

c8a9f0aa8ca1ec9669a57e97c635955d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-10-2008 00:00

Not After

10-12-2009 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:2c:83:f5:cf:37:b1:9c:ce:bc:46:10:8c:af:fe:aa:3b:00:b3:78
Signer

Actual PE Digest

57:2c:83:f5:cf:37:b1:9c:ce:bc:46:10:8c:af:fe:aa:3b:00:b3:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

crypt32

CertVerifySubjectCertificateContext
CryptGetMessageCertificates
CertCloseStore
CertFreeCertificateContext
CryptVerifyMessageSignature
CertFindCertificateInStore
CertCreateCertificateContext

shlwapi

SHDeleteKeyA

kernel32

GetCPInfo
IsDebuggerPresent
GetLastError
CreateMutexA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetTempPathA
WriteFile
FormatMessageA
_lclose
_lread
OpenFile
GetSystemDirectoryA
SetThreadLocale
GetSystemDefaultLangID
LocalFree
LocalAlloc
GetCurrentProcess
CreateThread
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
GetTickCount
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetACP
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
CreateFileW
SetFilePointer
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
CreateFileMappingA
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
ExitProcess
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetOEMCP
FreeEnvironmentStringsA
Sleep
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
HeapAlloc
HeapFree
GetStartupInfoA
IsValidCodePage
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
MapViewOfFile
RtlUnwind

user32

GetForegroundWindow
SystemParametersInfoA
WaitForInputIdle
LoadImageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
LoadCursorA
RegisterClassExA
DefWindowProcA
CreateDialogParamA
SetWindowTextA
CharNextA
CreateWindowExA
GetDlgItem
SetWindowLongA
MessageBoxA
LoadBitmapA
LoadStringA
DialogBoxParamA
EndDialog
GetParent
GetDesktopWindow
GetWindowRect
SetWindowPos
PostMessageA
ShowWindow
SendMessageA
DestroyWindow
PostQuitMessage
DdeInitializeA
DdeDisconnect
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
ScreenToClient
GetWindowLongA

gdi32

DeleteObject

advapi32

RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupAccountSidA

shell32

ShellExecuteA

ole32

CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject

oleaut32

SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayDestroy
DispInvoke
SysAllocString
SafeArrayAccessData
LoadRegTypeLi
DispGetIDsOfNames

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall_activeX.exe.nsis
vivitar/startup/js/FlashReplace.js
.js
vivitar/startup/js/flash_detection.js
.js
vivitar/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2007 00:23

Not After

23-02-2009 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-06-2007 23:54

Not After

13-06-2012 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-06-2007 23:54

Not After

13-06-2012 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:b8:2d:0b:41:de:b8:14:82:b2:6d:80:ac:85:6a:a4:1c:9b:ef:50
Signer

Actual PE Digest

3e:b8:2d:0b:41:de:b8:14:82:b2:6d:80:ac:85:6a:a4:1c:9b:ef:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.7MB

UPX1 Size: 584KB - Virtual size: 584KB

.rsrc Size: 292KB - Virtual size: 296KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 454KB - Virtual size: 454KB

.data Size: 40KB - Virtual size: 190KB

.rsrc Size: 292KB - Virtual size: 292KB

.reloc Size: 152KB - Virtual size: 151KB

1dbfc918943718a4e181fe6372495941

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

35:9d:55:e2:d5:26:85:8d:fc:f4:e4:71:27:ed:c8:37Certificate

Extended Key Usages

Key Usages

52:62:cd:9f:ed:0d:e6:6f:78:94:24:10:ad:51:a9:fc:f8:9d:6e:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 4KB

8f26fcd857d64db1a0ee4f8bdb240223

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2dCertificate

Extended Key Usages

Key Usages

e2:0c:64:56:a1:e3:49:15:c6:82:ee:6c:0a:f6:05:19:35:92:eb:f3Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 114KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 43KB - Virtual size: 43KB

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

Imports

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 584KB - Virtual size: 584KB

.rsrc
Size: 292KB - Virtual size: 296KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 454KB - Virtual size: 454KB

.data
Size: 40KB - Virtual size: 190KB

.rsrc
Size: 292KB - Virtual size: 292KB

.reloc
Size: 152KB - Virtual size: 151KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

35:9d:55:e2:d5:26:85:8d:fc:f4:e4:71:27:ed:c8:37
Certificate

52:62:cd:9f:ed:0d:e6:6f:78:94:24:10:ad:51:a9:fc:f8:9d:6e:ee
Signer

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

e2:0c:64:56:a1:e3:49:15:c6:82:ee:6c:0a:f6:05:19:35:92:eb:f3
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 114KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 43KB - Virtual size: 43KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 432B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 1024B - Virtual size: 573B

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 512B - Virtual size: 45B

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 466B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 362B